← Back to Home

Privacy Policy

Last updated: March 7, 2026

WoleMusic ("we", "us", or "our") operates the WoleMusic mobile application and website (wolemusic.cfd). This Privacy Policy describes how we collect, use, and share information when you use our services.

1. Information We Collect

Information you provide:

• Delivery information (name, phone number, address) when placing orders
• Payment information processed securely through Paystack
• Messages sent to our AI shopping assistant

Information collected automatically:

• Device identifier (anonymous, randomly generated)
• Device type and operating system
• App usage data (pages viewed, products browsed)
• IP address and approximate location

2. How We Use Your Information

• Process and deliver your orders
• Provide customer support via AI chat
• Send order status updates
• Improve our products and services
• Prevent fraud and ensure security
• Comply with legal obligations

3. Information Sharing

We do not sell your personal information. We share your data only with:

• Paystack: For processing payments securely
• Delivery partners: To deliver your orders
• OpenAI: Chat messages are processed by AI for assistance (anonymized)
• Law enforcement: When required by law

4. Data Security

We implement industry-standard security measures including:

• SSL/TLS encryption for all data in transit
• Secure payment processing via Paystack (PCI DSS compliant)
• Encrypted storage of sensitive data
• Regular security audits
• Rate limiting and throttling to prevent abuse

5. Order Management & Security

Our order management system is built with security as a core principle:

• UUID-Based Order IDs: All orders use universally unique identifiers (UUIDs) — 128-bit random values that are cryptographically secure. Unlike sequential numeric IDs, UUIDs cannot be guessed, enumerated, or predicted. There are over 340 undecillion (3.4×10³⁸) possible UUIDs, making brute-force guessing practically impossible.
• Device-Scoped Access: Orders are strictly scoped to the originating device. Each customer can only view and manage their own orders, verified through a unique device identifier. No cross-device or cross-user access is possible.
• No Sequential Exposure: Our system does not use auto-incrementing integers for any customer-facing identifiers. This eliminates Insecure Direct Object Reference (IDOR) vulnerabilities entirely.
• Order Number Format: Customer-facing order numbers (WM-XXXXXX) are randomly generated 6-digit codes, not linked to any internal sequence. These are used only for tracking convenience and cannot be used to access other customers' data.
• Database Protection: Our database is not publicly accessible. All data access goes through authenticated API endpoints with proper authorization checks. Direct database access is restricted to authorized administrators only.
• Payment Security: Payment processing is handled entirely by Paystack, a PCI-DSS Level 1 compliant payment processor. We never store credit card numbers, CVVs, or sensitive payment details on our servers. Payment references are tokenized.
• API Authentication: All API endpoints that access order data require proper device verification. Unauthorized requests are rejected with appropriate HTTP error codes.

6. Data Retention

We retain your information for as long as necessary to provide our services and fulfill legal obligations. Order data is retained for 5 years for warranty and legal compliance. You can request deletion of your data by contacting us.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent for data processing
• File a complaint with the Nigeria Data Protection Bureau (NDPB)

8. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children.

9. Third-Party Links

Our app may contain links to third-party websites. We are not responsible for their privacy practices.

10. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes through the app or website.

11. Contact Us

For privacy inquiries:

• Email: legal@wolemusic.cfd
• Website: wolemusic.cfd/contact

12. Nigeria Data Protection Compliance

We comply with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR). Your data is processed in accordance with these regulations.