Legal Document

Privacy Policy

Last Updated: March 29, 2026

UniLoomy Technologies Ltd ("UniLoomy", "we", "us", or "our") is committed to protecting your personal data and privacy rights. This Privacy Policy explains how we collect, use, store, and share information when you use our mobile application and website (collectively, the "Service"). This policy complies with Ghana's Data Protection Act, 2012 (Act 843), the Electronic Transactions Act, 2008 (Act 772), and applicable international data protection standards including the EU General Data Protection Regulation (GDPR) where applicable.

1. Who We Are

UniLoomy Technologies Ltd is a Ghanaian technology company registered under the Companies Act, 2019 (Act 992) of Ghana. Our registered office is in Ghana. We operate a university student super-app designed to facilitate learning, economic opportunity, and social connection for university students.

For data protection purposes, UniLoomy is the data controller of your personal information.

Contact: privacy@uniloomy.com

2. Information We Collect

2.1 Information You Provide

  • Account Information: Full name, university email address, student ID (for verification), password (hashed), profile photo, and university/campus affiliation.
  • Profile Data: Course of study, academic year, bio, social links, and interests.
  • Financial Data: For marketplace and gig transactions — mobile money account details (e.g., MTN MoMo, Vodafone Cash, AirtelTigo Money), payment history. We do not store full card numbers.
  • Content: Posts, comments, stories, UniClips, study materials, marketplace listings, gig postings, and messages you create.
  • Communication: Emails or messages you send to our support team.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers, mobile network, and IP address.
  • Usage Data: Features used, pages visited, time spent, app interactions, search queries, and click patterns.
  • Location Data: Approximate location derived from IP address. Precise GPS location only with your explicit consent (e.g., for housing listings nearby).
  • Log Data: Error logs, access timestamps, and crash reports.
  • Cookies & Similar Technologies: Authentication tokens, session cookies, and analytics identifiers. See Section 9 for details.

2.3 Information from Third Parties

  • University verification data from partnered institutions.
  • Social sign-in data (Google/Apple) if you choose to use those login methods.
  • Payment processor confirmations (not full transaction details).

3. How We Use Your Information

We process your data on the following legal bases (per Ghana Data Protection Act, 2012, s.19 and GDPR Art. 6):

Contract Performance

Creating and managing your account, processing transactions, providing customer support, and delivering core features of the Service.

Legitimate Interests

Improving the platform, preventing fraud, enforcing our Terms, personalizing your experience, and conducting analytics to understand usage patterns.

Consent

Sending promotional emails and push notifications (you may withdraw consent at any time). Accessing precise GPS location. Personalised advertising.

Legal Obligation

Complying with applicable laws, responding to lawful requests from authorities, and fulfilling financial reporting obligations.

4. Sharing Your Information

We do not sell your personal data. We may share data in the following limited circumstances:

  • Service Providers: Cloud hosting (AWS/Firebase), payment processors (MTN MoMo API, Paystack), analytics providers (Mixpanel/Amplitude), and customer support tools — all bound by data processing agreements.
  • University Partners: For student verification only, with your consent.
  • Other Users: Public profile information, marketplace listings, posts, and UniClips you choose to make public.
  • Legal Authorities: Where required by Ghanaian law (e.g., court orders, the Data Protection Commission, the Ghana Police Service) or to protect the rights and safety of users.
  • Business Transfers: In the event of a merger or acquisition, your data may be transferred to the new entity, which will be bound by this policy.

5. International Data Transfers

UniLoomy is based in Ghana. Our service providers may process data outside of Ghana, including in the European Economic Area (EEA), the United Kingdom, and the United States. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with Ghana's Data Protection Act (s. 43) and GDPR Chapter V, including Standard Contractual Clauses (SCCs) or equivalent mechanisms.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Account data — retained for the duration of your account plus 6 months after deletion requests.
  • Transaction records — retained for 7 years to comply with Ghana Revenue Authority (GRA) requirements and the Companies Act financial records obligations.
  • Support communications — retained for 3 years.
  • Usage logs — anonymised after 12 months.

7. Your Rights

Under Ghana's Data Protection Act, 2012, and applicable international law, you have the right to:

Right to Access

Request a copy of your personal data we hold.

Right to Rectification

Correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your data (subject to legal obligations).

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Restriction

Request that we limit how we use your data.

Right to Withdraw Consent

Withdraw consent for consent-based processing at any time.

Right to Lodge a Complaint

File a complaint with Ghana's Data Protection Commission (DPC).

To exercise any right, email privacy@uniloomy.com. We will respond within 30 days, as required by the DPA 2012.

8. Security

We implement industry-standard technical and organisational measures to protect your data including:

  • AES-256 encryption at rest and TLS 1.3 in transit.
  • Bcrypt hashing for passwords.
  • Role-based access controls for internal staff.
  • Regular security audits and penetration testing.
  • Multi-factor authentication for administrative systems.

No system is completely secure. In the event of a data breach that affects your rights, we will notify you and the Ghana Data Protection Commission within 72 hours, as required by Act 843.

9. Cookies and Tracking

We use the following types of cookies and tracking technologies:

  • Strictly Necessary: Authentication tokens and session management. Cannot be disabled.
  • Analytics: Understanding how users interact with our platform (can be disabled in App Settings).
  • Marketing: Personalised ads and promotions — only with your explicit consent.

You can manage cookie preferences in your account settings or via your browser/device settings.

10. Children's Privacy

UniLoomy is designed for university students aged 16 and over. We do not knowingly collect personal data from children under 16. If we learn that we have inadvertently collected data from a child under 16, we will delete it promptly. If you believe a minor has provided us data, contact us at privacy@uniloomy.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email at least 14 days before changes take effect. The "Last Updated" date at the top reflects the most recent version. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

UniLoomy Technologies Ltd

Ghana

Email: privacy@uniloomy.com

For DPC complaints (Ghana): dataprotection.org.gh

© 2026 UniLoomy Technologies Ltd. Ghana
Privacy PolicyTerms of ServiceHome