Privacy Policy

1. Information We Collect

We collect the following categories of information:

• Account information — name, business name, email address, phone number, and login credentials you provide when registering.
• Business and transaction data — products, inventory, sales, expenses, bookings, and other operational data you create or upload while using the Services.
• Customer data you upload — information about your own customers that you choose to store on the platform, for which you are responsible as described below.
• Payment information — billing details processed through our third-party payment providers; we do not store full card numbers ourselves.
• Usage and device data — log data, device and browser information, and analytics about how you interact with the Services.
• Communications — messages, support requests, and feedback you send to us.

2. How We Use Information

We use personal data to:

• Provide, operate, maintain, and improve the Services.
• Process subscriptions, payments, and transactions.
• Generate business insights and analytics for your account.
• Provide customer support and respond to your requests.
• Protect the security and integrity of the Services and prevent fraud or abuse.
• Comply with legal and regulatory obligations.
• Send you service-related and, where permitted, promotional communications.

3. Legal Basis for Processing

We process personal data on lawful bases recognised under the Data Protection Act, 2012 (Act 843), including your consent, the performance of a contract with you, compliance with legal obligations, and our legitimate interests in operating and improving the Services.

4. How We Share Information

We do not sell your personal data. We may share information in the following circumstances:

• Service providers — trusted vendors who process data on our behalf, such as payment processors, hosting providers, and communication services, under appropriate confidentiality and data-protection obligations.
• Third-party integrations you enable — for example, calendar or payment integrations that you connect to your account.
• Legal and regulatory requirements — where disclosure is required by law, regulation, legal process, or governmental request.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
• With your consent — where you have directed or permitted us to share the information.

5. Data You Process as a Business User

When you use Spayces to manage information about your own customers, you act as the controller of that personal data and Spayces acts as a processor on your behalf. You are responsible for collecting and processing such data lawfully, including providing any required notices and obtaining any required consents.

You agree to implement appropriate technical and organisational measures to protect personal data, to comply with the Data Protection Act, 2012 (Act 843), and to promptly notify us of any data breach affecting personal data processed through the Services.

6. International Data Transfers

Personal data obtained in connection with the Services is not transferred outside Ghana except in compliance with the requirements of the Data Protection Act, 2012 (Act 843) and, where required, with appropriate consent and safeguards.

7. Data Retention

We retain personal data for as long as your account is active and as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Following account termination, data may be deleted after a reasonable period.

8. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Subject to applicable law, you may have the right to access, correct, update, or request deletion of your personal data, to object to or restrict certain processing, and to withdraw consent where processing is based on consent.

To exercise these rights, please contact us using the details in the Contact section below or email business@spayces.co.

10. Cookies and Tracking

We and our service providers may use cookies and similar technologies to operate the Services, remember your preferences, and understand usage. You can control cookies through your browser settings, although disabling them may affect functionality.

11. Third-Party Services

The Services may link to or integrate with third-party services, such as payment processors and calendar providers. Their handling of your data is governed by their own privacy policies, and we are not responsible for their practices.

12. Children's Privacy

The Services are intended for users who are at least 18 years old. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us so we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updated versions will be posted with a revised effective date. Continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

14. Contact Us

For questions or concerns regarding this Privacy Policy or our data practices, please contact: