Skip to main content

โ† Back to Home

Privacy Policy

Last updated: January 31, 2026

1. Introduction

AfroSynergy ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform, in compliance with applicable data protection laws including the GDPR (EU/UK), NDPR (Nigeria), POPIA (South Africa), and other regional regulations.

2. Definitions

  • Personal data / personal information: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure, erasure, etc.).
  • Data controller: The entity that determines the purposes and means of processing.
  • Data processor: An entity that processes personal data on behalf of the controller.
  • Data subject: The identified or identifiable natural person to whom the personal data relates.
  • Consent: Freely given, specific, informed, and unambiguous indication of the data subject's agreement to processing.

3. Data Controller

AfroSynergy is the data controller for the personal data we collect through the Platform. Our registered address and contact details are published on our website. For processing carried out by payment processors, verification providers, or other service providers, we act as controller for the data we share with them; they act as processors under data processing agreements.

4. Information We Collect

4.1 Information You Provide

  • Account information (name, email, phone number, password)
  • Business and stakeholder information (company name, registration details, profile type: SME, investor, talent, consultant, government, diaspora)
  • Identity and verification data (ID, business certificates, video verification recordings where used)
  • Financial and payment information for transactions, subscriptions, and escrow
  • Deal and project data (milestones, documents, participant details, activity)
  • Messaging content and file attachments (within conversations and deal rooms)
  • Communications and support requests
  • Profile information, preferences, and notification settings (including push subscription tokens if you enable push)
  • Survey and feedback responses (e.g. NPS) where you choose to participate

4.2 Automatically Collected Information

  • Device and browser information (type, version, language)
  • IP address and approximate location (country/region)
  • Usage patterns (pages visited, features used, time spent)
  • Cookies and similar tracking technologies (see our Cookie Policy)
  • Performance data and error logs (for stability and security)
  • Referral source (e.g. how you arrived at the Platform)

Where required by law (e.g. GDPR, NDPR), we process your personal data on one or more of the following bases:

  • Contract: Processing necessary to perform our contract with you (e.g. account management, transactions, support).
  • Legitimate interests: Processing necessary for our legitimate interests (e.g. fraud prevention, security, analytics) where not overridden by your rights.
  • Consent: Where we have obtained your consent (e.g. marketing, non-essential cookies). You may withdraw consent at any time.
  • Legal obligation: Processing necessary to comply with law (e.g. tax, AML, sanctions screening).

6. How We Use Your Information

We use your information to:

  • Provide and improve our services (opportunities, matching, deal rooms, escrow, projects, messaging)
  • Verify identities, run KYC/AML and sanctions checks, and prevent fraud
  • Process transactions, payments, subscriptions, and escrow
  • Facilitate e-signatures and video verification where you use those features
  • Send in-app, push (if enabled), and email notifications
  • Comply with legal and regulatory obligations
  • Match you with relevant opportunities and partners (including AI-based matching)
  • Analyze platform usage and optimize performance (with consent where required)
  • Provide customer support and handle refund or dispute requests

7. Information Sharing

We share information with:

  • Other users: Profile and deal/project information as needed for introductions, deal rooms, and collaboration
  • Verification and screening providers: For identity, KYC, and sanctions screening (as described in our Compliance Framework)
  • Payment processors: Stripe (cards, subscriptions, escrow); Paystack and Flutterwave (African payments, including mobile money where available)
  • E-signature and document providers: Dropbox Sign (HelloSign) for document signing flows
  • Video and communications: Providers used for video verification or calls (e.g. Daily) where you use those features
  • Service providers: Supabase (auth, database, storage), Resend (transactional email), Vercel (hosting), Sentry (error and performance monitoring), PostHog (analytics, where consent is given)
  • Legal and regulatory authorities: When required by law or to prevent fraud or harm

Our Commitment: We never sell your personal information to third parties.

8. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Secure data centers with redundancy
  • Employee security training and background checks

However, no system is completely secure, and we cannot guarantee absolute security of your information.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide services. We may retain certain information longer for legal, regulatory, or security purposes:

  • Account data: Duration of account + 7 years
  • Transaction records: 7 years (regulatory requirement)
  • Verification documents: 7 years
  • Communications: 3 years
  • Marketing data: Until opt-out + 30 days

10. Your Rights

You have the right to:

  • Access: Request a copy of your personal information
  • Correct: Update inaccurate information
  • Delete: Request deletion of your account and data
  • Export: Download your data in machine-readable format
  • Opt-out: Unsubscribe from marketing communications
  • Restrict: Limit certain processing activities
  • Object: Object to processing based on legitimate interests

For privacy-related requests or questions, submit an inquiry.

11. International Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States and European Union. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (EU)
  • Data Processing Agreements
  • Privacy Shield equivalent mechanisms

12. Regional Compliance

We comply with applicable data protection laws in the regions we serve, including:

  • GDPR (EU/UK): Lawful basis, data subject rights, DPO, breach notification, international transfer safeguards.
  • NDPR (Nigeria): Lawful processing, consent, data subject rights, registration with NITDA where required.
  • POPIA (South Africa): Conditions for lawful processing, information officer, data subject rights.
  • Kenya Data Protection Act: Registration, consent, and data subject rights.
  • Ghana Data Protection Act: Registration, lawful processing, and data subject rights.

13. Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay (and where required, within 72 hours of becoming aware of the breach). We will also notify you without undue delay where the breach is likely to result in a high risk to you. Notifications will describe the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach.

14. Children's Privacy

Our services are not intended for individuals under 18 years of age. By creating an account, you confirm that you are at least 18 years old. We do not knowingly collect information from children. If we discover we have collected information from a child, we will delete it promptly.

15. Cookies and Tracking

We use cookies and similar technologies to improve your experience. See our Cookie Policy and Cookie Settings for details and to manage preferences.

16. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or platform notification at least 30 days before they take effect.

17. Data Protection Officer and Supervisory Authority

If you are in the EU/UK or another jurisdiction that requires a designated data protection contact, you may contact our Data Protection Officer via the contact form, selecting "Privacy / Data Protection". You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data infringes applicable law. In Nigeria, you may contact the National Information Technology Development Agency (NITDA); in the EU/UK, your local data protection authority.

18. Contact

For privacy-related inquiries, to exercise your rights (access, correction, deletion, portability, restriction, objection), or to report a concern, submit an inquiry. We aim to respond within 30 days. You may also manage your preferences and data from your account settings and our data protection portal where available.