1. Data controller

Sikapa Enterprise is the data controller for personal information processed through sikapa.com, our storefront, account area, checkout, and Sikapa mobile app when connected to the same account. Contact us at support@sikapa.com or via Help → Contact.

2. Information we collect

Information you provide

• Account: name, username, optional email, phone (if you add it), and password (stored hashed — we never store plain-text passwords).
• Orders: delivery address, region and city (Ghana shipping), pickup preference, contact name and phone for delivery, order notes, and payment status from Paystack (we do not store full card numbers on our servers).
• Support: messages you send by email, WhatsApp, or in-app help, including order references you include.
• Marketing: email address and preferences if you subscribe to the Sikapa newsletter or product alerts.
• Security: optional two-factor authentication (TOTP) setup data when you enable 2FA on your account.

Information collected automatically

• Session & auth: access and refresh tokens, sign-in timestamps, and “remember me” preference (local or session storage in your browser).
• Cart & browsing: items in your bag, recently viewed products, and wishlist when you are signed in.
• Technical: browser or device type, IP address, and request logs used for security, rate limiting, and troubleshooting.

3. How we use your information

• Create and secure your Sikapa account, including Google sign-in where enabled.
• Process orders in GHS, collect payment through Paystack, and arrange delivery or pickup in Ghana.
• Send order confirmations, shipping updates, and account security notices.
• Operate customer support and handle returns or refunds under our published policies.
• Send marketing emails only when you opt in; every marketing message includes an unsubscribe path.
• Prevent fraud, enforce our Terms of Service, and meet legal or tax record-keeping duties.

4. Newsletter and product alerts

Sikapa may email you about new products, restocks, or price changes only if you subscribe through the footer form, your account settings, or another explicit opt-in. You can unsubscribe from any marketing email or from your account at any time. Order, payment, and security emails are not marketing and cannot be switched off while you have an active order or account that requires them.

5. Legal basis (Ghana)

We process personal data under the Data Protection Act, 2012 (Act 843) and related guidance. Depending on the activity, we rely on: performing our contract with you (orders and accounts); your consent (marketing and optional cookies where applicable); legitimate interests balanced against your rights (security, service improvement, and fraud prevention); and legal obligations (tax, accounting, and lawful requests).

6. Who we share data with

We do not sell personal data. We share it only to run Sikapa:

• Paystack — card and mobile-money payments, refunds, and payment webhooks.
• Delivery partners — name, phone, and address needed to deliver your order.
• Email provider (Resend) — transactional and marketing email delivery when you opt in.
• Hosting & infrastructure — cloud providers that host our API, database, and media (under confidentiality and security terms).
• Authorities — when required by Ghanaian law or to protect Sikapa, customers, or the public.

Some processors may store or route data outside Ghana. We choose providers with appropriate safeguards and limit sharing to what is necessary for each service.

7. How long we keep data

Order and invoice records are kept for the period required for tax and consumer-law purposes. Account data remains while your account is active and for a reasonable period after closure to resolve disputes. Marketing lists are updated when you unsubscribe. Security and audit logs are retained for a limited window unless a longer period is needed for an investigation.

8. Security

Sikapa uses HTTPS for storefront and API traffic, hashed passwords, JWT-based sessions with refresh rotation, optional 2FA, and access controls on admin systems. No online system is perfectly secure — use a strong unique password and keep your devices updated.

9. Your rights

Under Act 843 you may request access, correction, or deletion of personal data we hold about you, object to certain processing, or withdraw consent where processing is consent-based. Email support@sikapa.com with enough detail for us to verify your identity. You may also lodge a complaint with the Data Protection Commission of Ghana if you believe we have handled your data unlawfully.

10. Cookies and local storage

Sikapa uses cookies and browser storage for sign-in, cart, theme preference, session cookies for admin access, and optional analytics where enabled. Essential cookies are required for checkout and account features. Where we use non-essential cookies, we respect your choices through our cookie notice when shown.

11. Children

Sikapa is intended for adults. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, contact us and we will delete the account where appropriate.

12. Changes

We may update this policy as Sikapa’s services evolve. The “Last updated” date at the top will change, and material updates may be announced by email or a notice on the site.

13. Related documents

Use of Sikapa is also governed by our Terms of Service. Store hours and directions: Help → Contact (map).