Privacy Policy

SupaKera Ltd ("we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our mobile applications, or otherwise interact with our services (collectively, the "Platform").

This Privacy Policy is designed to comply with the stringent requirements of the Data Protection Act, 2012 (Act 843) of the Republic of Ghana, as well as taking into consideration global best practices such as the General Data Protection Regulation (GDPR).

1. Data Controller

SupaKera Ltd acts as the Data Controller. We are registered with the Ghana Data Protection Commission (DPC) (Registration No: [Pending/G-DPC-REG-XXXXX]). Our processing of personal data is founded on the core principles of Act 843: accountability, lawfulness of processing, specification of purpose, compatibility of further processing with purpose of collection, quality of information, openness, data security safeguards, and data subject participation.

2. Information We Collect

We collect information in the following ways to provide and improve our services to you:

2.1 Information You Provide to Us

• Account Registration Data: Full name, email address, mobile phone number, and a secure password.
• Profile Information: Saved delivery addresses (home, work, etc.), profile pictures, and communication preferences.
• Payment Information: Credit/debit card details, Mobile Money numbers. Please note that exact card numbers are processed directly by our secure, PCIe-compliant third-party payment processors (e.g., Paystack), and we only store tokenized or partial data.
• Communications: Messages you send to us, Merchants, or Kera Riders through our in-app chat, or emails directed to our customer support.

2.2 Information We Collect Automatically

• Geolocation Data: With your explicit consent, we track your device's precise GPS location to facilitate order delivery, provide accurate ETAs, and help Kera Riders navigate to your specific "digital address" in Ghana.
• Usage Data: Information about your interactions with the Platform, including pages visited, products viewed, order history, timestamps, and search queries.
• Device Information: Hardware model, operating system version, unique device identifiers, IP address, and mobile network information.

2.3 Information from Third Parties

We may receive information about you from external sources, such as our payment processors updating us on transaction statuses, or authentication services if you choose to log in via platforms like Google or Apple.

3. Legal Basis and Purpose of Processing

Under Section 18 of the Data Protection Act (Act 843), we must have a lawful basis for processing your data. We process your data for the following purposes:

• Contractual Necessity: To process your orders, facilitate payments, and arrange for delivery by Kera Riders.
• Legal Obligation: To maintain financial records for tax authorities, such as the Ghana Revenue Authority (GRA), and to comply with statutory anti-fraud regulations.
• Consent: For using precise location tracking and sending promotional marketing materials. You can withdraw this consent at any time.
• Legitimate Interests: To improve our platform, conduct data analysis, enhance security measures, and prevent fraud.

4. How We Share Your Information

We do not sell your personal data. We disclose your information only in the following circumstances:

• With Merchants: We share your first name, order details, and special instructions so the Merchant can prepare your items.
• With Kera Riders: We share your name, phone number, and precise delivery location so the Rider can deliver your order and contact you if necessary.
• With Service Providers: We engage trusted third-party vendors for payment processing, cloud hosting, SMS delivery, and data analytics. These processors are contractually bound to safeguard your data.
• For Legal Reasons: We may share information when required by law, subpoena, or other legal process by Ghanaian authorities (e.g., National Communications Authority, Ghana Police Service), or to protect our rights and the safety of our Users and partners.

5. Data Retention

We retain personal information for as long as your account is active or as needed to provide you services. We will also retain and use your information as necessary to comply with our legal obligations in Ghana. For instance, financial transaction data is kept for a minimum of seven (7) years to comply with GRA requirements, after which it is securely anonymized or deleted.

6. Security of Your Information

In accordance with Section 28 of Act 843, we implement robust, industry-standard technical and organizational security measures to protect your personal data from unauthorized access, accidental loss, destruction, or alteration. This includes end-to-end encryption (HTTPS/TLS), encrypted database fields, regular vulnerability scanning, and strict access controls for our personnel.

7. Your Data Protection Rights

As a data subject in Ghana, you are endowed with specific rights under the Data Protection Act:

• Right to Access: You can request a copy of the personal information we hold about you.
• Right to Correction: You can request that we correct incomplete or inaccurate data.
• Right to Deletion: You can request that we delete your account and associated personal data, subject to our legal retention requirements.
• Right to Prevent Processing: You can object to data processing for direct marketing purposes.
• Right to Complain: If you believe our processing infringes data protection laws, you have the right to lodge a formal complaint with the Ghana Data Protection Commission.

To exercise any of these rights, please email us at dpo@supakera.com. We will respond to your request within the legally mandated timeframe.

8. International Data Transfers

SupaKera operates primarily in Ghana. However, some of our service providers (like cloud infrastructure hosts) may be located outside Ghana. In compliance with Section 47 of Act 843, any cross-border transfer of data is done ensuring that the receiving jurisdiction possesses adequate data protection laws, or through standard contractual clauses ensuring equal protection.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last Updated" date. If we make material changes, we may notify you either by prominently posting a notice of such changes on the Platform or by directly sending you a notification.

10. Contact Us

If you have questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact our Data Protection Officer: