Privacy Policy
Last updated: February 2026
1. Who We Are
PostAm Swift Networks Ltd (“PostAm,” “we,” “our,” or “us”) is the data controller responsible for your personal data. We are a logistics company registered in Nigeria, operating in both Nigeria and the United Kingdom.
- Company name: PostAm Swift Networks Ltd
- Registered address: 2B Olasuru Shopping Complex, Sangotedo, Lagos, Nigeria
- Email: support@postamglobal.com
- Phone: +234 901 967 8037
2. What Personal Data We Collect
We collect the following categories of personal data:
Information you provide directly:
- Account data: Full name, email address, phone number, and password (encrypted) when you create an account.
- Shipment data: Pickup and delivery addresses, package descriptions, declared contents, weight, dimensions, and declared value.
- Payment data: Card payment transaction records processed through our secure payment provider. We do not store full card numbers.
- Communications: Messages you send to our support team, complaint details, and feedback.
- Customs declarations: Item descriptions, values, and harmonised system (HS) codes for international shipments.
Information collected automatically:
- Device data: IP address, browser type, operating system, screen resolution, and device identifiers.
- Usage data: Pages visited, features used, timestamps, referral URLs, and session duration.
- Location data: Approximate location from your IP address. Precise GPS location only with your explicit consent when using our mobile application for real-time tracking.
3. Why We Process Your Data and Our Legal Basis
Under the UK General Data Protection Regulation (UK GDPR) and the Nigeria Data Protection Act 2023 (NDPA), we must have a lawful basis for processing your personal data. Below is each purpose and its corresponding legal basis:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Performance of contract |
| Processing and fulfilling your shipments | Performance of contract |
| Providing real-time tracking and delivery notifications | Performance of contract |
| Processing payments and issuing receipts | Performance of contract |
| Completing customs declarations for international shipments | Legal obligation |
| Retaining financial records for tax compliance | Legal obligation |
| Responding to your support requests and complaints | Legitimate interest |
| Improving our Services and fixing technical issues | Legitimate interest |
| Detecting and preventing fraud | Legitimate interest |
| Collecting precise GPS location for live tracking | Your consent |
Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your rights and freedoms. You can request details of these assessments by contacting us.
Where we rely on consent, you can withdraw your consent at any time by contacting us at support@postamglobal.com or adjusting your device/browser settings. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
4. Who We Share Your Data With
We do not sell your personal data. We share your data only as necessary to provide our Services:
- Logistics partners: Riders, delivery agents, carriers, and freight forwarders who fulfil your shipments. They receive only the data needed to complete the delivery (addresses, package details, contact number).
- Payment processors: Third-party providers that securely process card payments on our behalf. They do not have access to your full card data.
- Customs authorities: UK Border Force, HMRC, and Nigeria Customs Service, as required by law for international shipments.
- Hosting and infrastructure: Supabase (database and authentication) and Vercel (website hosting). These providers process data under our instructions and are bound by data processing agreements.
- Law enforcement: Only when required by law, regulation, court order, or legal process. We will notify you where legally permitted.
5. International Data Transfers
PostAm operates in both Nigeria and the United Kingdom. Your personal data may be transferred between these countries and to countries where our service providers operate (including the United States, where Supabase and Vercel have infrastructure).
UK to Nigeria transfers:
Nigeria does not currently have a UK adequacy decision under the UK GDPR. When we transfer personal data from the UK to Nigeria, we rely on the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with the UK Addendum, as approved by the Information Commissioner’s Office. We have conducted a Transfer Risk Assessment to ensure your data receives an equivalent level of protection.
Nigeria to UK transfers:
The UK has strong data protection laws. Transfers from Nigeria to the UK are permitted under the Nigeria Data Protection Act 2023 where adequate safeguards are in place.
You may request a copy of the safeguards we use for international transfers by contacting us.
6. How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes it was collected. Specific retention periods:
- Account data: For the duration of your account, plus 2 years after closure to handle any post-closure queries or disputes.
- Shipment and order data: 6 years from the date of the shipment (required by HMRC for tax compliance and the Limitation Act 1980 for legal claims).
- Customs declarations: 6 years (required by UK and Nigerian customs law).
- Payment and financial records: 6 years (HMRC requirement).
- Support communications: 3 years from the date of last contact.
- Analytics and usage data: 26 months from collection, then automatically deleted.
- Cookie consent records: 13 months from the date of consent (then we ask again).
When retention periods expire, data is securely deleted or anonymised so it can no longer identify you.
7. Your Rights
You have the following rights over your personal data. These rights apply under both the UK GDPR (for UK-based users) and the Nigeria Data Protection Act 2023 (for Nigerian users):
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
- Right to restrict processing: Request that we limit how we use your data in certain circumstances.
- Right to data portability: Request a machine-readable copy of data you provided to us.
- Right to object: Object to processing based on legitimate interest. We will stop unless we demonstrate compelling grounds.
- Right to withdraw consent: Where processing is based on consent, withdraw at any time.
- Rights related to automated decisions: We do not currently make any fully automated decisions that produce legal effects concerning you.
To exercise any of these rights, email us at support@postamglobal.com with the subject line “Data Rights Request.” We will respond within 30 days. We may ask for proof of identity before processing your request.
8. Right to Complain
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority:
UK customers — Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Nigerian customers — Nigeria Data Protection Commission (NDPC):
- Website: ndpc.gov.ng
- Address: No. 5 Donatus Odum Street, Abuja, Nigeria
We would appreciate the opportunity to address your concerns before you contact a supervisory authority. Please reach out to us first at support@postamglobal.com.
9. Data Security
We implement industry-standard technical and organisational measures to protect your personal data, including:
- Encryption of data in transit using TLS (Transport Layer Security)
- Encryption of data at rest
- Secure authentication with hashed passwords
- Role-based access controls limiting data access to authorised personnel only
- Regular security reviews of our infrastructure and dependencies
No system is perfectly secure. If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and notify you without undue delay if the breach is likely to result in a high risk to you.
10. Cookies
We use cookies and similar technologies on our website. For full details about which cookies we use, why we use them, and how to control them, see our Cookie Policy.
11. Children
Our Services are not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email or by posting a prominent notice on our website at least 14 days before the changes take effect. The “Last updated” date at the top of this page indicates when this policy was last revised.
13. Contact Us
For any questions or concerns about this Privacy Policy or your personal data:
- Email: support@postamglobal.com
- Phone: +234 901 967 8037
- Address: PostAm Swift Networks Ltd, 2B Olasuru Shopping Complex, Sangotedo, Lagos, Nigeria