Privacy Policy

Last Updated: January 1, 2026

            Your Privacy Matters: This Privacy Policy explains how Africoin and Africa Railways collect, use, disclose, and protect your personal information when you use our Services.
        

1. Introduction

Africoin ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy applies to all users of the Africoin platform, Africa Railways ticketing system, Sentinel Portal, OCC Dashboard, and related services (collectively, the "Services").

By using our Services, you consent to the collection and use of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect information that identifies you as an individual, including:

Account Information: Name, email address, phone number, date of birth
Payment Information: Mobile money account details, transaction history
Identification: Government-issued ID for verification purposes
Travel Information: Route preferences, travel history, ticket purchases

2.2 Blockchain Data

When you interact with our blockchain services, we collect:

Wallet Addresses: Public blockchain addresses
Transaction Data: NFT minting records, ticket purchases
Smart Contract Interactions: On-chain activity logs
IPFS Metadata: Ticket metadata stored on IPFS

2.3 Technical Information

We automatically collect technical data, including:

Device Information: Device type, operating system, browser type
Usage Data: Pages visited, features used, time spent
IP Address: Internet Protocol address and location data
Cookies: Session cookies and tracking technologies
USSD Sessions: USSD code interactions and session data

2.4 Communication Data

We collect information from your communications with us:

Customer support inquiries
Feedback and survey responses
SMS and push notifications preferences

3. How We Use Your Information

3.1 Service Provision

We use your information to:

Process ticket purchases and issue NFT-based tickets
Facilitate gasless blockchain transactions
Verify ticket authenticity and prevent fraud
Provide USSD-based ticketing for feature phones
Manage your account and preferences

3.2 Platform Operations

We use your data to:

Monitor system health and performance
Detect and prevent security threats
Analyze usage patterns and improve Services
Maintain blockchain infrastructure
Optimize gas policy and transaction costs

3.3 Communication

We may use your information to:

Send ticket confirmations and travel updates
Provide customer support
Send service announcements and notifications
Deliver marketing communications (with your consent)

3.4 Legal Compliance

We process your data to:

Comply with legal obligations
Respond to law enforcement requests
Enforce our Terms of Service
Protect our rights and property

4. Data Sharing and Disclosure

4.1 Service Providers

We share data with third-party service providers:

Service Provider	Purpose	Data Shared
Alchemy	Blockchain infrastructure	Wallet addresses, transaction data
Pinata (IPFS)	Metadata storage	Ticket metadata, images
M-Pesa / Mobile Money	Payment processing	Phone number, payment details
Twilio / Africa's Talking	SMS notifications	Phone number, message content
Google Cloud Platform	Cloud hosting	Usage data, logs

4.2 Blockchain Transparency

            Important: Blockchain transactions are public and permanent. Your wallet address and transaction history on Polygon and Sui blockchains are publicly visible and cannot be deleted.
        

4.3 Legal Requirements

We may disclose your information when required by law or to:

Comply with legal processes or government requests
Enforce our Terms of Service
Protect the rights, property, or safety of Africoin, our users, or the public
Investigate fraud or security issues

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption: Data encrypted in transit (TLS/SSL) and at rest
Access Controls: Role-based access to sensitive data
Monitoring: 24/7 security monitoring via OCC Dashboard
Audits: Regular security audits and penetration testing
Blockchain Security: Multi-signature wallets and gas policy controls

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide Services and comply with legal obligations:

Account Data: Retained while your account is active
Transaction Records: Retained for 7 years for tax and legal compliance
Blockchain Data: Permanent and immutable on public blockchains
Usage Logs: Retained for 90 days for security and analytics

7. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your data (subject to legal requirements)
Portability: Receive your data in a machine-readable format
Objection: Object to processing of your data
Withdrawal: Withdraw consent for marketing communications

To exercise these rights, contact us at privacy@africarailways.com.

            Blockchain Limitation: Data stored on public blockchains (Polygon, Sui) cannot be deleted or modified due to the immutable nature of blockchain technology.
        

8. Cookies and Tracking

We use cookies and similar technologies to:

Maintain user sessions
Remember preferences
Analyze usage patterns
Improve user experience

You can control cookies through your browser settings. Disabling cookies may limit functionality.

9. Third-Party Links

Our Services may contain links to third-party websites (e.g., blockchain explorers, payment gateways). We are not responsible for the privacy practices of these external sites.

10. Children's Privacy

Our Services are not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Data Protection Laws

12.1 GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access: Request copies of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restriction: Limit how we use your data
Right to Data Portability: Transfer your data to another service
Right to Object: Object to certain types of processing
Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing

Legal Basis for Processing: We process your data based on:

Consent: When you explicitly agree (e.g., marketing communications, IDO participation)
Contract: To fulfill our contractual obligations (e.g., ticket purchases, token sales)
Legal Obligation: To comply with laws (e.g., KYC/AML requirements for IDO)
Legitimate Interests: For business operations, fraud prevention, and system security

Data Protection Officer: You can contact our DPO at dpo@africarailways.com

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR.

12.2 POPIA Compliance (South Africa)

We comply with the Protection of Personal Information Act (POPIA). You have rights under POPIA to access, correct, and delete your personal information.

12.3 IDO-Specific Data Processing

For participation in the AFRC Initial DEX Offering (IDO), we collect and process additional information:

KYC/AML Information: Identity verification documents, proof of address, source of funds
Wallet Information: Public wallet addresses for token distribution
Investment Data: Contribution amounts, transaction hashes, vesting schedules
Accreditation Status: Information to verify investor accreditation (where required)
Tax Information: Tax identification numbers for regulatory compliance

Legal Basis: Processing of IDO data is based on:

Contractual Necessity: To execute the token sale agreement
Legal Compliance: To meet securities regulations, AML/CFT requirements, and tax laws
Consent: For optional marketing and community communications

Data Retention for IDO: KYC documents and transaction records are retained for at least 7 years after the IDO to comply with financial regulations.

Third-Party KYC Providers: We use verified third-party KYC/AML service providers (e.g., Jumio, Onfido) who process your data according to their own privacy policies and security standards.

12.4 Cookie Consent (GDPR/ePrivacy)

We use cookies and similar tracking technologies. Upon visiting our website, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can modify your cookie preferences at any time through our Cookie Settings page.

Cookie Categories:

Strictly Necessary: Required for website functionality (cannot be disabled)
Analytics: Help us understand website usage (requires consent)
Marketing: Used for targeted advertising (requires consent)
Functional: Remember your preferences and settings (requires consent)

12.5 International Transfers & Data Localization

Your data may be transferred to and processed in countries outside your residence, including:

Cloud Infrastructure: Google Cloud Platform (USA, EU regions)
Blockchain Networks: Polygon (global), Sui (global)
Payment Processors: Various jurisdictions based on payment method
KYC Providers: Data centers in EU and USA

For transfers from the EEA to non-EEA countries, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Privacy Shield Framework (for eligible US organizations)

12.6 Automated Decision-Making

We may use automated systems for:

Fraud Detection: Automated screening for suspicious transactions
Whitelist Approval: Automated preliminary screening (subject to manual review)
Risk Assessment: Automated AML/CFT risk scoring

You have the right to request human review of any automated decision that significantly affects you.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Services after changes constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us:

Email: privacy@africarailways.com
Support: support@africarailways.com
Data Protection Officer: dpo@africarailways.com
GitHub: github.com/mpolobe/africa-railways

15. Consent

By using the Africoin platform and Africa Railways services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.