Privacy Policy

5K Marketplace ("5K", "we", "us") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, how it is stored, and your rights under the Nigeria Data Protection Act 2023 (NDPA 2023). This policy applies to all users of 5K Marketplace — clients, freelancers, and visitors. By using the platform, you acknowledge that you have read and understood this policy.

We collect the following categories of personal data: Account Information • Full name, email address, username, and password (stored as a hashed value — never plain text) • Profile photo, bio, skills, niche tags, and portfolio/social links • Role (client or freelancer) Financial Information • Bank name, account number, and account name (for withdrawal purposes only) • Paystack recipient code (generated by Paystack after account verification) • Wallet balance and transaction history • We do NOT store your card details — all card data is handled exclusively by Paystack Professional Information • Resume (PDF upload, stored securely in cloud storage) • Portfolio links and work samples Activity Data • Job postings, proposals submitted, contracts, messages, and delivery submissions • Notification preferences and read status • Login timestamps and IP addresses (for security and fraud prevention) Communications • Messages sent within contract chat rooms (stored permanently for dispute resolution purposes) • Email notification history

We use your personal data for the following purposes: • To create and manage your account • To facilitate job postings, proposals, contracts, and payments • To send transactional emails (proposal notifications, escrow confirmations, payment receipts) • To send niche-based job alert emails to freelancers whose skills match new job postings • To process withdrawals to your registered bank account via Paystack • To detect, investigate, and prevent fraud, abuse, and policy violations • To enforce our Terms of Service including moderation and dispute resolution • To improve the platform through usage analytics (non-identifiable, aggregated data only) We do NOT use your data for third-party advertising. We do NOT sell your personal data to any third party.

Under the NDPA 2023, we process your personal data on the following legal bases: • Contract performance: Processing necessary to provide the services you have requested (account management, payments, escrow) • Legitimate interests: Fraud prevention, platform security, dispute resolution, and abuse detection • Consent: Email marketing communications, where applicable — you may withdraw consent at any time • Legal obligation: Compliance with Nigerian laws and regulations

We share your data only in the following limited circumstances: Paystack: Your email address and transaction amounts are shared with Paystack to process payments. Bank details are shared with Paystack to create transfer recipients. Paystack is PCI DSS compliant and subject to its own privacy policy. AWS (Amazon Web Services): Profile photos, resumes, and file attachments are stored in AWS S3 cloud storage, subject to AWS's data processing agreements. Admin Users: 5K Marketplace administrators may view user data, contract details, and messages as part of dispute resolution and moderation duties. All admin actions are logged in a secure audit trail. Legal Requirements: We may disclose personal data if required to do so by Nigerian law, court order, or government authority. We do NOT share your data with any marketing companies, data brokers, or unrelated third parties.

We retain your personal data for the following periods: • Active account data: Retained for as long as your account is active • Deleted accounts: Data is soft-deleted immediately and permanently purged after 30 days • Financial records (transactions, escrow history): Retained for 7 years for legal and accounting compliance, even after account deletion • Contract messages: Retained for 3 years after contract completion for dispute resolution purposes • Login and security logs: Retained for 12 months You may request early deletion of your data by contacting us at support@5kmarketplace.org, subject to our legal retention obligations.

As a data subject under Nigerian law, you have the following rights: • Right to access: You may request a copy of all personal data we hold about you • Right to rectification: You may correct inaccurate or incomplete data through your profile settings or by contacting us • Right to erasure: You may request deletion of your account and associated data (subject to retention obligations) • Right to data portability: You may request your data in a structured, machine-readable format • Right to object: You may opt out of non-essential processing such as marketing communications • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing To exercise any of these rights, contact us at support@5kmarketplace.org. We will respond within 30 days.

We implement the following security measures to protect your personal data: • Passwords are hashed using bcrypt with a work factor of 12 — we never store plain-text passwords • All data transmission is encrypted via HTTPS/TLS • JWT access tokens expire after 15 minutes; refresh tokens after 7 days • Account lockout after 5 consecutive failed login attempts (15-minute cooldown) • Paystack webhook events are verified using HMAC-SHA512 signature validation • Financial operations are wrapped in atomic database transactions • All admin actions are logged in an immutable audit trail • Cloud storage (AWS S3) access is restricted via IAM policies No system is 100% secure. If you become aware of a security vulnerability, please report it responsibly to support@5kmarketplace.org.

5K Marketplace uses the following cookies: • Authentication cookies: An httpOnly cookie storing your refresh token. This is essential for keeping you logged in and cannot be disabled without logging out. • Session cookies: Temporary cookies that expire when you close your browser • Analytics cookies: We may use privacy-respecting analytics to understand how the platform is used in aggregate. These do not identify you personally. We do not use advertising cookies or third-party tracking cookies. You may clear cookies at any time through your browser settings, though this will log you out of the platform.

5K Marketplace is not directed at, and does not knowingly collect data from, individuals under the age of 18. If we become aware that a user is under 18, we will immediately deactivate their account and delete their data. If you believe a minor has created an account on our platform, please contact us at support@5kmarketplace.org.

We may update this Privacy Policy from time to time. When we do, we will: • Update the "Last updated" date at the top of this page • Send an email notification to all registered users if the changes are material • For significant changes, we may request that you re-accept the policy before continuing to use the platform Continued use of 5K Marketplace after a policy update constitutes your acceptance of the updated policy.

5K Marketplace is operated by Puden (Nigeria). As the data controller, we are responsible for your personal data. For privacy-related inquiries, data subject requests, or to report a data breach: Email: support@5kmarketplace.org General support: support@5kmarketplace.org We will acknowledge all privacy requests within 5 business days and respond fully within 30 days.