Scenthut

Privacy Policy

Last updated: 2026-04-27

Scenthut Limited ("Scenthut", "we", "our") operates scenthutng.com. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the choices you have. We comply with the Nigeria Data Protection Act (NDPA) 2023 and the regulations of the Nigeria Data Protection Commission (NDPC).

1. Data we collect

  • Account data: name, email, phone number, password (stored only as a salted hash).
  • Order data: shipping address, items purchased, payment metadata (we do not store full card numbers — Paystack handles payment information directly).
  • Behaviour: pages viewed, items added to cart, scent quiz answers, when you opened our emails (via PostHog and Plausible).
  • Marketing consent: whether you opted in to email and WhatsApp marketing.

2. Why we use it

  • To process and deliver your orders, including communicating about them.
  • To personalise the storefront (saved scent profile, recently viewed items, recommendations).
  • To send transactional emails and WhatsApp messages — these are required for order fulfilment and cannot be opted out of as long as you have an active order.
  • To send marketing email/WhatsApp only if you have opted in.
  • To detect and prevent fraud, secure the platform, and comply with legal obligations.

3. Who we share data with

We share data only with vetted processors that help us operate:

  • Paystack (payment processing)
  • Cloudinary (image hosting)
  • Resend (email delivery)
  • Termii (WhatsApp delivery)
  • Algolia (product search index)
  • Sentry (error tracking)
  • Vercel + Railway (web hosting + database hosting)

We do not sell or rent your personal data to third parties. We share order details with the dispatch rider only as needed for delivery.

4. Your rights under NDPA

  • Access: request a complete copy of your data — download from your account dashboard or email privacy@scenthutng.com.
  • Correction: update inaccurate data via your account settings.
  • Deletion: request deletion of your account by emailing privacy@scenthutng.com. We retain order records for 7 years for tax compliance.
  • Objection: object to marketing at any time using the unsubscribe link in any marketing email or by replying STOP to any WhatsApp marketing message.
  • Portability: receive your data in a structured, machine-readable JSON file.
  • Complaint: if we fail to address your concerns, you can lodge a complaint with the NDPC.

5. Retention

  • Order records: 7 years (Federal Inland Revenue Service requirement)
  • Notification logs: 90 days
  • Abandoned/inactive carts: 30 days
  • Quiz results: 2 years (or until you delete your account)

6. Cookies

We use essential cookies for authentication and cart persistence. Analytics and advertising cookies (Meta, TikTok, PostHog) only load after you accept them via the consent banner. See our Cookie Policy for the full list.

7. Security

Passwords are salted and hashed. Sessions are HttpOnly + Secure cookies. Admin accounts require TOTP 2FA. We test for OWASP Top 10 risks before each release. If we ever experience a data breach affecting your information, we will notify you and the NDPC within 72 hours as required by law.

8. Contact

Questions or rights requests: privacy@scenthutng.com.