Privacy Policy
Last updated: 5 July 2026.
1. Who we are
P2Proof is a record-keeping and analytics service for peer-to-peer crypto merchants, operated from Nigeria. Contact: p2prooff@gmail.com. This policy is written with the Nigeria Data Protection Act 2023 (NDPA) in mind; you have the rights it grants data subjects.
2. What we collect
- Account data: email address, display name, hashed password (handled by our auth provider, Supabase).
- Bybit API credentials: stored encrypted (AES-256-GCM); used only to read your P2P order history.
- Trade records synced from your Bybit account: amounts, rates, fees, timestamps, order status, counterparty nicknames and, where Bybit provides them, verified real names of you and your counterparties.
- Payment data: your Paystack transaction reference, subscription status and payment dates. Card details never touch our servers; Paystack processes them.
- Telegram chat ID (Pro, optional): stored only if you connect the alert bot, used solely to send you the notifications you enabled, removable in Settings at any time.
- Bank statement rows (Pro, optional): if you use bank matching, the dates, amounts and descriptions of the credit rows you upload are stored to match them against your trades. We never receive statements from your bank directly, only the file you choose to upload, and you can delete all rows at any time.
- Referral data: which account referred you, if you signed up through a referral link.
- Security logs: login events, key changes, exports, with IP address and browser user agent.
3. How we use it
Solely to provide the service: syncing and storing your trade history, computing profit, generating the exports you request, securing your account, and processing your one-time payment. We do not sell data, run ads, or share trade records with anyone except the processors below.
4. Counterparty information
Order records from Bybit can include verified real names of trade counterparties. We treat these as sensitive personal data: they are never displayed on public pages, never used for marketing, and appear only inside your own authenticated dashboard exports, where you have a legitimate interest in records of your own transactions. If you are a counterparty and want your name removed from a user's records, contact p2prooff@gmail.com.
5. Processors we rely on
- Supabase (database and authentication)
- Vercel (application hosting)
- Cloudflare (scheduled sync infrastructure)
- Paystack (payments)
6. Retention and deletion
Trade records are kept for as long as your account exists; permanence is the point of the product. Deleting your account permanently removes your trades, API keys, cost basis entries, alerts, Telegram connection, uploaded bank rows and logs. Payment records remain in Paystack's systems as required for financial record-keeping.
7. Your rights
Under the NDPA you can request access, correction, deletion, or a copy of your data. The dashboard covers most of this directly (CSV export, account deletion). For anything else, email p2prooff@gmail.com; we respond within 30 days.
8. Security
Row-level security on every table, encrypted API credentials, HTTPS everywhere, audit logging of sensitive actions, and least-privilege access to production systems. No system is perfect; if a breach affects your data we will notify you and the Nigeria Data Protection Commission as the NDPA requires.
9. Changes
Material changes to this policy will be announced by email before they take effect.