Skip to main content
MumRated! logoMumRated!
Sign inJoin MumRated

⚠️ Draft, Pending Nigerian commercial lawyer review (NDPR priority)

This document is a working draft. NDPR / NDPA compliance review by qualified Nigerian legal counsel is required before public launch. This version is published for transparency during soft-launch only.

Privacy Policy

Effective date: [DATE, to be confirmed by counsel] · Last updated: May 2025

1. Who this policy applies to

This policy applies to all users of mumrated.com, mums who write reviews, visitors who read reviews, and businesses who claim listings. It is published to meet our obligations under the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act 2023 (NDPA).

2. What information we collect

When you create an account:

  • Email address (required)
  • Display name (optional, chosen by you)
  • Profile photo (optional, Cloudinary-hosted)
  • City and country (optional)
  • Child’s age band, e.g. “Toddler”, not exact date of birth (optional)
  • If you sign in with Google: your name and profile photo from Google

When you write a review:

  • Review text and star rating
  • Optional structured answers (e.g. “Would you buy again?”)
  • Optional photos (uploaded to Cloudinary)
  • The date and time of submission (stored automatically)

Automatically collected:

  • Standard web server logs (IP address, browser type, pages visited)
  • Error traces via Sentry (may include device info and page state at time of error)
  • Session cookies set by Auth.js for authentication

3. How we use your information

  • To provide the service: Display your reviews, maintain your account, enable login.
  • To moderate content: Detect spam, fake reviews, and content that breaks our rules.
  • To contact you: Email you if there is a problem with your review or your account.
  • To fix errors: Sentry error reports help us identify and fix bugs.
  • To comply with law: We will disclose information if required by a valid Nigerian court order.

We do not use your data for advertising. We do not sell your data. We do not share your data with third parties for marketing purposes. [COUNSEL: confirm lawful basis under NDPR for each processing activity above.]

4. Who we share data with

We use the following service providers to operate MumRated!. Each is a data processor acting on our instructions:

Supabase (PostgreSQL database): Hosted on AWS us-east-1 (USA). Stores all account and review data. [COUNSEL: cross-border transfer safeguards required.]
Vercel (web hosting): Hosted on AWS / Cloudflare Edge globally. Serves the website. [COUNSEL: confirm adequacy or appropriate safeguards.]
Cloudinary (image hosting): USA-based. Stores uploaded photos and profile images.
Sentry (error tracking): USA-based. May receive page URLs, device info, and error context when a user encounters a bug. Data is anonymised where possible.
Resend (transactional email): USA-based. Sends account emails (magic links, review confirmations).
Google (OAuth): Sign-in with Google shares your Google profile with us on first login.

5. Your rights

Under the NDPR and NDPA, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Delete your account and associated data
  • Object to certain processing activities
  • Portability, request your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, email privacy@mumrated.com. We will respond within 30 days (as required by NDPR Article 2.6).

6. Data retention

[COUNSEL: Insert data retention schedule. Provisional draft below, requires legal review.]

  • Account data: retained while account is active + 2 years after deletion request
  • Reviews: retained for 5 years or until deletion request
  • Server logs: 90 days
  • Sentry error data: 90 days (Sentry default)

7. Cookies

We use session cookies for authentication (required for login to work). Sentry may set cookies for session replay. We do not use advertising cookies. [COUNSEL: cookie consent banner may be required under NDPR.]

8. Contact

For privacy questions or to exercise your rights: privacy@mumrated.com

[COUNSEL: Add Data Protection Officer contact and NITDA registration number if applicable.]

NDPR / NDPA legal review by Nigerian counsel is a hard requirement before public launch. See also: Trust & Transparency, Terms of Use.