Legal

Privacy Policy

Last updated: March 2026 · Applies to all TreatPass services and territories

TreatPass is committed to protecting your privacy. This policy applies to all users of mytreatpass.com and TreatPass services wherever you are located — including Nigeria, Kenya, Ghana, South Africa, and the United Kingdom.

1. Who We Are

We are an experience gifting platform operating across Africa and serving buyers in the UK and diaspora communities globally. Data controller: TreatPass (mytreatpass.com) Contact: hello@mytreatpass.com

2. What Data We Collect

2.1 Information you give us directly — Your name, email address, and phone number when you place an order or contact us — The recipient's name, email address, or WhatsApp number when you purchase a gift — Payment details (processed by our payment providers — we do not store full card numbers) — Any message or note you include with a gift card — Corporate billing details for bulk orders 2.2 Information collected automatically — Your IP address, browser type, device type, and operating system — Pages visited, time spent, links clicked, and referring URL — Country and general location (derived from IP address) — Cookie identifiers (see Section 7) 2.3 Information from third parties — Payment confirmation and fraud signals from our payment processors — Analytics data from Google Analytics

3. How We Use Your Data

We use your personal data to: — Process your gift card purchase and deliver the digital voucher — Send your gift card to the specified recipient by email or WhatsApp — Issue invoices and process refunds where applicable — Respond to your customer service enquiries — Send transactional notifications (order confirmation, delivery confirmation) — Improve our website, products, and services through analytics — Detect and prevent fraud and misuse of our platform — Comply with applicable laws and regulations — Send you marketing messages about TreatPass offers and new services, where you have opted in We do not use your data for automated decision-making or profiling in ways that produce legal or significant effects.

4. Legal Basis for Processing

For users in the UK and European Economic Area, we process your data on the following legal bases: — Contract performance: to deliver services you have purchased — Legitimate interests: fraud prevention, security, product improvement, and marketing analytics — Consent: for optional marketing communications and non-essential cookies — Legal obligation: where required by law (e.g. tax records, anti-money laundering) For users in Nigeria, processing complies with the Nigeria Data Protection Act 2023 (NDPA) and its Regulations. You have the rights described in Section 8. For users in Kenya, processing complies with the Data Protection Act 2019. You may contact the Office of the Data Protection Commissioner with complaints. For users in Ghana, processing complies with the Data Protection Act 2012 (Act 843). You may contact the Data Protection Commission with complaints. For users in South Africa, processing complies with the Protection of Personal Information Act 4 of 2013 (POPIA). You may contact the Information Regulator with complaints.

5. How We Share Your Data

We do not sell your personal data. We share it only as follows: With partner venues: When you redeem a gift card, we share your booking details (name and contact) with the venue to facilitate the experience. With payment processors: Your payment details are processed by licensed payment service providers (which may include Flutterwave, Paystack, Stripe, or others depending on your territory). They process data under their own privacy policies. With service providers: We use third-party tools for email delivery, analytics, and customer support (e.g. Google Analytics, WhatsApp Business API). These providers process data only on our behalf and under contract. With legal authorities: Where required by law, court order, or to protect TreatPass and its users from fraud or harm. In a business transfer: If TreatPass is acquired or merged, your data may be transferred as part of that process. We will notify you of any change of data controller.

6. Data Retention

We retain your personal data for as long as necessary to: — Maintain your order history and provide customer support (minimum 2 years from last purchase) — Comply with legal obligations including tax and financial records (typically 7 years) — Defend against legal claims When data is no longer needed, it is securely deleted or anonymised. You may request deletion of your data at any time (see Section 8) subject to legal retention requirements.

7. Cookies

We use the following categories of cookies: Essential cookies: Required for the website to function. Cannot be disabled. Analytics cookies: We use Google Analytics to understand how users interact with our site. This data is anonymised. You may opt out via cookie settings or Google's opt-out tool. Marketing cookies: If you accept, these help us understand which of our ads led to purchases. You can manage your preferences in your browser or via our cookie banner. We do not use tracking cookies to build profiles for third-party advertising purposes.

8. Your Rights

Depending on where you are located, you have the following rights regarding your personal data: — Access: Request a copy of the data we hold about you — Correction: Ask us to correct inaccurate or incomplete data — Deletion: Ask us to delete your data (subject to legal retention requirements) — Portability: Receive your data in a structured, machine-readable format — Restriction: Ask us to restrict how we use your data in certain circumstances — Objection: Object to processing based on legitimate interests, including marketing — Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing To exercise any of these rights, contact us at hello@mytreatpass.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. International Transfers

TreatPass operates across multiple countries. Your data may be processed in the UK, Nigeria, Kenya, Ghana, South Africa, or wherever our service providers are based. Where we transfer data from the UK or EEA to countries without an adequacy decision, we use standard contractual clauses approved by the UK ICO or European Commission. Where data is transferred between African countries, we comply with the applicable bilateral or regional data sharing frameworks.

10. Children's Privacy

TreatPass services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@mytreatpass.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our website. The date at the top of this page reflects the most recent update. Continued use of TreatPass after changes take effect constitutes acceptance.

12. Contact and Complaints

For all privacy matters: Email: hello@mytreatpass.com Instagram: @treatpass UK users may also contact the Information Commissioner's Office (ICO): ico.org.uk Nigeria users may contact the Nigeria Data Protection Commission: ndpc.gov.ng Kenya users may contact the Office of the Data Protection Commissioner: odpc.go.ke Ghana users may contact the Data Protection Commission: dataprotection.org.gh South Africa users may contact the Information Regulator: inforegulator.org.za