PRIVACY POLICY

SUMMARY OF KEY POINTS

• What personal information do we process? We collect basic account information (name, email, phone), academic information for student verification, and transaction data for marketplace activities.
• Do we process any sensitive personal information? We process academic/student status information only when necessary for platform verification and with your explicit consent.
• Do we collect any information from third parties? We do not collect any information from third parties except through optional social media login integrations you choose to use.
• How do we process your information? We process your information to provide marketplace services, verify student status, facilitate transactions, communicate with you, for security and fraud prevention, and to comply with law.
• In what situations and with which parties do we share personal information? We share information only with payment processors, for legal compliance, during business transfers, and when you explicitly consent.
• How do we keep your information safe? We use industry-standard encryption, secure servers, and regular security audits. However, no electronic transmission can be guaranteed 100% secure.
• What are your rights? You can access, correct, delete your personal information, withdraw consent, and request data portability in accordance with applicable laws.
• How do you exercise your rights? Contact us at privacy.unia@gmail.com or through your account settings. We respond within 30 days.

TABLE OF CONTENTS

1. What information do we collect?
2. How do we process your information?
3. When and with whom do we share your personal information?
4. How do we handle your social logins?
5. How long do we keep your information?
6. How do we keep your information safe?
7. Do we collect information from minors?
8. What are your privacy rights?
9. Controls for Do-Not-Track features
10. Do other regions have specific privacy rights?
11. Do we make updates to this notice?
12. How can you contact us about this notice?
13. How can you review, update, or delete the data we collect from you?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us for account creation, student verification, and marketplace transactions.

We collect personal information that you voluntarily provide to us when you register on the Services, create listings, make purchases, express interest in our services, participate in activities on the Services, or contact us.

Basic Account Information:

• Full name
• Email address
• Phone number
• Username/display name
• Profile photo (optional)

Student Verification Information:

To maintain the integrity of our student-focused marketplace, we collect:

• Educational institution name
• Student ID number (encrypted and stored securely)
• Academic program/major
• Expected graduation year
• Student email address (for verification)
• Copy of student ID or enrollment verification (deleted after verification)

Note: Student verification documents are processed only for identity confirmation and are permanently deleted within 30 days of successful verification. We retain only a verification status flag, not the documents themselves.

Marketplace Activity Information:

• Product listings (titles, descriptions, photos, prices)
• Purchase and sales history
• Reviews and ratings
• Communication within the platform
• Location information for local transactions (city/region level only)

Payment Data

We collect minimal payment information necessary to process transactions. All sensitive payment data (card numbers, security codes) is handled exclusively by our payment processor, Paystack, and is never stored on our servers. We only retain transaction IDs and amounts for record-keeping. View Paystack's privacy policy: https://paystack.com/privacy.

Social Media Login Data

If you choose to register using social media accounts (Facebook, Google, etc.), we collect basic profile information (name, email, profile picture) as permitted by the social media platform. We do not access your social media content, friends lists, or private information.

Application Data & Permissions

• Camera Access (android.permission.CAMERA):
  • Taking photos of products for marketplace listings
  • Scanning student ID cards during verification process (photos are deleted after verification)
  • Not used for: Background recording, facial recognition, or biometric data collection
• Location Services (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION):
  • Showing local marketplace listings within your area
  • Approximate distance calculations for meetup locations
  • Location data is processed locally and only city/region is stored
  • Not used for: Tracking your movements, creating location history, or sharing precise location with other users
• Storage Access (READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE):
  • Selecting photos from your gallery for product listings
  • Temporarily storing photos before upload
  • Not used for: Accessing personal files, documents, or other apps' data
• Internet Access (INTERNET, ACCESS_NETWORK_STATE):
  • Core app functionality - browsing listings, messaging, transactions
  • Required for all marketplace operations
• Push Notifications:
  • Transaction confirmations and payment notifications
  • New messages from other users
  • Security alerts for your account
  • Optional promotional content (can be disabled in settings)

You can modify these permissions anytime through your device settings. Some features may be limited if permissions are revoked. We will request permissions only when needed and explain the purpose each time.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to operate our student marketplace, verify eligibility, facilitate transactions, prevent fraud, and improve our services.

Legal Basis for Processing (GDPR Compliance):

• Contractual Necessity: Account management, transaction processing, customer support
• Legitimate Interest: Security, fraud prevention, platform improvement
• User Consent: Marketing communications, optional features, analytics
• Legal Obligation: Compliance with applicable laws and regulations

We process your personal information for:

• Account Management: Creating and maintaining your account, authentication, and password recovery
• Student Verification: Confirming eligibility for our student-focused platform (processed locally when possible)
• Marketplace Operations: Displaying listings, processing transactions, managing communications between users
• Safety & Security: Preventing fraud, monitoring for suspicious activity, enforcing our terms of service
• Customer Support: Responding to inquiries, resolving disputes, providing technical assistance
• Platform Improvement: Analyzing usage patterns to enhance user experience and develop new features (anonymized data only)
• Legal Compliance: Meeting regulatory requirements and responding to valid legal requests
• Communication: Sending important updates, security alerts, and promotional content (with explicit consent)

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We only share information when necessary for service provision, legal compliance, or with your explicit consent.

We may share your information with:

• Payment Processors: Paystack processes payments on our behalf under strict data protection agreements
• Other Users: Your public profile information and listings are visible to other platform users
• Service Providers: Trusted third parties who assist with hosting, analytics, and customer support (under data processing agreements)
• Legal Authorities: When required by law, court order, or to protect safety and rights
• Business Transfers: In case of merger, acquisition, or sale of assets (with advance notice to users)

We never: Sell your personal information to third parties, share student verification documents, or provide access to private messages without legal requirement.

4. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: Social login is optional and only accesses basic profile information with your permission.

If you choose to register or log in using a social media account, we will receive limited profile information (typically name, email, and profile picture) from your social media provider. We use this information solely for account creation and authentication.

We do not access your social media posts, friends lists, or other private information. You can disconnect social media accounts from your UNIA profile at any time through your account settings.

Please review your social media provider's privacy settings to understand what information they may share with third-party applications.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We retain information only as long as necessary for service provision and legal requirements.

Retention Periods:

• Active Accounts: Data retained while your account is active and for 2 years after deactivation
• Student Verification Documents: Deleted within 30 days after successful verification
• Transaction Records: Retained for 7 years for accounting and legal purposes
• Communication Logs: Retained for 1 year for dispute resolution
• Marketing Communications: Deleted immediately upon unsubscribe request

When retention periods expire or when we no longer have a legitimate business need, we securely delete or anonymize your personal information. Some information may be retained longer if required by law or for legitimate business purposes (fraud prevention, legal claims).

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We implement comprehensive security measures but cannot guarantee absolute security.

Our Security Measures Include:

• End-to-end encryption for sensitive data transmission
• Secure data centers with 24/7 monitoring
• Regular security audits and penetration testing
• Employee background checks and security training
• Multi-factor authentication for administrative access
• Automatic security updates and patches

Despite our security measures, no system is completely secure. We recommend using strong, unique passwords and enabling two-factor authentication on your account. Report any suspicious activity immediately to security@unia.com.

7. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from anyone under 18 years of age and have multiple safeguards in place to prevent this.

Age Verification Measures:

• Users must confirm they are at least 18 years old during registration
• Student verification requires university/college enrollment (typically 18+)
• Account creation requires valid adult email addresses
• Regular auditing of user accounts for compliance

If We Discover Minor's Data:

• Immediate account deactivation
• Complete data deletion within 48 hours
• Notification to Google Play if required
• Review of verification processes

Our platform is specifically designed for university and college students who are typically 18 or older. We do not knowingly collect, solicit, or market to individuals under 18.

Report Underage Users: If you become aware of any data we may have collected from minors, please contact us immediately at privacy.unia@gmail.com with subject line "URGENT: Minor Data Report".

8. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You have comprehensive rights over your personal information, including access, correction, deletion, and data portability.

Your Rights Include:

• Access: Request a copy of all personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Data Portability: Receive your data in a portable format
• Consent Withdrawal: Withdraw consent for processing at any time
• Objection: Object to certain types of processing
• Restriction: Request limitation of processing in certain circumstances

How to Exercise Your Rights:

• Email us at privacy.unia@gmail.com
• Use the privacy controls in your account settings
• Contact our support team through the app

We will respond to all requests within 30 days and may require identity verification for security purposes. Some rights may be limited by applicable law or legitimate business interests.

Account Management:

You can update most of your information directly through your account settings. To delete your account, contact us or use the account deletion option in settings. Upon deletion, we will remove your personal information but may retain some data for legal compliance or fraud prevention.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers include a Do-Not-Track ("DNT") feature that signals your privacy preference. Currently, there is no uniform technology standard for recognizing and implementing DNT signals, so we do not respond to DNT browser signals.

However, you can control tracking through your browser settings, ad blockers, and our privacy controls in your account settings. We are committed to implementing DNT support if a universal standard is established.

10. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: You may have additional rights based on your country of residence.

Ghana (Primary Jurisdiction)

As a Ghana-based platform, we comply with the Data Protection Act, 2012 (Act 843). You have rights to access, correct, and delete your personal information. To file a complaint, contact the Data Protection Commission Ghana.

European Union (GDPR)

If you are an EU resident, you have additional rights under GDPR including data portability, right to be forgotten, and the right to lodge complaints with supervisory authorities.

Australia and New Zealand

We comply with Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. You can file complaints with the Office of the Australian Information Commissioner or Office of New Zealand Privacy Commissioner.

Republic of South Africa

We comply with the Protection of Personal Information Act (POPIA). For complaints, contact The Information Regulator (South Africa) at enquiries@inforegulator.org.za.

11. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we update this notice as necessary to stay compliant with relevant laws and reflect changes in our practices.

We review and may update this Privacy Notice periodically. The "Last updated" date at the top indicates the most recent revision. For material changes, we will:

• Send email notifications to registered users
• Display prominent notices in the app
• Require acknowledgment for significant changes
• Provide a 30-day notice period before implementing major changes

We encourage you to review this Privacy Notice regularly to stay informed about how we protect your information.

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions, concerns, or requests regarding this privacy notice, you can contact us:

We aim to respond to all privacy-related inquiries within 5 business days and formal requests within 30 days as required by applicable law.

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have multiple options to manage your personal information:

Self-Service Options:

• Log into your account settings to update profile information
• Use the "Download My Data" feature to export your information
• Manage privacy preferences and communication settings
• Delete specific listings or transaction history

Contact Us:

• Email privacy.unia@gmail.com for complex requests
• Use the in-app support feature
• Submit requests through our website contact form

What You Need to Provide:

• Your full name and email address
• Specific details about your request
• Verification of your identity (for security purposes)

We will process your request within 30 days and may need to verify your identity for security purposes. Some information may be retained for legal compliance, fraud prevention, or legitimate business purposes even after deletion requests.