Legal
Privacy Policy
What Dolinq collects, why we collect it, who we share it with, and the control you have over it.
Last updated: 13 July 2026
1. Who we are
Dolinq is a customer commerce platform. Merchants use Dolinq to publish a business page, sell digital products and subscriptions, collect payments, keep customer records, deliver files and send automated messages.
This policy explains what we do with personal data. Where a merchant sells to a customer through Dolinq, the merchant is the controller of that customer’s data and Dolinq acts as a processor on the merchant’s behalf. For a merchant’s own account data, Dolinq is the controller.
2. Data we collect
From merchants, when you create and run a business on Dolinq:
- Account data: name, email address, phone number, password hash and business details such as your slug, logo and description.
- Product and catalogue data: products, prices, subscription plans and any files you upload for delivery.
- Usage data: log-ins, actions taken in the dashboard, and technical data such as IP address, browser and device type.
From customers, when someone buys through a merchant’s business page:
- Contact data: name, phone number and email address supplied at checkout.
- Order data: what was purchased, the amount, the payment reference and the status of the order or subscription.
- Delivery and messaging data: the access links issued to the customer and the automated messages sent to them.
We do not collect or store full card numbers, CVVs or bank credentials. Card and bank details are entered directly with our payment provider and never reach Dolinq’s servers.
3. How we use data
- To operate the service: create accounts, host business pages, process checkouts, create orders and issue download links.
- To verify payments with our payment provider before access is granted.
- To send transactional messages on a merchant’s behalf: payment confirmations, delivery links, renewal reminders and expiry notices.
- To secure the platform: detect fraud and abuse, bind download links to the phone number that paid, and enforce access expiry.
- To support merchants, respond to enquiries and meet our legal and accounting obligations.
We do not sell personal data, and we do not use customer data to advertise to a merchant’s customers.
4. Legal bases
Where data protection law requires a legal basis, we rely on: performance of a contract (to provide the service you or the merchant asked for); legitimate interests (to secure, maintain and improve the platform); consent (where you have given it, for example to optional marketing); and legal obligation (for tax, accounting and compliance records).
5. Service providers we share data with
Dolinq uses a small number of processors, each for a specific purpose:
- Paystack — payment collection and verification. Card and bank details are handled by Paystack, not Dolinq.
- Evolution API — delivery of WhatsApp messages to customers.
- Brevo — transactional email, such as account and receipt emails.
- Cloudflare R2 — storage of files, logos and the digital products merchants upload.
- Vercel — hosting of the application and its infrastructure logs.
- Our database and queue providers — storage of business, customer, order and job data.
We share only what a provider needs to perform its function. We may also disclose data where we are legally required to, or to establish, exercise or defend legal claims.
6. Retention
We keep account, business, customer and order data for as long as the merchant’s account is active, and afterwards for as long as we need it to meet legal, tax and accounting obligations or to resolve disputes.
Download links are short-lived by design: they are signed, they expire, and they are bound to the phone number that paid. Uploaded files are deleted when a merchant deletes the product they belong to.
7. Security
Data is transmitted over TLS. Passwords are stored hashed, never in plain text. Access to production data is restricted to the people who need it to run the service. Download access is granted through signed, expiring, phone-bound links rather than shared public URLs.
No system is perfectly secure. If a breach affects your personal data, we will notify you and the relevant authority where the law requires it.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, port or restrict the use of your personal data, and to object to processing based on legitimate interests. You may also withdraw consent at any time where processing is based on consent.
Merchants can exercise these rights from the dashboard or by contacting us. Customers who bought from a merchant should contact that merchant first, as they control the customer record; if you contact us instead, we will pass the request on to the merchant and assist them in fulfilling it.
9. Cookies
Dolinq sets a session cookie so you stay signed in, and stores your theme preference in your browser. We do not use advertising cookies or third-party tracking cookies. We use privacy-preserving analytics to measure aggregate traffic and performance.
10. Children
Dolinq is not intended for anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
11. Changes to this policy
We may update this policy as the product and the law change. When we make a material change, we will update the date at the top of this page and, where appropriate, notify merchants by email.
12. Contact us
Questions about this policy or about your data can be sent to support@dolinq.com and we will respond within a reasonable time.