Privacy Policy
This Privacy Policy explains how The Grill Hype and its publication The Grill Hype (“The Grill Hype,” “we,” “us,” or “our”) collect, use, share, and protect your personal information when you visit our website, read our journalism, create an account, subscribe to our newsletter, or otherwise interact with our services (collectively, the “Services”).
1. Who we are
The Grill Hype is a digital culture, PR, and entertainment publication operated by The Grill Hype. For the purposes of the NDPA and GDPR, The Grill Hype is the data controller of the personal information described in this Policy. You can reach us at legal@thegrillhype.com.
2. Information we collect
2.1 Information you give us
- Account information. When you create an account, we collect your email address, your display name (optional), and a password. Passwords are never stored in readable form - they are kept only as a salted bcrypt hash. You may also add a profile avatar.
- Sign in with Google. If you choose Google sign-in, Google shares a basic profile (your email address, name, and a Google account identifier) with us so we can create or match your account. We do not receive your Google password.
- Newsletter and marketing. If you subscribe to our newsletter or opt in to marketing, we collect your email address and your consent choice (including the date it was given or withdrawn).
- Content you submit. Comments, replies, likes, and saved articles are linked to your account. Comments are public and are displayed with your display name.
- Communications. If you email us or apply to contribute, we keep the contents of that correspondence.
2.2 Information we collect automatically
- Session and security data. To keep you signed in and to protect accounts, we record session records that include your IP address, your browser/device user-agent, and session timestamps.
- Reading analytics. When an article is viewed we record the
view to power view counts and “trending” rankings. For
signed-out readers we deduplicate views using a one-way, daily-rotating
fingerprint derived from your IP address and user-agent (
sha256(IP + user-agent + date)); we do not store your raw IP against these view records, and the fingerprint cannot be reversed back to you. - Abuse prevention. We apply rate limiting keyed to IP addresses, and we use Google reCAPTCHA to distinguish humans from bots on sign-up and sign-in.
- Diagnostics. If something breaks, our error-monitoring tool may capture technical details about the error, including your IP address, device, and the page you were on.
2.3 Cookies and local storage
We keep our use of cookies deliberately minimal. We do not use advertising cookies, third-party ad trackers, or cross-site behavioural profiling. We use:
| Name | Type | Purpose |
|---|---|---|
__access / __refresh | Strictly necessary | Keep you securely signed in. Set as HttpOnly, Secure, and SameSite=Strict. If you do not select “remember me,” they are cleared when you close your browser. |
forge:dark-mode | Preference (local storage) | Remembers your light/dark theme choice. Stays on your device. |
| Google reCAPTCHA | Security (third party) | Set by Google to tell humans from bots. Governed by Google’s policies. |
| Sentry Session Replay | Analytics & diagnostics (off by default) | Records an anonymised replay of your session to help us diagnose bugs. Off unless you switch on “Analytics & diagnostics” in our cookie banner. Our error monitoring itself runs at all times under our legitimate interest in a secure, reliable service; only Session Replay depends on your consent. |
Strictly necessary cookies do not require consent. You can clear cookies and local storage at any time through your browser settings, though doing so will sign you out.
When you first visit, a cookie banner lets you Accept all, Reject non-essential, or Customise your
choice by category. You can change or withdraw your consent at any time by
selecting “Cookie settings” in the site footer. Your choice
is stored on your device (in local storage under forge:consent)
and is not transmitted to our servers.
2.4 Information we do not collect
We do not collect payment card details (the Services are free to read), we do not knowingly collect sensitive categories of data (such as health, biometric, or religious-belief data about you personally), and we do not buy personal data about you from data brokers.
3. How and why we use your information
The table below maps each purpose to the legal basis we rely on.
| Purpose | Legal basis (NDPA / GDPR) |
|---|---|
| Create and manage your account; sign you in; keep you signed in | Performance of a contract with you |
| Send account emails - verification, password reset, security notices | Performance of a contract; our legitimate interest in account security |
| Display your comments and let you like/save articles | Performance of a contract |
| Send the newsletter and marketing emails | Your consent (which you may withdraw at any time) |
| View counts, trending rankings, and aggregate readership insight | Legitimate interest in understanding and improving our journalism |
| Rate limiting, reCAPTCHA, fraud and abuse prevention, security | Legitimate interest in protecting users and the Services; legal obligation |
| Diagnose errors and maintain the platform | Legitimate interest in a reliable, secure service |
| Comply with law and respond to lawful requests | Compliance with a legal obligation |
Where we rely on legitimate interests, we have weighed those interests against your rights and freedoms. You may object to that processing as described in Section 10.
4. Service providers and who we share with
We do not sell your personal information and we do not share it for cross-context behavioural advertising. We share information only with vetted service providers (data processors) who act on our instructions, and where the law requires it. Our key providers are:
| Provider | Role | Data involved |
|---|---|---|
| MongoDB (Atlas) | Primary database | Account, comments, interactions |
| Vercel | Hosting and content delivery | Request/log data, IP |
| Sanity | Editorial content management | Published articles and media |
| Upstash (Redis) | Rate limiting and view deduplication | IP-derived keys, fingerprints |
| Brevo | Newsletter delivery | Subscriber email |
| Resend / Zeptomail | Transactional email (verification, resets) | Email address, message contents |
| Sign-in (OAuth) and reCAPTCHA | OAuth profile, reCAPTCHA signals | |
| Sentry | Error monitoring | Technical diagnostics, IP |
| Asset/media storage (CDN) | Serving images and uploaded files | Avatars and media |
We may also disclose information to comply with a valid legal request, to enforce our Terms of Use, to protect the rights, safety, or property of our users or the public, or in connection with a corporate transaction such as a merger or acquisition (in which case we will notify you).
5. International data transfers
The Grill Hype is based and operated in Nigeria, but several of our service providers process data in the United States and the European Union. That means your personal information may be transferred to, and processed in, countries outside Nigeria whose data-protection laws may differ from Nigeria’s.
When we transfer personal data out of Nigeria, we rely on the safeguards permitted by the NDPA 2023 - including transfers to countries the Nigeria Data Protection Commission (NDPC) recognises as providing adequate protection, or, in their absence, appropriate contractual protections and your informed consent where required. For onward transfers involving EU/UK data we also use the European Commission’s Standard Contractual Clauses (and the UK Addendum) or an equivalent safeguard. You may request a copy of the relevant safeguard by emailing legal@thegrillhype.com.
6. How long we keep your information
- Account data is kept while your account is active and for a reasonable period afterward, then deleted or anonymised.
- Sessions expire automatically and are removed by a time-to-live rule once past their absolute expiry.
- Verification and password-reset tokens are short-lived and auto-expire.
- View-deduplication fingerprints rotate daily and are retained only for the deduplication window.
- Newsletter data is kept until you unsubscribe.
- Comments may remain visible after account closure unless you ask us to remove them; we may retain limited records where the law requires.
7. How we protect your information
We apply technical and organisational measures appropriate to the risk, including: bcrypt password hashing; storing verification and refresh tokens only as hashes; HttpOnly, Secure, SameSite=Strict session cookies; refresh-token rotation with reuse detection; rate limiting and reCAPTCHA; and encryption in transit (HTTPS). No system is perfectly secure, but if a breach affects your rights we will notify you and the relevant regulator (including the NDPC) within the timeframes required by law.
8. Children’s privacy
The Services are not directed to children. You must be at least 18 years old, or the age of majority where you live, to create an account. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.
9. Third-party links
Our articles may link to third-party sites and embed third-party media. We do not control those services and are not responsible for their privacy practices. Review their policies before providing information.
10. Your rights and choices
Subject to local law and verification of your identity, you can ask us to do any of the following. To exercise a right, email legal@thegrillhype.com. We will respond within the timeframe the applicable law requires and will not discriminate against you for exercising your rights.
Everyone
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information (you can edit much of this on your account page).
- Delete your account and associated personal data.
- Withdraw consent - unsubscribe from the newsletter at any time using the link in every email or your account settings.
Nigeria (NDPA 2023 / NDPR)
If you are in Nigeria, you have the rights to access, rectification, erasure, restriction of processing, objection, and data portability, and the right not to be subject to a decision based solely on automated processing that significantly affects you. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe we have not handled your data lawfully. We make decisions about your content and account through human-reviewable systems and do not use solely automated decision-making that produces legal effects on you.
European Union / United Kingdom (GDPR)
You have the rights to access, rectification, erasure, restriction, portability, and objection (including objection to processing based on legitimate interests and to direct marketing). You may also lodge a complaint with your local supervisory authority.
California (CCPA/CPRA)
California residents have the rights to know, delete, and correct personal information, and to opt out of “sale” or “sharing.” We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we do not use or disclose sensitive personal information beyond the purposes permitted without a right to limit. You may exercise these rights yourself or through an authorised agent.
11. Changes to this Policy
We may update this Policy from time to time. When we make material changes we will revise the “Last updated” date above and, where appropriate, notify you by email or through the Services. Your continued use after an update means you accept the revised Policy.
12. Contact us
Questions, requests, or complaints about this Policy or your data:
- Email: legal@thegrillhype.com
- The Grill Hype: Olu Awotesu, Lifecamp II, Abuja, FCT, Nigeria
If you are in Nigeria and are not satisfied with our response, you may also contact the Nigeria Data Protection Commission.
Recommended for you