Mushrooms — verified flats and flatmates in Nigeria
Get In!

Privacy Policy

Last updated: April 19, 2026

Mushrooms ("we", "us", "our") operates the mushrooms.ng platform. This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and your rights regarding your data.

We take data protection seriously. Every piece of data we collect serves a specific purpose — verification, matching, payment processing, or platform safety. We do not sell your data.

1. What We Collect

Account & Identity Data

When you create an account, we collect:

  • Name, email address, and phone number
  • Date of birth and gender
  • Employment status
  • Account type (email signup or Google Sign-In)

Identity Verification Data

To prevent fraud, we require identity verification for hosts and encourage it for seekers. This includes:

  • National Identification Number (NIN) — verified through SmileID or Mono. We store a hashed version of your NIN, not the raw number.
  • Selfie photo — captured live through the app for identity matching.
  • Government-issued ID — voter's card or driver's license, reviewed by our team.

Profile & Preference Data

To match you with compatible flatmates and relevant listings, we collect:

  • Bio text and lifestyle preferences (sleep schedule, noise tolerance, guest policy)
  • Cleanliness score, smoking and pet tolerance
  • Preferred flatmate gender and age range
  • Budget range and move-in timeline
  • Dealbreakers from past living experiences

Location Data

We collect location data to verify properties and match you with nearby listings:

  • GPS coordinates — captured during property listing to verify the host is physically at the address. Accurate to within 500 metres.
  • Preferred zones — up to 3 neighbourhoods you select as your target areas.
  • Workplace address (optional) — used to calculate commute times via Mapbox isochrone API.
  • Property street address — collected from hosts. Never shown publicly. Only revealed to seekers after escrow payment.

Financial Data

We process payments through Paystack. We collect:

  • Transaction references, amounts, and status
  • Bank account details (account number, bank name, account holder name) — for host payouts. Full account number is used during verification; only the last 4 digits are stored in payout records.
  • Escrow amounts and release schedules
  • Utility expense logs (category, amount, optional receipt photo)

Media

Photos and videos uploaded to the platform are stored on Cloudinary:

  • Profile photos (uploaded or live-captured)
  • Listing photos — with embedded GPS coordinates and capture timestamps
  • Identity documents (stored in private folders)
  • Dispute evidence photos

Usage & Activity Data

  • Listing views, saved listings, and match interactions
  • Compatibility scores and factor breakdowns (used to improve matching)
  • Booking history (viewing dates, modes, cancellations)
  • Request pipeline status (from viewing deposit to move-in confirmation)
  • Device identifier associated with uploaded media

2. How We Use Your Data

Verification & Trust

NIN, selfie, and GPS data are used to verify that hosts are real people at real properties. This protects seekers from fraud.

Matching & Recommendations

Profile preferences, location, and budget data are used to score compatibility between flatmates and rank listings by relevance.

Payment Processing

Financial data is used to process viewing deposits, escrow payments, and host payouts through Paystack.

Safety & Disputes

Activity logs and evidence photos are used to investigate disputes and enforce platform rules.

Legal Agreements

Names, addresses, and payment details are included in auto-generated tenancy agreements for each booking.

Communications

Email addresses are used to send transactional emails (OTP codes, booking confirmations, verification updates) via Brevo.

3. Who We Share Data With

We do not sell your personal data. We share data only in these cases:

With Other Users

  • Seekers see: host's display name, profile photo, listing photos, FAQ answers, viewing schedule, and verification badge. Street address is only revealed after escrow payment.
  • Hosts see: seeker's display name, profile photo, age, gender, employment, lifestyle tags, and budget range — only after the seeker pays a viewing deposit.
  • Matched flatmates see: each other's full profile data including contact information.

With Service Providers

We use third-party services to operate the platform. Each provider only receives the minimum data needed for their function. See Section 4 for details.

With Law Enforcement

We may disclose data if required by Nigerian law or in response to valid legal process (court orders, subpoenas).

4. Third-Party Services

Firebase (Google)

Authentication (email, password, Google Sign-In), database (Cloud Firestore), and session management. Data stored on Google Cloud infrastructure.

Paystack

Payment processing for viewing deposits, escrow payments, and host payouts. Paystack receives your email, payment amount, and bank account details. Paystack is PCI-DSS compliant.

Cloudinary

Image and video storage for all uploaded media — profile photos, listing photos, identity documents, and dispute evidence. Identity documents are stored in private folders with restricted access.

SmileID / Mono

NIN verification providers. Your NIN is submitted for verification; we store a hashed reference and the verification status, not the raw NIN number.

LocationIQ

Reverse geocoding — converts GPS coordinates into readable addresses. Used during property listing to verify location.

Mapbox

Commute isochrone calculation. If you set a workplace address, Mapbox generates a "reachable within N minutes" polygon. One API call per user per 24 hours, cached server-side.

Brevo

Transactional email delivery — OTP codes, booking confirmations, verification status updates, and welcome emails.

5. Data Storage & Security

  • All data is stored on Google Cloud infrastructure (via Firebase Firestore) with encryption at rest and in transit.
  • Identity documents are stored in private Cloudinary folders with restricted access — only accessible to authorised admin team members during manual review.
  • NIN numbers are hashed before storage. We do not store raw NIN numbers.
  • Bank account numbers are used during Paystack verification but only the last 4 digits are retained in payout records.
  • Property street addresses are never displayed publicly. They are only revealed to seekers after escrow payment is confirmed.
  • Admin actions are logged in an audit trail with timestamps, the admin's identity, and before/after values.

6. Your Rights

Under the Nigeria Data Protection Regulation (NDPR), you have the right to:

Access

Request a copy of all personal data we hold about you.

Correction

Request correction of inaccurate or incomplete data.

Deletion

Request deletion of your account and associated data. Email privacy@mushrooms.ng from your registered address. Our team verifies the request and processes it within 7 business days. Personal data (profile, photos, identity documents) is permanently wiped; financial records (payments, escrow, payouts) are anonymized but retained for 7 years to meet Nigerian tax and audit requirements. Open escrow, active disputes, and pending payouts must be resolved before deletion can proceed.

Objection

Object to processing of your data for specific purposes.

To exercise any of these rights, email us at privacy@mushrooms.ng. We will respond within 30 days.

7. Cookies & Local Storage

Mushrooms uses browser local storage (IndexedDB) to maintain your authentication session. We do not use third-party tracking cookies or advertising pixels.

  • Session persistence — Firebase Auth uses IndexedDB to keep you logged in between visits.
  • State management — user preferences, explore filters, and feed cache are stored locally and cleared on logout.

We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.

8. Children's Privacy

Mushrooms is not intended for anyone under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or an in-app notification. Continued use of the platform after changes constitutes acceptance.

10. Contact Us

For privacy-related questions or to exercise your data rights:

Mushrooms Housing Ltd

Email: privacy@mushrooms.ng

Lagos, Nigeria