1. Overview

Arfric Inc ("Arfric", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use the Arfric mobile application and related services.

By using Arfric, you agree to the practices described in this Privacy Policy. If you do not agree, please stop using our services and contact us to delete your account.

This policy applies to all users globally and is designed to comply with:

  • EU/UK General Data Protection Regulation (GDPR)
  • Ghana Data Protection Act, 2012 (Act 843)
  • Nigeria Data Protection Regulation (NDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable national and regional privacy laws

2. Data We Collect

2.1 Information You Provide

Data TypeExamplesRequired?
Account InformationName, email address, username, passwordYes
Profile InformationProfile photo, bio, location, phone numberOptional
ContentPosts, photos, videos, comments, messagesUser-generated
Payment InformationBilling details (processed by third-party payment providers)If applicable
CommunicationsSupport requests, feedback, survey responsesWhen submitted

2.2 Data Collected Automatically

Data TypePurpose
Device InformationDevice model, OS version, unique device identifiers
Log DataIP address, access times, pages viewed, app crashes
Location DataApproximate location (with permission) for local features
Usage DataFeatures used, content interacted with, time spent
Cookies & IdentifiersSession tokens, analytics identifiers (see Section 12)

3. How We Use Your Data

We use your personal data only for the purposes described below and no other purpose without your consent:

  • Providing and improving the Service — operating the app, personalising your experience, and developing new features.
  • Account management — creating and maintaining your account, authentication, and security.
  • Communications — sending service notices, responding to support requests, and (with consent) marketing messages.
  • Safety and moderation — detecting fraud, abuse, or violations of our community guidelines.
  • Analytics — understanding how users interact with the app to improve performance and usability.
  • Legal compliance — meeting obligations under applicable laws and regulations.
  • Payments — processing transactions and preventing fraudulent payments.

We will never sell your personal data to third parties.

5. Sharing Your Data

We do not sell your personal data. We may share your data in the following limited circumstances:

  • Service Providers: Trusted companies that help us deliver our service (cloud hosting, analytics, customer support), bound by data processing agreements.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, where data protection obligations transfer to the new entity.
  • Legal Requirements: When required by law, court order, or government authority with valid legal process.
  • Safety: To protect the rights, property, or safety of Arfric, our users, or the public.
  • With Your Consent: For any purpose you explicitly approve beyond what is described here.

All third-party service providers are contractually obligated to use your data only for the specific purpose of providing services to us and to maintain appropriate security standards.

6. Third-Party Services

Our app integrates with the following third-party services, each with their own privacy policy:

We are not responsible for the privacy practices of third-party services. We encourage you to review their policies.

7. International Data Transfers

Arfric is based in Ghana and serves users globally. Your data may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country.

Where we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Binding Corporate Rules where applicable

8. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

Data CategoryRetention Period
Account & profile dataDuration of account + 30-day deletion grace period
Content (posts, media)Duration of account; deleted with account
Transaction records7 years (financial regulation compliance)
Safety & fraud logsUp to 90 days post-account deletion
Support communications3 years from last interaction
Anonymised analyticsIndefinitely (not personally identifiable)

9. Security

We implement commercially reasonable technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Access controls and authentication requirements for staff
  • Regular security assessments and vulnerability testing
  • Incident response and data breach notification procedures

⚠️ No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

10. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Rectification

Correct inaccurate or incomplete personal data.

Erasure

Request deletion of your personal data ("right to be forgotten").

Portability

Receive your data in a structured, machine-readable format.

Restriction

Request we limit how we process your data in certain circumstances.

Object

Object to processing based on legitimate interests or for marketing.

Withdraw Consent

Withdraw consent for optional processing at any time.

Lodge a Complaint

Complain to your local data protection authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. To delete your account, visit our Account Deletion page.

11. Children's Privacy

Arfric is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13 years of age.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] immediately. We will promptly delete such information from our servers.

Users between 13 and 18 years of age may use Arfric only with verifiable parental or guardian consent where required by applicable law.

12. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience. Types of cookies we use:

Cookie TypePurposeCan You Opt Out?
EssentialLogin sessions, security, core functionalityNo (required for service)
AnalyticsUnderstanding how users use the appYes
PreferencesRemembering your settings and choicesYes
Third-partyThird-party libraries (e.g. Google Analytics)Yes

You can control cookies through your device settings or browser preferences. Disabling certain cookies may affect app functionality.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Send a notification through the app or to your registered email address
  • For significant changes, obtain fresh consent where required by law

Your continued use of Arfric after the effective date of any update constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection team:

  • Email: [email protected]
  • Address: Arfric Inc, Accra-Achimota, Ghana
  • Phone: +233 592 701 297

We aim to respond to all privacy-related requests within 30 days. For complex requests, we may extend this period by a further 60 days, in which case we will notify you.

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Ghana, this is the Data Protection Commission.