KiwaConnect← Home

Legal

Privacy Policy

Last updated: · Effective date: April 2026

This Privacy Policy explains how KiwaConnect (“we”, “us”, or “our”) collects, uses, stores, and protects your personal information when you use our platform. We comply with Zimbabwe’s Cyber and Data Protection Act, Chapter 12:07 (CDPA).

1. Who We Are

KiwaConnect is a professional networking and empowerment platform for women entrepreneurs in Zimbabwe. Our platform aggregates funding opportunities, enables peer mentorship, facilitates B2B procurement matching, and provides community discussion.

Data Controller: KiwaConnect (Pvt) Ltd, Harare, Zimbabwe
Data Protection Officer (DPO) contact: privacy@kiwaconnect.com

2. Information We Collect

2.1 Information you provide

  • Account data — name, email address, password (hashed, never stored in plain text)
  • Profile data — headline, bio, location, industry, profile photo, LinkedIn/ORCID links
  • Communications — direct messages, community posts, replies, mentorship session notes
  • Business data — company incorporation details you enter into the document assistant
  • Contact preferences — WhatsApp number (if you opt in), notification settings

2.2 Information collected automatically

  • Usage data — pages visited, features used, timestamps
  • Device data — browser type, operating system, IP address, approximate location derived from IP
  • Cookies — session cookies used for authentication (Supabase Auth); no third-party advertising cookies

2.3 Information from third parties

  • If you connect LinkedIn or ORCID for identity verification, we receive your public profile data from those services.

3. How We Use Your Information

We use your personal data to:

  • Provide, operate, and improve the KiwaConnect platform
  • Match you with relevant funding opportunities, mentors, and business partners
  • Send notifications about connection requests, messages, and opportunities you’ve opted into
  • Verify your identity and prevent fraud
  • Generate aggregate analytics to understand how the platform is used (no individual profiling for advertising)
  • Comply with legal obligations under Zimbabwean law

4. Legal Basis for Processing

Under the CDPA, we process your data on the following lawful bases:

  • Contract performance — to provide the service you signed up for
  • Legitimate interests — improving platform safety, preventing fraud, analytics
  • Consent — WhatsApp notifications, optional features (you may withdraw at any time)
  • Legal obligation — POTRAZ compliance, audit logs required by Zimbabwean digital services regulations

5. Data Sharing

We do not sell your personal data. We share it only with:

  • Supabase (database and authentication) — EU-based data processor under a data processing agreement
  • Vercel (hosting) — US-based, with standard contractual clauses in place
  • Resend (transactional email) — for sending you notifications you have requested
  • Meta (WhatsApp Business API) — only if you have explicitly opted into WhatsApp notifications
  • POTRAZ / Zimbabwean authorities — if required by law

6. Data Retention

  • Account data is retained for as long as your account is active.
  • After account deletion, personal data is hard-deleted within 30 days, except where retention is required by law (e.g., audit logs may be retained for up to 7 years under Zimbabwean financial regulations).
  • Anonymised, aggregated analytics data may be retained indefinitely.

7. Your Rights

Under the CDPA, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request we correct inaccurate data (editable from your Profile Settings)
  • Deletion — request deletion of your account and associated data (available in Settings → Advanced → Delete account)
  • Portability — export your profile and activity data in JSON or CSV format (Settings → Advanced → Export)
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — disable WhatsApp or other optional processing at any time in Settings → Notifications

To exercise any right, email privacy@kiwaconnect.com. We will respond within 30 days as required by the CDPA.

8. Security

We implement industry-standard security measures including: TLS encryption in transit, AES-256 encryption at rest (via Supabase), rate limiting to prevent brute-force attacks, Row-Level Security policies on all database tables, and regular dependency audits.

Despite these measures, no system is 100% secure. If you discover a vulnerability, please responsibly disclose it to security@kiwaconnect.com.

9. Cookies

We use only essential cookies — session tokens required to keep you logged in. We do not use tracking or advertising cookies. You can delete cookies via your browser settings, but this will sign you out.

10. Children

KiwaConnect is intended for users aged 18 and over. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification at least 14 days before they take effect. Continued use of the platform after the effective date constitutes acceptance.

12. Contact Us

For privacy enquiries, data subject requests, or complaints:

You also have the right to lodge a complaint with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), the data protection supervisory authority under the CDPA.

Terms of Service