← CORSET

Privacy Policy

Last updated: July 2026  ·  Effective: June 2026  ·  Applies to getcorset.com and app.getcorset.com

Corset is a fashion business operating system built for Nigerian and African fashion designers. This policy covers everything — our website at getcorset.com and our app at app.getcorset.com. It explains exactly what data we collect, why we collect it, how we protect it and your rights under the Nigeria Data Protection Act 2023 (NDPA) and the General Application and Implementation Directive 2025 (GAID).

1. Who We Are

Corset is operated by Ben Eigbiremonlen, Lagos, Nigeria.

Email: hello@getcorset.com
Website: getcorset.com
App: app.getcorset.com
Address: Lagos, Nigeria

We are the Data Controller for all personal data collected on our website and from designers who create Corset accounts.

When designers add their clients to Corset, the designer becomes the Data Controller for their clients' data. Corset acts as the Data Processor on their behalf — storing and processing that data only as the designer instructs.

We are committed to full compliance with the Nigeria Data Protection Act 2023 (NDPA) and are in the process of completing registration with the Nigeria Data Protection Commission (NDPC).

2. What Data We Collect and Why

A. Website Visitors

When you visit getcorset.com we collect only:

  • Enquiry emails — if you contact us via hello@getcorset.com we store your email and message to respond to you.
  • Basic analytics — page visits, browser type and approximate country. No name, email or personal identifier.
  • Essential cookies — to maintain basic website functionality only. No advertising or tracking cookies.
Legal basis: Legitimate Interests — to respond to enquiries and improve the website experience.

B. Designer Account Data

When you create a Corset account we collect your full name, email address, phone number and business name.

Legal basis: Contract — necessary to create and maintain your Corset account and deliver the service to you.

C. Client Data You Enter

When you add clients to Corset you provide their names, phone numbers, email addresses, body measurements, style preferences and order history.

Legal basis: Contract and Legitimate Interests — client data is the core of the Corset service. You are responsible for informing your clients that their data is stored in Corset.

D. Order and Payment Records

Orders contain garment descriptions, agreed prices, due dates, deposit amounts, balance amounts, payment methods and payment references.

Legal basis: Contract and Legal Obligation — financial records are necessary to provide the service and may be required for business accounting purposes.

E. Bank Account Details

Designers may save their bank account details — bank name, account number and account name — in their Corset settings. This is displayed to their clients through the client portal so clients know where to send payment.

Legal basis: Contract — stored at the designer's request to facilitate payment collection. Visible only to the designer and their verified clients. Corset does not process or handle any payments or transfers directly.

Designers may update or remove their bank details at any time from their account settings.

F. Uploaded Images and Files

Corset stores images you upload including lookbook photographs, store listing images, payment receipts uploaded by clients and garment presentation images created through Corset Studio.

Legal basis: Contract — image storage is a core feature of the Corset lookbook, store and studio tools.

G. Device and Usage Data

We collect limited technical data: device type, browser type, login timestamps and feature usage patterns. We do not collect your precise location.

Legal basis: Legitimate Interests — used to improve Corset, identify bugs and understand how designers use the platform.

H. Push Notification Tokens

If you enable push notifications we store a device token to send you alerts about due dates, order updates and platform announcements.

Legal basis: Consent — you must actively enable notifications. Disable them at any time in your device or browser settings.

I. Client Portal Access

When a client accesses their portal using a one-time code sent to their email, we process their email address and any payment receipts they upload.

Legal basis: Contract — the client portal is a feature provided to designers and their clients as part of the Corset order management service.

J. In-App Feedback

When you respond to optional in-app feedback prompts we store your answers to improve Corset. Feedback is always optional and can be skipped.

Legal basis: Legitimate Interests — product feedback helps us build a better service for all designers.

3. What We Do NOT Collect

  • Card details, wallet credentials or any payment instrument — Corset never processes payments directly
  • Client payment transfers — all money moves outside Corset, directly between designer and client
  • Government ID or NIN (except where a designer voluntarily submits for Global Library verification)
  • Precise GPS location
  • Phone contacts, call logs or SMS messages
  • Biometric data of any kind
  • Data from anyone under the age of 18

4. How We Store and Protect Your Data

All Corset data is stored on Supabase — a managed PostgreSQL platform certified SOC 2 Type II, HIPAA compliant and ISO 27001 certified. This is the same security standard used by banks and hospitals worldwide.

Specific protections in place:

  • Encryption at rest — all data is encrypted when stored on our servers
  • Encryption in transit — all data transfers use HTTPS/TLS at all times
  • Row Level Security — each designer sees only their own data. No designer can access another designer's clients, orders or finances under any circumstances
  • Email authentication — your account requires email verification to access
  • OTP client portal — clients access their portal only through a one-time code sent to their verified email address
  • Admin access controls — only authorised Corset team members can access backend data, and only when necessary

5. Who We Share Your Data With

We do not sell your data. We do not share your data with advertisers. We do not share your data with any third party for their own commercial purposes. Ever.

We share data only with the services that directly power Corset, and strictly to the extent necessary:

  • Supabase (Ireland / USA)Database, authentication and file storage. Core infrastructure provider.
  • Vercel (USA)Website and app hosting and deployment.
  • Resend (USA)Email delivery for monthly financial statements, client portal invitations and system notifications.
  • Firebase by Google (USA)Push notification delivery only. We share only your device token — not your name, email or any other personal detail.
  • Replicate (USA)AI image processing for Corset Studio. We share only the garment photo you submit for enhancement. No personal data is shared.
  • Anthropic (USA)AI processing for the Opportunity Finder feature. No personal designer or client data is ever shared with Anthropic.

All third-party providers are bound by data processing agreements and are prohibited from using your data for any purpose beyond providing their service to Corset.

Several of these providers are based outside Nigeria. Where data is transferred internationally we ensure adequate protections are in place in compliance with the NDPA 2023.

6. How Long We Keep Your Data

  • Account dataKept for as long as your account is active. Permanently deleted within 30 days of an account deletion request.
  • Client and order dataKept for as long as your account is active. You can delete individual clients and orders at any time from within the app.
  • Financial recordsRetained for 7 years from the date of the transaction in compliance with Nigerian financial record-keeping obligations.
  • Bank account detailsDeleted immediately when you remove them from settings or when your account is deleted.
  • Uploaded imagesDeleted when you remove them from the app or when your account is deleted.
  • Push notification tokensDeleted immediately when you disable notifications or when your account is deleted.
  • Feedback responsesRetained for up to 2 years for product improvement purposes, then permanently deleted.
  • Website enquiry emailsRetained for 12 months then deleted unless an ongoing relationship requires otherwise.

7. Your Rights Under the NDPA 2023

Under the Nigeria Data Protection Act 2023 you have the following rights over your personal data:

  • Right of AccessRequest a copy of all personal data we hold about you.
  • Right to RectificationRequest correction of inaccurate or incomplete data. Most data can be updated directly inside your Corset account.
  • Right to ErasureRequest permanent deletion of your personal data. You can delete your account at any time. Some financial records may be retained as required by Nigerian law.
  • Right to Data PortabilityRequest an export of your data in a structured, machine-readable format.
  • Right to ObjectObject to processing that is based on legitimate interests.
  • Right to Withdraw ConsentWhere we rely on your consent — such as push notifications — withdraw it at any time without affecting prior processing.

To exercise any right email us at hello@getcorset.com. We acknowledge within 72 hours and complete all requests within 30 days.

If you are not satisfied with our response you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

8. Cookies

Corset uses only essential cookies required to keep you logged in and maintain session security.

We do not use:

  • Advertising or retargeting cookies
  • Third-party analytics that follow you across other websites
  • Any cookies that share your information with advertisers

9. Children

Corset is a professional business tool for fashion designers. We do not knowingly collect data from anyone under the age of 18.

If you believe a minor has created a Corset account please contact us immediately at hello@getcorset.com and we will delete the account without delay.

10. Changes to This Policy

If we make significant changes to this policy we will notify you by email and through an in-app notification before the changes take effect.

The date at the top of this page always shows when it was last updated. Continued use of Corset after being notified of changes constitutes your acceptance of those changes.

11. Contact Us

For all privacy questions, data access requests or complaints:

Email: hello@getcorset.com
Response time: Within 72 hours
Location: Lagos, Nigeria

For urgent data protection or security matters please use the subject line: URGENT: Data Privacy

Questions about your data?

We take every privacy question seriously and respond within 72 hours.

hello@getcorset.com
Corset · Lagos, Nigeria

← Back to CorsetOpen the app →