10-20% off weekly & monthly stays

Privacy Policy

Last updated: May 2026

The Caramel Cove ("we", "us", or "our") operates the website caramelcove.com. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our website and book our shortlet apartment. We comply with the Nigeria Data Protection Act 2023 (NDPA).

1. Information We Collect

When you make a booking or enquiry, we may collect:

  • Full name
  • Email address
  • Phone number
  • Nationality / country of residence
  • Purpose of stay
  • Payment information (processed securely by Paystack or Flutterwave — we do not store card details)

2. How We Use Your Information

We use your personal information to:

  • Process and confirm your booking
  • Send check-in instructions and booking-related communications
  • Respond to your enquiries
  • Improve our services and website
  • Comply with legal obligations

3. Data Sharing

We do not sell your personal data. We may share your information with:

  • Payment processors (Paystack, Flutterwave) to securely process payments
  • Email service provider (Resend) to send booking confirmations and communications
  • Legal authorities if required by law

4. Data Security

We implement appropriate security measures to protect your personal information. Payment data is processed through PCI-DSS compliant payment providers and is never stored on our servers.

5. Cookies & Analytics

We use Google Analytics 4 to understand how visitors use our website. This uses cookies to collect anonymised usage data. You can opt out by adjusting your browser cookie settings.

6. Your Rights Under NDPA

As a data subject under the Nigeria Data Protection Act 2023, you have the right to:

  • Request access to (a copy of) your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent at any time

For access and deletion requests, use our self-service form at caramelcove.com/my-data — enter your booking reference and email and choose "Download my data" or "Delete my data". You can also email info@caramelcove.com.

7. Retention

Per the Federal Inland Revenue Service (FIRS) rules, booking financial records (reference, dates, amounts, payment reference) are retained for 7 years. When you exercise your right to deletion, your personal data (name, email, phone, ID document, IP, card metadata) is removed within 24 hours; only the de-identified financial record is retained for tax-audit purposes. Contact-form enquiries are retained for 6 months.

8. Contact

For any privacy-related questions or requests, please contact us at info@caramelcove.com or via WhatsApp.

9. Changes

We may update this policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this page.