Legal

Privacy Policy

Effective date: June 1, 2026 · Last updated: June 1, 2026

This Privacy Policy explains how Sellam (sellam.shop) ("Sellam", "we", "us", or "our") collects, uses, shares, and protects the personal information of users ("you") of our wholesale sourcing platform accessible at sellam.shop. It applies to all services including our website, mobile features, WhatsApp notifications, AI market research tools, payments, logistics coordination, and product verification services.

1. Who We Are

Sellam is a wholesale sourcing platform headquartered in Douala, Cameroon. We connect African wholesalers with verified suppliers in China, UAE, Canada, and the USA, and provide AI-powered market research, product verification, logistics coordination, and payment services.

Data Controller: Sellam, Douala, Cameroon.
Contact: contact@sellam.shop · WhatsApp: +237 690 843 612

2. Data We Collect

2.1 Information you provide directly

  • Account data: full name, email address, phone number (including WhatsApp), country, business name, and password.
  • Business information: business type, sourcing preferences, import history, and budget ranges.
  • Payment data: billing address, mobile money wallet identifiers (Orange Money, MTN MoMo), card details (processed by Stripe — we do not store raw card numbers), and PayPal account references.
  • Order data: products ordered, quantities, suppliers contacted, shipment destinations, and verification requests.
  • Communications: messages sent to our support team, inquiries submitted through contact forms, and WhatsApp conversations.
  • Identity verification: where required by law or for fraud prevention, government-issued ID or business registration documents.

2.2 Data collected automatically

  • Usage data: pages visited, features used, clicks, search queries on our platform, and time spent.
  • Device & technical data: IP address, browser type, operating system, device identifiers, and referrer URLs.
  • Cookies & tracking: see our Cookie Policy for full details.
  • Transaction logs: timestamps, amounts, payment status, and references for all financial transactions.

2.3 Data from third parties

  • Payment providers: Stripe, Orange Money (MTN Group), MTN Mobile Money, and PayPal may share transaction status and fraud signals with us.
  • Social platforms: if you sign in via a third-party account, we receive your basic profile data as permitted by that platform.
  • Market data: AI trend signals sourced from public trade data, social media APIs (TikTok, Meta, Google Trends), and third-party market intelligence services.
  • Logistics partners: shipment tracking data from freight forwarders and customs agencies.

3. How We Use Your Data

PurposeLegal basis (GDPR Art. 6)
Provide, operate, and improve the platformPerformance of contract (Art. 6(1)(b))
Process payments and manage escrowPerformance of contract (Art. 6(1)(b))
Send WhatsApp trend alerts and service notificationsContract / Legitimate interest (Art. 6(1)(f))
Personalise AI market research and product recommendationsLegitimate interest (Art. 6(1)(f))
Verify product quality and coordinate logisticsPerformance of contract (Art. 6(1)(b))
Detect fraud, prevent abuse, and comply with AML obligationsLegal obligation / Legitimate interest (Art. 6(1)(c)/(f))
Respond to support requests and resolve disputesLegitimate interest (Art. 6(1)(f))
Send marketing communications (with your consent)Consent (Art. 6(1)(a))
Comply with tax, customs, and regulatory obligationsLegal obligation (Art. 6(1)(c))
Analytics to understand platform usage and improve UXLegitimate interest (Art. 6(1)(f))

4. Data Sharing

We do not sell your personal data. We share it only in the following cases:

  • Suppliers and factories: your name, business name, order details, and delivery address are shared with suppliers you choose to transact with.
  • Payment processors: Stripe (US/EU), MTN Mobile Money, Orange Money, PayPal — each under their own privacy policy and PCI-DSS compliance frameworks.
  • Logistics partners: freight forwarders, customs agents, and last-mile delivery providers receive shipment details.
  • Inspection agents: quality verification teams receive product and supplier details necessary to carry out inspections.
  • Service providers: cloud hosting (Vercel, Supabase), analytics, email delivery (Resend), and customer support tools — bound by data processing agreements.
  • Legal authorities: where required by Cameroonian law (Loi n° 2010/012), GDPR requests, INTERPOL, or international treaty obligations.
  • Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred to the new entity under the same privacy obligations.

5. International Data Transfers

Sellam operates across multiple jurisdictions. Your data may be transferred to and processed in countries outside your own, including the United States (Vercel, Stripe), the European Union, China, and the UAE.

For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions where available. For transfers from African countries, we comply with applicable bilateral data transfer frameworks.

6. Data Retention

Data categoryRetention period
Account dataDuration of account + 3 years after closure
Transaction & payment records10 years (tax and accounting obligations)
Order and logistics data7 years (commercial law requirements)
Support communications3 years after resolution
Marketing consentsUntil withdrawal of consent + 1 year
Usage logs and analytics13 months (rolling)
Cookies (non-essential)As specified in Cookie Policy (max 13 months)

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your data where there is no legitimate reason to continue processing it.
  • Restriction: ask us to pause processing of your data in certain circumstances.
  • Data portability: receive your data in a structured, machine-readable format (GDPR Art. 20).
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Lodge a complaint: with your national data protection authority (e.g., the Cameroonian ANTIC, Senegal's CDP, Nigeria's NDPC, or the EU supervisory authority in your member state).

To exercise any right, email us at contact@sellam.shop. We respond within 30 days.

8. Security

We apply industry-standard security measures including TLS/HTTPS encryption in transit, AES-256 encryption at rest, row-level security on our database (Supabase), limited access controls, and regular security reviews. Payment data is handled exclusively by PCI-DSS-compliant processors.

Despite our efforts, no system is 100% secure. In the event of a data breach that poses a high risk to you, we will notify you and the relevant authority within 72 hours as required by GDPR Article 33.

9. Children's Privacy

Our services are intended for business users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with data, please contact us immediately.

10. Third-Party Links

Our platform may contain links to supplier websites, payment gateways, and logistics providers. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before interacting with them.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform at least 14 days before the change takes effect. Continued use of Sellam after the effective date constitutes acceptance of the updated policy.

12. Applicable Law

This policy is governed by Cameroonian law and is consistent with:

  • Cameroon Loi n° 2010/012 relative à la cybersécurité et à la cybercriminalité
  • EU General Data Protection Regulation (GDPR) 2016/679
  • Senegal Loi n° 2008-12 sur la protection des données personnelles
  • Nigeria Data Protection Regulation (NDPR) 2019 / NDPA 2023
  • South Africa POPIA (Protection of Personal Information Act) 4 of 2013
  • ECOWAS Supplementary Act A/SA.1/01/10 on Personal Data Protection

13. Contact Us

For any privacy-related questions, requests, or complaints:

Sellam – Data Protection

Douala, Cameroon

Email: contact@sellam.shop

WhatsApp: +237 690 843 612