PRIVACY POLICY

Effective date: 30 April 2026

NH Garments Limited ("we", "our", or "us") operates the Cinnamon Basics website (https://cinnamonbasics.com) and the Cinnamon Basics mobile application (the "App"). This policy explains what personal information we collect, why we collect it, how we use and share it, and the choices you have.

By using our website or App, you agree to the collection and use of information in accordance with this policy.

1. Information we collect

1.1 Information you give us

  • Account details — when you register, we collect your name, email address, phone number, and password (stored as a one-way salted hash).
  • Order details — when you place an order, we collect your shipping address, contact phone number and/or email, the items you purchase, and order metadata (date, status, totals).
  • Support enquiries — when you contact us through the in-app Support form, we collect your name, contact details, and the message you send.

1.2 Information collected automatically

  • Device tokens — to deliver order and promotional notifications, we register a Firebase Cloud Messaging (FCM) device token tied to your account. We do not use this token for advertising.
  • Diagnostic data — when an error occurs in the App we may log the error context (stack trace, app version, device model, OS version) to help us fix bugs. We do not log personal content from your account in error reports.
  • Guest cart token — for guests who shop without registering, we issue a random session identifier (UUID) so we can remember your cart between requests. This token is not linked to any personal identifier until you check out.

1.3 Payment information

We do not store your payment card or mobile-money details. Payments are processed by Paystack, which is a PCI-DSS Level 1 compliant payment provider. When you pay, your card or mobile-money details go directly to Paystack — they never pass through our servers.

We retain only the payment reference, payment method type (card / mobile money), the transaction amount, and the result (successful / failed / pending) for accounting and order reconciliation.

1.4 Information we do NOT collect

  • We do not collect biometric data. The App's optional biometric sign-in uses your device's local fingerprint or face authentication — the biometric data never leaves your phone.
  • We do not collect your precise location.
  • We do not collect your contacts, photos, calendar, or microphone audio.

2. How we use your information

  • Provide the service — process your orders, deliver your items, send you order updates, and provide customer support.
  • Improve the service — diagnose issues, prevent fraud, and develop new features. We aggregate usage analytics in a way that does not identify individuals where possible.
  • Communicate with you — send transactional notifications (order confirmations, shipping updates, password resets). We will only send you marketing communications if you have explicitly opted in, and you can opt out at any time.
  • Comply with legal obligations — including tax reporting, consumer protection rules, and lawful requests from public authorities.

3. How we share your information

We share information only with the parties below, and only to the extent necessary:

  • Payment processor (Paystack) — to process the payment for your order. We share your name, email or phone, the order amount, and a transaction reference.
  • Delivery partners — to deliver your order, we share your name, delivery address, and contact phone with the courier.
  • Cloud infrastructure providers — our application servers and databases are hosted on our cloud infrastructure provider. They process data on our behalf under contractual obligations.
  • Firebase (Google) — to deliver push notifications and (where enabled) crash analytics. Subject to Google's privacy policy.
  • Email/SMS providers — to deliver transactional messages.
  • Authorities — when required by law, court order, or to protect our rights and the safety of our users.

We do not sell your personal information to third parties for advertising or any other purpose.

4. Data retention

  • Account data — retained while your account is active. You can delete your account at any time from the Profile screen ("Delete Account") — this permanently removes your profile, addresses, and favourites within 30 days.
  • Order records — retained for 7 years for tax and legal compliance, even after account deletion. Orders are then anonymised (your name, email and phone are removed) but the transaction record is kept.
  • Support enquiries — retained for 2 years.
  • Guest cart sessions — abandoned guest carts are deleted after 30 days of inactivity.
  • Diagnostic logs — retained for 90 days, then deleted.

5. Your rights

You have the right to:

  • Access the personal information we hold about you.
  • Correct any information that is inaccurate or incomplete.
  • Delete your account and personal information (subject to the retention exceptions in §4).
  • Withdraw consent for marketing communications at any time.
  • Object to processing for direct marketing or other purposes where we rely on legitimate interest.
  • Portability — request a machine-readable export of the personal information you have provided.

To exercise any of these rights, contact us at marketing@nhgarments.com or use the in-app Support form. We will respond within 30 days.

6. Children's privacy

Our services are not directed to children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it.

7. International transfers

Some of our service providers (including Paystack, Firebase, and our hosting provider) may process data outside Ghana. Where this happens we ensure that appropriate safeguards are in place (such as standard contractual clauses) so your data continues to be protected.

8. Security

We protect your information using:

  • TLS encryption for all data in transit.
  • Industry-standard hashing for passwords (bcrypt, salted).
  • Access controls and authentication requirements for our staff.
  • Routine security review of our infrastructure and application code.

No system is completely secure. If we detect a personal data breach that puts your rights at risk, we will notify you and the relevant authorities without undue delay.

9. Cookies and similar technologies

The Cinnamon Basics website uses cookies for session management, analytics, and remembering your preferences. The mobile App does not use cookies but stores small amounts of data locally (your session token, guest cart token, biometric preference, and saved favourites) using your device's secure storage.

10. Changes to this policy

We may update this policy from time to time. The "Effective date" at the top will reflect the most recent change. For material changes we will notify you in the App or by email before the change takes effect.

11. Contact us

If you have questions about this policy or how your information is handled:

  • Email: marketing@nhgarments.com
  • Phone: +233 59 569 5222
  • Address: NH Garments Limited, Agbawe Avenue 113, Adenta, Accra, Ghana.

You may also contact Ghana's Data Protection Commission (https://www.dataprotection.org.gh) if you believe your data protection rights have been violated.