Legal
Privacy Policy
We are committed to protecting your privacy. This policy explains clearly what data we collect, why we collect it, and your rights over it — in plain language, in compliance with the GDPR (EU), CCPA (California), POPIA (South Africa), and other applicable data protection laws.
Contents
1. Who We Are
Jambona is a social and cultural platform operated by the Commission of African Society, Business, Art & Culture, a body under the Pan African Dialogue Institute (PADI).
For the purposes of data protection law, the data controller is:
- Organisation: Pan African Dialogue Institute — Commission of African Society, Business, Art & Culture
- Platform: Jambona
- Contact: [email protected]
2. Information We Collect
2.1 Information you provide directly
- Account registration: Full name, email address, password (stored encrypted), country of residence, profession, institution, and role type.
- Profile information: Profile photo, cover image, biography, website URL, LinkedIn, and social media handles — all optional and at your discretion.
- Content you create: Publications (text, PDFs), events (titles, descriptions, banners), and any other material you submit to the platform.
- Communications: Messages you send to our support team or through platform feedback forms.
- Verification data: Institute verification codes used to obtain verified-member status.
2.2 Information collected automatically
- Usage data: Pages visited, features used, time spent, clicks, and interactions within the platform.
- Device and technical data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
- Log data: Server logs recording requests made to the platform, error reports, and performance data.
2.3 Information from third parties
- Google OAuth: If you sign in with Google, we receive your name, email address, and profile photo from Google. We do not receive or store your Google password.
3. How We Use Your Information
We use your personal data to:
- Create and manage your Jambona account and authenticate your identity.
- Display your public profile to other members of the platform.
- Enable you to publish content, create events, and connect with other members.
- Send transactional emails (account confirmation, password reset, event reminders).
- Send platform announcements and updates from the Commission — you may opt out at any time.
- Detect and prevent fraud, abuse, spam, and violations of our Terms of Service.
- Improve the platform through aggregated, anonymised analytics.
- Comply with legal obligations.
We do not sell your personal data to any third party, ever.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and the United Kingdom, we process personal data under the following legal bases:
- Contract (Article 6(1)(b) GDPR): Processing necessary to provide the Jambona service you signed up for — account creation, profile display, content publishing.
- Legitimate interests (Article 6(1)(f) GDPR): Platform security, fraud prevention, and aggregate analytics. Our legitimate interests do not override your rights.
- Consent (Article 6(1)(a) GDPR): For optional communications and cookies where required by law. You may withdraw consent at any time.
- Legal obligation (Article 6(1)(c) GDPR): Where we are required to retain or disclose data by law.
5. Data Sharing and Disclosure
We share your data only in these limited circumstances:
- Infrastructure providers: We use Supabase (database and authentication), Cloudflare (hosting and CDN), and Google (OAuth). These providers process data on our behalf under data processing agreements and are bound to protect your information.
- Other members: Your public profile — name, photo, bio, country, discipline, and published content — is visible to other Jambona members. You control what you make public.
- Legal requirements: We may disclose information if required by law, court order, or to protect the rights, property, or safety of Jambona, our users, or the public.
- Business transfers: In the event of a merger or acquisition, your data may transfer to the successor entity, subject to the same privacy protections.
We do not share your data with advertisers, data brokers, or any third party for commercial purposes.
6. International Data Transfers
Jambona serves users across all 54 African nations and the global diaspora. Your data may be stored and processed in data centres outside your home country, including in the United States and the European Union, through our infrastructure providers.
Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Processing by providers certified under recognised adequacy frameworks.
For African users, we are mindful of emerging data localisation requirements and aim to comply with applicable national data protection laws across African Union member states.
7. Data Retention
- Active accounts: We retain your data for as long as your account is active.
- Deleted accounts: Upon account deletion, we remove your personal profile data within 30 days. Anonymised, aggregated analytics data may be retained indefinitely. Content you have published may remain visible unless you explicitly delete it before closing your account.
- Legal holds: Where required by law or to resolve disputes, we may retain certain data for longer periods.
- Backups: Data may persist in encrypted backups for up to 90 days after deletion.
8. Your Rights
Rights under GDPR (EU / UK residents)
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): Request deletion of your personal data where there is no compelling reason to continue processing it.
- Restriction: Ask us to limit processing in certain circumstances.
- Data portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Automated decisions: Not be subject to solely automated decisions with significant effects.
Rights under CCPA (California residents)
- Know what personal information is collected, used, shared, or sold.
- Delete personal information we have collected, subject to exceptions.
- Opt out of the sale of personal information — we do not sell personal information.
- Non-discrimination for exercising your privacy rights.
Rights under POPIA (South Africa) and other African data protection laws
If you are a resident of South Africa, Kenya, Nigeria, Rwanda, Ghana, or another African Union member state with applicable data protection legislation, you have rights equivalent to or aligned with those listed above under your national law. We honour all such requests.
To exercise any of these rights, email [email protected]. We will respond within 30 days. We do not charge a fee for reasonable requests.
9. Cookies and Tracking
We use the following types of cookies and similar technologies:
- Strictly necessary: Authentication session cookies required for you to stay logged in. These cannot be disabled without breaking the service.
- Functional: Preferences such as dark mode and language settings stored in your browser's localStorage.
- Analytics (optional): We use privacy-respecting, cookieless analytics to understand aggregate usage. No cross-site tracking or advertising cookies are used.
You can control cookies through your browser settings. Blocking strictly necessary cookies will prevent you from using authenticated features of Jambona.
10. Security
We implement industry-standard security measures including:
- Encrypted connections (HTTPS/TLS) for all data in transit.
- Encrypted storage for passwords using bcrypt with a high cost factor.
- Access controls limiting which staff can access personal data.
- Authentication tokens stored in secure, httpOnly cookies (not exposed to JavaScript).
- Regular security reviews of our platform and dependencies.
No method of transmission or storage is 100% secure. In the event of a data breach that affects your rights, we will notify you and relevant authorities as required by applicable law.
11. Children's Privacy
Jambona is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us at [email protected] and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by displaying a prominent notice on the platform at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
Continued use of Jambona after the effective date constitutes acceptance of the updated policy.
13. Contact Us
For any privacy-related questions, requests, or complaints:
- Email: [email protected]
- Organisation: Commission of African Society, Business, Art & Culture — Pan African Dialogue Institute
If you are in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.