Privacy Policy

AFRIFORGE LTD PRIVACY POLICY

Effective Date: November 17, 2025

1. Introduction

Afriforge Ltd ("we," "our," or "us") operates the ndfitrack financial management platform and afriforge.com website. We are committed to protecting your privacy and complying with Rwanda's Data Protection and Privacy Law (Law No 058/2021 of 13/10/2021).

2. Data Controller Information

3. Information We Collect

A. Website Visitors:
  • IP addresses, browser type, device information
  • Cookies and tracking technologies (with consent)
  • Contact form submissions
  • Analytics data
B. NDFI Clients (Business Data):
  • Business name, registration details
  • Contact person information
  • Billing and payment information
  • System usage data
C. NDFI System Users (Employees of our Clients):
  • Name, email address, contact details
  • User credentials (encrypted)
  • Role and permission assignments
  • Activity logs

4. How We Use Your Information

Purpose Legal Basis Data Categories
Platform Service Delivery Contractual Necessity All business and user data
Billing and Invoicing Contractual Necessity Client business data
Customer Support Legitimate Interest Contact and usage data
System Security Legal Obligation Logs and access data
Marketing Communications Consent Website visitor data
Regulatory Compliance Legal Obligation Required business records

5. Data Sharing and Disclosure

We may share personal data with:

A. Data Processors:
  • DigitalOcean - Cloud hosting services
  • MongoDB Atlas - Database management
  • Cloudinary - File storage and CDN
  • Payment Processors - Billing transactions
  • SMS/Email Providers - Communication services
B. Legal Requirements:
  • Regulatory authorities (NCSA, RRA, BNR)
  • Law enforcement when legally required
  • Professional advisors (legal, audit)

All processors operate under Data Processing Agreements ensuring compliance with Rwandan data protection laws.

6. International Data Transfers

Personal data may be stored and processed outside Rwanda in the following locations:

  • Primary Database: MongoDB Atlas (South Africa - Cape Town)
  • Application Hosting: DigitalOcean (Netherlands - Amsterdam)
  • File Storage: Cloudinary (Global CDN)

These transfers are protected by:

  • AES-256 encryption before transfer
  • GDPR-compliant jurisdictions
  • Comprehensive Data Processing Agreements
  • NCSA authorization where required

7. Data Security Measures

We implement robust security measures including:

  • End-to-end encryption (AES-256)
  • Regular security audits and penetration testing
  • Role-based access controls
  • Multi-factor authentication
  • Comprehensive activity logging
  • Regular staff security training
  • Secure development practices

8. Data Retention

We retain personal data only as long as necessary:

Data Category Retention Period
Client business data 7 years after contract termination
User account data Until account deletion request
Financial records 10 years for tax compliance
System logs 2 years for security monitoring
Marketing data Until consent withdrawal

9. Your Data Protection Rights

Under Rwandan law, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise these rights, contact our Data Protection Officer at masasusalomon@afriforge.com.

10. Cookies and Tracking

Our website uses cookies for:

  • Essential functionality
  • Analytics and performance
  • Marketing (with consent)

You can manage cookie preferences through your browser settings or our cookie banner.

11. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the National Cyber Security Authority within 72 hours
  • Inform affected individuals without undue delay
  • Take immediate measures to contain and address the breach

12. Changes to This Policy

We may update this policy to reflect legal requirements or operational changes. Significant changes will be communicated through:

  • Email notifications to registered users
  • Notices on our website
  • Platform announcements

13. Contact Information

For privacy-related inquiries or to exercise your rights:

Data Protection Officer

Uwimana Masasu Salomon

masasusalomon@afriforge.com

+250788317222

Rwanda, Gasabo, Kimironko, Kibagabaga

National Cyber Security Authority

www.dpo.gov.rw

dpp@ncsa.gov.rw

9080 (toll-free)

14. Complaint Procedure

If you have concerns about our data handling, you may:

  1. Contact our Data Protection Officer first
  2. Lodge a complaint with the National Cyber Security Authority
  3. Seek judicial remedy through competent courts