Privacy Policy

1. Introduction

Gephra Ltd ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital solutions platform, including our websites, applications, and services.

We are a Rwanda-based technology company registered with the Rwanda Development Board (RDB) and operate in compliance with Rwanda Data Protection Law No. 058/2021. Our mission is to create digital solutions that empower Africa's workforce and businesses.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, and mailing address
• Account Information: Username, password, and account preferences
• Professional Information: Job title, company, industry, and work experience
• Payment Information: Billing address and payment method details (processed securely through third-party providers)
• Communication Data: Messages, feedback, and support requests

2.2 Technical Information

We automatically collect certain technical information:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Pages visited, time spent, features used, and interaction patterns
• Location Data: General geographic location (country/region level)
• Cookies and Tracking: Information collected through cookies and similar technologies

2.3 Content Data

Depending on the services you use, we may process:

• Resume Data: For Gephra Resume optimization services
• Employment Records: For Ingenzi Platform verification services
• Business Data: For future business solutions and trade management platforms

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• Provide and maintain our digital solutions
• Process transactions and payments
• Deliver customer support and technical assistance
• Customize and improve user experience

3.2 Communication

• Send service-related notifications and updates
• Respond to inquiries and support requests
• Provide marketing communications (with your consent)
• Share important policy changes and security updates

3.3 Business Operations

• Analyze usage patterns to improve our services
• Conduct research and development
• Ensure platform security and prevent fraud
• Comply with legal and regulatory requirements

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

4.1 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Payment processing and financial transactions
• Cloud hosting and data storage
• Analytics and performance monitoring
• Customer support and communication

4.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal obligations and court orders
• Protect our rights, property, and safety
• Prevent fraud and ensure platform security
• Respond to government requests and investigations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, with appropriate privacy protections maintained.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• Encryption: Data encrypted in transit and at rest using industry-standard protocols
• Access Controls: Role-based access controls and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and regular security audits
• Secure Development: Security-first development practices and regular code reviews

5.2 Operational Safeguards

• Staff Training: Regular privacy and security training for all employees
• Data Minimization: Collecting only necessary information for service delivery
• Regular Backups: Secure backup systems with encryption and access controls
• Incident Response: Comprehensive incident response procedures and breach notification protocols

6. Your Rights and Choices

Under Rwanda Data Protection Law and international best practices, you have the following rights:

6.1 Access and Portability

• Access: Request a copy of your personal information we hold
• Portability: Receive your data in a structured, machine-readable format
• Correction: Update or correct inaccurate information

6.2 Control and Deletion

• Deletion: Request deletion of your personal information (subject to legal requirements)
• Restriction: Limit how we process your information
• Objection: Object to certain types of processing

6.3 Communication Preferences

• Marketing: Opt out of marketing communications at any time
• Notifications: Customize notification preferences in your account settings
• Cookies: Manage cookie preferences through your browser settings

7. Data Retention

We retain your information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our agreements
• Improve our services through analytics (in anonymized form)

When you delete your account or request data deletion, we will securely remove your personal information within 30 days, unless legal requirements mandate longer retention.

8. International Data Transfers

As a Rwanda-based company serving users across Africa and globally, we may transfer your information to:

• Cloud service providers with appropriate safeguards
• Payment processors with PCI DSS compliance
• Analytics providers with privacy-compliant practices

All international transfers are conducted with appropriate safeguards, including standard contractual clauses and adequacy decisions.

9. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected information from a child under 16, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our platforms

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.