Privacy Policy

We are committed to protecting your privacy. We collect only what we need, use it to operate and improve our platform, and never sell your personal data to third parties.

This Policy applies to all users of AfroTransact — buyers and sellers — accessing our website at afrotransact.com, our mobile apps, and any related services.

A. Information You Provide

• Account data: Name, email address, phone number, password (hashed)
• Profile data: Delivery address(es), profile photo
• Seller data: Business name, Tax ID (EIN/SSN), store details, bank account information (collected and held by Stripe, not us)
• Communications: Messages to our support team, order notes
• User content: Product reviews, ratings, photos you upload

B. Information Collected Automatically

• Usage data: Pages visited, searches performed, products viewed, time on platform
• Device data: IP address, browser type and version, operating system, device identifiers
• Location data: General location derived from IP address; precise location only if you grant permission
• Cookies and similar technologies: See Section 6

C. Information from Third Parties

• Stripe: Payment status confirmations, tokenized payment method identifiers
• Keycloak (Identity Provider): Authentication tokens, login events
• Social login: If you connect a Google or Apple account, we receive your name and email

We use your information to:

• Create and manage your account and provide our services
• Process transactions and send order confirmations, receipts, and delivery updates
• Connect buyers with local immigrant-owned sellers
• Calculate and apply applicable taxes
• Communicate with you about your account, orders, and support requests
• Send marketing emails about promotions or new features (you may opt out at any time)
• Improve, personalize, and develop our platform and services
• Detect fraud, prevent abuse, and enforce our Terms of Service
• Comply with legal obligations (e.g., tax reporting, law enforcement requests)

We do not sell your personal data. We share information only in the following circumstances:

• With sellers: Your name, delivery address, and phone number are shared with the seller(s) you order from, solely to fulfill your order
• Service providers: Stripe (payments), Resend (email), AWS (hosting), Elasticsearch (search). These processors act on our behalf and are bound by data processing agreements
• Legal requirements: When required by law, court order, or government authority
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets
• With your consent: For any other purpose with your explicit consent

AfroTransact never stores, processes, or has access to your payment card details. All payment information is collected via Stripe's certified PCI DSS Level 1 infrastructure through a secure, encrypted iframe (Stripe Elements) that communicates directly between your browser and Stripe.

We receive from Stripe only: a non-sensitive payment confirmation, a tokenized payment method identifier, and the last four digits of your card for display purposes.

For sellers, Stripe Connect collects and stores bank account information for payouts. This data is held by Stripe under their privacy policy and is not stored on AfroTransact servers.

We use the following types of cookies and similar technologies:

You can control cookies through your browser settings. Disabling essential cookies may prevent the platform from functioning correctly.

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

• Account data: Retained for the lifetime of your account plus 3 years after closure
• Order data: Retained for 7 years for tax and legal compliance
• Marketing preferences: Until you unsubscribe or request deletion
• Server logs: 90 days rolling retention
• Payment records: 7 years (legal/tax requirement)

You may request deletion of your account and personal data at any time (subject to our legal retention obligations) by contacting privacy@afrotransact.com.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Opt-out of marketing: Unsubscribe from marketing emails via the link in any email or in account settings
• Do Not Track: We respect browser DNT signals for analytics tracking

To exercise these rights, contact us at privacy@afrotransact.com. We will respond within 30 days.

We implement industry-standard security measures to protect your data, including:

• TLS encryption for all data in transit (HTTPS enforced)
• AES-256 encryption for sensitive data at rest
• JWT authentication with RS256 signature verification
• Role-based access controls limiting employee data access
• Regular security audits and penetration testing
• Strict Content Security Policy (CSP) headers
• Payment data handled exclusively by Stripe (PCI DSS Level 1 certified)

Despite our best efforts, no security system is impenetrable. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

Our services are not directed to persons under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us personal information, we will delete it promptly. If you believe a child has provided us information, contact privacy@afrotransact.com.

AfroTransact operates from the United States. If you access our platform from outside the US, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using the Platform, you consent to the transfer and processing of your information in the United States.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you additional rights:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (with exceptions)
• Right to opt-out of the sale or sharing of personal information
• Right to non-discrimination for exercising your privacy rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

We do not sell personal information as defined under the CCPA. To submit a verifiable consumer request, contact us at privacy@afrotransact.com.

We may update this Privacy Policy periodically. We will notify you of material changes by email or in-app notification and update the effective date above. Your continued use of the Platform after such notice constitutes acceptance of the updated policy.

For privacy-related questions, requests, or concerns: