Legal

Privacy Policy

How we collect, use, and protect your personal information on the PLVN platform.

Your data is protected — PLVN privacy
Effective: 1 June 2026 Coverage: GH · NG · KE · UK/EU · US Contact: [email protected]

1. Who We Are

PLVN Technologies Ltd ("PLVN", "we", "our", or "us") is a company incorporated in Ghana and headquartered in Accra. We operate the PLVN platform — a suite of mobile and web tools that help individuals, families, and businesses plan and execute events ranging from weddings and funerals to naming ceremonies, festivals, and corporate gatherings.

PLVN Technologies Ltd is the data controller responsible for personal data collected through our websites (plvnapp.com and its subdomains), our mobile applications, and any other service that links to this Privacy Policy. Our principal office is in Accra, Ghana. You can reach our privacy team at [email protected].

This policy is written to comply with the frameworks listed in Section 2 (Regulatory Coverage), including the Ghana Data Protection Act 2012 (Act 843), Nigeria's data protection laws, Kenya's Data Protection Act 2019, the UK GDPR and EU GDPR where applicable, and the California Consumer Privacy Act (CCPA) as amended by the CPRA for eligible US users.

2. Regulatory Coverage

PLVN serves planners, vendors, and guests across Africa and the diaspora. The table below maps the privacy frameworks that may apply to your use of the platform, the circumstances in which each framework applies, who acts as data controller for platform data, and the supervisory authority you may contact if you are unsatisfied with our response to a complaint.

Unless noted otherwise, PLVN Technologies Ltd (incorporated in Ghana, principal office Accra) is the data controller for account, event, device, and usage data collected through plvnapp.com, our mobile applications, and related services. Payment card and bank account data is collected and controlled by Stripe, Inc. when you use our payment features; see Section 6.2.

Framework Territory Applies when Data controller (platform data) Supervisory authority
NDPA (GH)
Ghana Data Protection Act 2012 (Act 843) and Data Protection Commission guidance		 Ghana You are resident in Ghana, register with a Ghana phone number or address, or host or attend events primarily located in Ghana. PLVN Technologies Ltd Data Protection Commission of Ghana (dataprotection.org.gh)
NDPR (NG)
Nigeria Data Protection Regulation 2019 and Nigeria Data Protection Act 2023		 Nigeria You are resident in Nigeria, register with a Nigerian phone number or address, or host or attend events primarily located in Nigeria. PLVN Technologies Ltd Nigeria Data Protection Commission (ndpc.gov.ng)
DPA (KE)
Kenya Data Protection Act 2019		 Kenya You are resident in Kenya, register with a Kenyan phone number or address, or host or attend events primarily located in Kenya. PLVN Technologies Ltd Office of the Data Protection Commissioner, Kenya (odpc.go.ke)
GDPR
EU GDPR (2016/679) and UK GDPR		 European Economic Area, United Kingdom, and diaspora users in those jurisdictions You are located in the EEA or UK, or we offer the service to you in a way that brings GDPR or UK GDPR into scope (including diaspora users maintaining ties to EEA/UK events). PLVN Technologies Ltd Lead supervisory authority in your country of residence, or the UK Information Commissioner's Office (ico.org.uk) for UK residents
CCPA / CPRA
California Consumer Privacy Act as amended		 California, United States, and US diaspora users where applicable You are a California resident, or you are a US diaspora user whose personal information is collected in a context that triggers CCPA/CPRA rights (for example, billing or marketing directed to California). PLVN Technologies Ltd California Attorney General (oag.ca.gov/privacy)

If more than one framework applies to you, we honour the rights and protections that afford you the highest standard, to the extent permitted by law. For cross-border transfers of personal data (for example, to our US-based infrastructure providers), we implement appropriate safeguards as described in Section 6 and our Data Processing Agreement.

3. Data We Collect

We collect personal data in four main categories:

3.1 Account Data

When you register for a PLVN account — whether as a planner, vendor, or guest — we collect your full name, email address, phone number, and password (stored as a one-way bcrypt hash; we never store your plaintext password). If you register through a social login provider we collect the name, email, and profile photo that provider shares with us, subject to your consent settings on that provider.

3.2 Event Data

When you use PLVN to create or manage an event, we collect the event name, date, location, guest list data you enter, task lists, budget information, vendor bookings, timelines, uploaded images and documents, and any notes or messages exchanged within the platform. This data belongs to you; we process it solely to deliver the service.

3.3 Payment Data

PLVN uses Stripe, Inc. as its payment processor. When you make or receive a payment through the platform, your card number, bank account details, and sensitive financial information are collected and stored directly by Stripe under Stripe's own privacy policy. PLVN receives only a non-sensitive payment token, the last four digits of the card, the billing name, and the transaction outcome (success or failure). We never store full card numbers on our servers.

3.4 Device and Usage Data

We automatically collect certain technical data when you access PLVN: your IP address, browser type and version, operating system, device identifiers, the pages or screens you visit, the features you use, the time and duration of your sessions, and error logs. We use this data to operate, secure, and improve the platform. This data is not sold to advertising networks.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Providing and improving the service. To create and manage your account, process event data you submit, facilitate vendor bookings, process payments, and continuously improve platform features and reliability.
  • Communications. To send you transactional emails (booking confirmations, password resets, payment receipts), important service announcements, and — where you have opted in — product updates and tips. You may opt out of marketing communications at any time via the unsubscribe link in any email or through your account settings.
  • Customer support. To investigate and respond to support requests, diagnose technical issues, and resolve disputes between planners and vendors.
  • Security and fraud prevention. To detect and prevent abuse, unauthorised access, fraudulent transactions, and other prohibited conduct described in our Terms of Service.
  • Legal compliance. To comply with applicable law, respond to lawful requests from government authorities, and enforce our legal agreements.
  • Analytics. To understand how the platform is used in aggregate so we can make better product decisions. Where possible we use anonymised or aggregated data for analytics purposes.

We do not use your personal data to make solely automated decisions that produce legal or similarly significant effects without human review.

5. Legal Basis for Processing

We rely on the following legal bases under the Ghana Data Protection Act 2012 (Act 843) and, where applicable, GDPR Article 6:

  • Performance of a contract (GDPR Art. 6(1)(b)). Processing your account data, event data, and payment data is necessary to fulfil our contractual obligations to you as a user of the platform.
  • Legitimate interests (GDPR Art. 6(1)(f)). We process device and usage data — including essential, anonymised product analytics that do not identify you and set no persistent identifier without your consent — and we send service-related communications, on the basis of our legitimate interest in operating, securing, and improving the platform. We balance this interest against your privacy rights and will not override them.
  • Consent (GDPR Art. 6(1)(a)). Where we send marketing communications or use non-essential cookies, we rely on your freely given, specific, and informed consent. You may withdraw consent at any time without affecting the lawfulness of earlier processing.
  • Legal obligation (GDPR Art. 6(1)(c)). We may process data where required to comply with a legal obligation, including responding to a court order or a request from the Data Protection Commission of Ghana.

6. Data Sharing and Sub-Processors

We share personal data with a limited number of carefully selected third parties solely to operate the platform. We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

6.1 Infrastructure: Railway

Our platform is hosted on Railway (Railway Corp., United States). Railway stores and processes application data, including personal data contained in your account and event records, on servers in the United States. Railway maintains industry-standard security practices. Where required by applicable law, we rely on appropriate transfer safeguards (see Section 9 of our DPA).

6.2 Payments: Stripe

Payment processing is handled by Stripe, Inc. (United States), a PCI DSS Level 1 certified payment processor. When you initiate a payment, you interact directly with Stripe's hosted payment interface. Stripe's processing of your payment data is governed by the Stripe Privacy Policy.

6.3 Other Disclosures

We may disclose personal data to law enforcement agencies, regulators, or courts if we are required to do so by law or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of PLVN, our users, or the public. If PLVN is acquired or merges with another entity, your data may be transferred to the successor; we will notify you of any such change and your rights in that situation.

7. Data Retention

We retain personal data for as long as your account is active and for a reasonable period thereafter to allow you to reactivate your account, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account and event data is retained for the duration of your active account. If you delete your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law.
  • Payment records are retained for seven years from the date of the transaction to comply with Ghanaian accounting and tax law.
  • Server logs and device data are retained for a rolling 12-month period and then deleted.
  • Backup copies of data may persist for up to 30 days after the primary data has been deleted, after which they are purged from backup systems.

When data is no longer required, we delete it securely or anonymise it so it can no longer be linked to an identifiable individual.

8. Your Rights

Depending on your jurisdiction and the legal basis for processing, you have the following rights regarding your personal data:

  • Right of access. You may request a copy of the personal data we hold about you. We will provide it in a structured, commonly used format within 30 days.
  • Right to rectification. If any data we hold about you is inaccurate or incomplete, you may ask us to correct it. Many details can be updated directly in your account settings.
  • Right to erasure ("right to be forgotten"). You may request that we delete your personal data. We will honour this request unless we are required to retain the data by law or for legitimate purposes such as dispute resolution.
  • Right to data portability. You may request your personal data in a machine-readable format (JSON or CSV) suitable for transfer to another service.
  • Right to object. Where we process your data on the basis of legitimate interests, you have the right to object. We will stop processing unless we have compelling legitimate grounds that override your interests.
  • Right to restrict processing. In certain circumstances you may ask us to restrict the processing of your data (for example, while a dispute is resolved).
  • Right to withdraw consent. Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, email [email protected] with the subject line "Data Rights Request". We will verify your identity and respond within 30 days. There is no charge for one request per 12-month period.

9. Cookies and Tracking

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us recognise you and remember your preferences between visits.

We use the following categories of cookies:

  • Strictly necessary cookies. Required for the platform to function — for example, cookies that maintain your login session. These cannot be disabled.
  • Functional cookies. Remember your preferences (such as language or theme) to improve your experience. We set these only with your consent.
  • Analytics. Help us understand how visitors use the site in aggregate so we can improve the platform. Essential, anonymised product analytics run under our legitimate interest and set no persistent identifier; durable analytics cookies and session-replay insights are set only with your consent. We use anonymised analytics only.

You can manage your cookie preferences at any time via the cookie banner shown on your first visit, or through your browser settings. Note that disabling strictly necessary cookies will impair platform functionality.

10. Children

The PLVN platform is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided personal data to PLVN without your consent, please contact us at [email protected] and we will delete the data promptly. Users must confirm they are 18 or older at account registration; accounts found to belong to minors will be suspended pending verification.

11. Contact and Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our privacy team:

PLVN Technologies Ltd
Accra, Ghana
[email protected]

We take all privacy complaints seriously and will respond within 14 days. If you are not satisfied with our response, you may lodge a complaint with the supervisory authority listed in Section 2 for your jurisdiction. For Ghana-based users, the relevant authority is the Data Protection Commission of Ghana:

Data Protection Commission of Ghana
P.O. Box CT 3803, Cantonments, Accra
www.dataprotection.org.gh

If you are located in the European Economic Area, you also have the right to lodge a complaint with the data protection supervisory authority in your country of residence.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the platform at least 14 days before the changes take effect. The "Effective" date at the top of this page indicates when the current version was last revised.