Legal

Privacy Policy

Last updated: June 6, 2026 · Effective immediately

Winnerson Plexus ("we", "our", or "us") operates the campus superapp exclusively for the David Umahi Federal University of Health Sciences (DUFUHS). We are committed to protecting your privacy and handling your data transparently. This policy explains how we collect, use, and safeguard your personal information when you use our platform.

1. Information We Collect

When you create an account or use Winnerson Plexus, we collect the following categories of information:

Account Information: Your full name, email address, password (encrypted), phone number, state, and campus address.
Role-Specific Data: For restaurant owners — business name, bank account details, and menu listings. For bus drivers — vehicle model, license plate number, and route history.
Transaction Data: Order history, food items purchased, ticket bookings, seat numbers, booking references, payment method details (last 4 digits and card brand only — no full card numbers are stored).
Usage Data: Pages viewed, features used, search queries, filter preferences, and session timestamps.
Favorites & Preferences: Saved restaurants, favorited dishes, saved transit routes, and notification preferences.
Device Information: Device type, operating system, and app version for diagnostics and bug resolution.

2. How We Use Your Information

We use collected data strictly to operate, improve, and personalize the Winnerson Plexus experience:

Process and fulfill food orders between customers and campus restaurants.
Facilitate bus seat bookings and generate boarding tickets with unique references.
Send real-time push notifications for order status updates (Placed → Preparing → Ready → Delivered).
Enable restaurant owners to track revenue, manage menus, and request earnings withdrawals.
Allow bus drivers to manage passenger rosters and update trip statuses.
Enable administrators to monitor platform health, approve payouts, and manage users.
Improve trending food algorithms and service reliability using aggregated, anonymized usage data.
Communicate service announcements, updates, and security alerts.

3. Information Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Within the Platform: Customer names and phone numbers are shared with restaurant owners only for order fulfillment purposes. Passenger names, seat numbers, and contact details are shared with the assigned bus driver for boarding verification.
Payment Processing: Bank account details (for vendor withdrawals) are handled securely and only transmitted to authorized financial partners during payout processing.
Administrative Oversight: Platform administrators may access user data strictly for compliance, fraud prevention, dispute resolution, and payout approval.
Legal Compliance: We may disclose information if required by applicable Nigerian law, court order, or regulatory authority.

4. Data Storage & Security

Your data is stored on secure servers hosted via Railway infrastructure. We implement industry-standard security measures including:

Password hashing using bcryptjs with a salt factor of 10 — your plain-text password is never stored.
JWT (JSON Web Token) based authentication for all API requests — tokens are stored securely in device storage and expire automatically.
HTTPS encryption for all data in transit between the app and our servers.
Role-based access control ensuring users can only access data appropriate to their role (customer, owner, driver, passenger, admin).
Password reset via time-limited verification codes sent to registered email addresses.

While we implement strong security practices, no system is completely immune to security risks. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorized access to your account.

5. Your Rights & Choices

As a Winnerson Plexus user, you have the right to:

Access: Request a copy of the personal data we hold about you.
Correction: Update your name, phone number, address, and profile photo directly in the app under your profile settings.
Deletion: Request deletion of your account and associated data by contacting our support team.
Portability: Request an export of your order history and booking records.
Notifications: Manage push notification preferences from within your account settings.
Favorites: Remove saved dishes and restaurants at any time through the app.

6. Cookies & Tracking

The Winnerson Plexus mobile app uses AsyncStorage (a local device storage mechanism, not browser cookies) to persist your authentication token and session data between app launches. This allows automatic sign-in when you re-open the app.

We do not use third-party advertising cookies or behavioral tracking networks. Any analytics used are aggregated and anonymized solely for platform improvement purposes.

7. Children's Privacy

Winnerson Plexus is designed for use by university students, faculty, staff, and campus business operators — all of whom are expected to be 18 years of age or older. We do not knowingly collect personal information from children under 18. If you believe a minor has created an account, please contact us immediately for removal.

8. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify registered users of material changes via in-app notifications. Continued use of Winnerson Plexus after changes are posted constitutes acceptance of the updated policy.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

Email: privacy@winnersongroup.com
Institution: David Umahi Federal University of Health Sciences (DUFUHS)
Platform: Winnerson Plexus, operated by Winnerson Group

We aim to respond to all privacy-related inquiries within 5 business days.