Features Pricing API Docs About Contact Login Start Free

Privacy Policy

Last updated: January 18, 2026

1. Introduction

OpenKYC Africa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our KYC verification services.

We comply with the General Data Protection Regulation (GDPR), South Africa's Protection of Personal Information Act (POPIA), and other applicable data protection laws across Africa.

2. Information We Collect

2.1 Personal Information

When you use our KYC verification services, we may collect:

  • Identity Information: Full name, date of birth, nationality, gender
  • Contact Information: Email address, phone number, physical address
  • Document Information: ID card, passport, driver's license, proof of address
  • Biometric Data: Facial images for verification purposes
  • Device Information: IP address, browser type, device identifiers

2.2 How We Collect Information

  • Directly from you when you complete KYC verification
  • From our business clients who use our services to verify their users
  • Automatically through our technology when you interact with our services

3. How We Use Your Information

We use the collected information to:

  • Verify your identity as requested by our business clients
  • Detect and prevent fraud, money laundering, and other illegal activities
  • Comply with legal and regulatory requirements
  • Improve our services and develop new features
  • Communicate with you about our services
  • Ensure the security of our platform

4. Legal Basis for Processing

We process your personal data based on:

  • Consent: You have given consent for specific processing purposes
  • Contract: Processing is necessary to fulfill our contractual obligations
  • Legal Obligation: Processing is required to comply with applicable laws
  • Legitimate Interest: Processing is necessary for our legitimate business interests

5. Data Sharing and Disclosure

We may share your information with:

  • Business Clients: The companies that requested your KYC verification
  • Service Providers: Third parties who assist us in providing our services
  • Legal Authorities: When required by law or to protect our rights
  • Business Partners: In connection with a merger, acquisition, or sale of assets

We do NOT sell your personal information to third parties for marketing purposes.

6. Data Retention

We retain your personal data for:

  • Verification Data: As required by applicable AML/KYC regulations (typically 5-7 years)
  • Biometric Data: Deleted within 30 days of verification completion unless longer retention is required by law
  • Account Data: Until you request deletion or close your account

7. Data Security

We implement robust security measures to protect your data:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security audits and penetration testing
  • Access controls and employee training
  • Secure data centers with SOC 2 compliance
  • Automated threat detection and monitoring

8. Your Rights

Under applicable data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing activities
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@openkyc.africa.

9. International Data Transfers

Your data may be processed in countries outside your residence. When transferring data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by relevant authorities
  • Binding Corporate Rules where applicable

We prioritize keeping African user data within Africa wherever possible.

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Enable essential functionality of our services
  • Analyze usage patterns and improve user experience
  • Detect and prevent fraud

You can manage cookie preferences through your browser settings.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a prominent notice on our website or sending you an email.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer
OpenKYC Africa
Email: privacy@openkyc.africa
Address: 123 Samora Machel Avenue, Harare, Zimbabwe

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.