LEGAL · PRIVACY · DATA PROTECTION

Privacy Policy

Your privacy matters to us. This policy explains how HenovaFresh Ltd collects, uses, and protects your personal information when you use our platform.

Last updated: April 2025
01

Introduction

HenovaFresh Ltd ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our website, mobile application, and smart vending machine platform (collectively, the "Services").

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our Services. We encourage you to read this policy carefully.

02

Information We Collect

We may collect the following categories of information when you use our Services:

Personal Information
Name, email address, phone number, and account credentials provided during registration or waitlist sign-up.
Transaction Data
Order history, payment method type, and purchase amounts. We do not store full card numbers — payment processing is handled securely by our PCI-DSS compliant providers.
Usage Data
Information about how you interact with our website and app, including pages visited, session duration, device type, browser, and IP address.
Location Data
Approximate location used to identify nearby HenovaFresh machines. Location access is requested through the browser and collected only with your explicit consent.
03

How We Use Your Data

We use the information we collect to operate, improve, and personalise our Services:

Process and fulfil your smoothie orders
Create and manage your account
Send order confirmations and receipts
Improve our platform and machine performance
Send waitlist updates and launch notifications
Respond to customer support enquiries
Analyse usage patterns and service analytics
Comply with legal and regulatory obligations
Detect and prevent fraudulent activity
Send marketing communications (with your consent)
04

Data Sharing

We do not sell your personal data to any third party. We may share your information only in the following limited circumstances:

Payment Processors
Transaction data is shared with Paystack (Nigeria) and Stripe (UK) solely to process your payments. Both providers are PCI-DSS certified and maintain strict data security standards.
Service Providers
We work with trusted third-party providers for email delivery, analytics, cloud hosting, and platform infrastructure. All providers are bound by confidentiality agreements and may only use your data to provide services on our behalf.
Legal Compliance
We may disclose your data when required by applicable law, court order, or regulatory authority. We will disclose only the minimum information legally required and will inform you where permitted.
Business Transfers
In the event of a merger, acquisition, or sale of business assets, your data may be transferred as part of that transaction. You will be notified via email and given the opportunity to opt out before your data is transferred or becomes subject to a different privacy policy.
05

Data Security

We implement industry-standard security measures to protect your personal data from unauthorised access, disclosure, alteration, or loss:

SSL/TLS encryption for all data in transit
Encrypted storage for sensitive data at rest
Role-based access controls for all staff
Regular security audits and monitoring
PCI-DSS compliant payment processing
Two-factor authentication for admin accounts

While we take every reasonable step to protect your data, no method of transmission over the internet is entirely secure. We encourage you to use a strong, unique password and to keep your account credentials private.

06

Cookies & Tracking

We use cookies and similar tracking technologies to improve your browsing experience, analyse site traffic, and personalise content. You can manage your preferences via our cookie consent banner or your browser settings.

Essential Cookies
Required for the website to function — session management, authentication, and security tokens. These cannot be disabled as they are necessary for core functionality.
Analytics Cookies
Help us understand how visitors navigate our site so we can improve performance, content, and user experience. All data is aggregated and anonymised.
Preference Cookies
Remember your settings between sessions — such as your currency selection — to provide a more personalised experience.
07

Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any right, contact us at info@henovafresh.com. We will respond within 30 days.

Access

Request a copy of the personal data we hold about you.

Rectification

Request correction of any inaccurate or incomplete personal data.

Erasure

Request deletion of your personal data, subject to applicable legal requirements.

Portability

Receive your data in a structured, machine-readable format for transfer.

Restriction

Request we limit how we process your data in certain circumstances.

Objection

Object to processing based on legitimate interests or for direct marketing.

08

Data Retention

We retain your personal data for as long as is necessary to fulfil the purposes set out in this policy, unless a longer retention period is required or permitted by law.

Account data is retained while your account is active and for a reasonable period thereafter. Upon account deletion, we will remove your personal data within 30 days, except where retention is required for legal or regulatory compliance — for example, financial transaction records retained for 7 years under applicable UK and Nigerian tax laws.

09

Third-Party Services

Our Services may contain links to, or integrate with, third-party websites and services — including Google Maps (for machine locations), Paystack (Nigerian payments), and Stripe (UK payments). We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party service before providing personal information. Their policies govern your data on their platforms, not this policy.

10

Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data without appropriate consent, please contact us immediately at info@henovafresh.com and we will take prompt steps to delete that information from our records.

11

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you via email or a prominent notice on our website before the change takes effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Your continued use of our Services after any update constitutes your acceptance of the revised policy.

12

Contact Us

For any questions, requests, or concerns related to this Privacy Policy or your personal data, please contact us through any of our offices below:

🇬🇧 United Kingdom
43 Admiral House, Rivergate
Peterborough, UK
🇳🇬 Nigeria
13 Soji Adepegba Close
Off Allen Avenue, Ikeja, Lagos
WE'RE HERE TO HELP

Questions About Your Privacy?

Our team is happy to help. Reach out and we'll respond within 48 hours.

Contact Us Terms of Service