Privacy Policy
1. Who we are
AFRISOVERA GLOBAL HOLDINGS LIMITED ("Afrisovera", "we", "us", "our") is a company incorporated in England and Wales under company number 17244459, with registered office at Office 19286, 182-184 High Street North, East Ham, London, E6 2JA.
We are the data controller for the personal data we collect through our website and services.
Contact: privacy@afrisovera.com · Post: Data Protection, Afrisovera, Office 19286, 182-184 High Street North, East Ham, London, E6 2JA.
2. What this policy covers
This Privacy Policy explains what personal data we collect, why, how long we keep it, who we share it with, your rights, and how to complain.
It applies to anyone who visits afrisovera.com, signs up for an Afrisovera account, contacts us by email, uses our Marketplace, Safehold, or other services, or interacts with us in any other way.
3. What personal data we collect
| Category | Examples | Source |
|---|---|---|
| Identity data | Name, date of birth, nationality, photo (where required) | You provide |
| Contact data | Email address, phone number, postal address | You provide |
| Account data | Username, password (encrypted), account preferences | You provide |
| Transaction data | Purchases, payment transactions, order confirmations | You provide / generated |
| Financial data | Payment card information (processed and held by Stripe, not by Afrisovera); platform fee amounts visible to us | You provide via Stripe |
| Verification data | ID document images, proof of address, KYC information | You provide (Tier 2 only) |
| Technical data | IP address, browser type, device information, time zone | Automatic |
| Usage data | Pages viewed, time on site, clicks | Automatic |
| Communication data | Emails, support messages, survey responses | You provide |
| Marketing data | Preferences for receiving marketing | You provide |
4. Lawful basis for processing (UK GDPR Article 6)
| Purpose | Lawful basis |
|---|---|
| Provide our services to you | Contract performance (Art. 6(1)(b)) |
| Verify your identity (KYC/AML) | Legal obligation (Art. 6(1)(c)) |
| Process payments | Contract performance (Art. 6(1)(b)) |
| Send transactional messages | Contract performance (Art. 6(1)(b)) |
| Send marketing communications | Consent (Art. 6(1)(a)) |
| Detect and prevent fraud | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal requests | Legal obligation (Art. 6(1)(c)) |
| Improve our website and services | Legitimate interests (Art. 6(1)(f)) |
| Defend legal claims | Legitimate interests (Art. 6(1)(f)) |
5. Special category data and children
We do not intentionally collect special category data (health, race, religion, biometric data, etc.) except where strictly necessary and lawful (e.g. ID-document images for KYC).
Our services are not directed at children under 13. We do not knowingly collect personal data from anyone under 13.
6. How long we keep your data
| Data category | Retention period |
|---|---|
| Account data | While your account is open + 6 years after closure |
| Transaction & financial records | 6 years from end of the relevant tax year |
| KYC / AML records | 5 years after end of relationship |
| Marketing data (consent-based) | Until you withdraw consent + 30 days |
| Website analytics | 26 months |
| Email correspondence | 2 years from last interaction |
| Legal claim records | Indefinitely while live; 6 years after closure |
7. Who we share your data with
| Recipient | Purpose |
|---|---|
| Stripe Payments Europe, Ltd (FCA firm ref 900665) — data processor under UK GDPR Article 28 | Processing and routing payments. Stripe holds and routes buyer funds; Afrisovera never holds the principal. Stripe is subject to its own Privacy Policy and FCA supervision. |
| Cloud hosting & email (e.g. Google Workspace, AWS) | Storing data, sending emails |
| Analytics (e.g. Google Analytics, with consent) | Understanding website usage |
| Identity verification services (e.g. Onfido) | KYC checks for Tier 2 |
| Professional advisers (accountants, solicitors, auditors) | Legal and accounting compliance |
| Government authorities (HMRC, ICO, courts, law enforcement) | Where legally required |
| Buyers in a corporate transaction | If Afrisovera is sold, restructured, or invested in |
We do not sell your personal data to third parties.
International data transfers
Where we transfer your data internationally, we use UK adequacy regulations, the International Data Transfer Agreement (IDTA), the UK Addendum to EU Standard Contractual Clauses, or other lawful transfer mechanisms.
8. Cookies and similar technologies
We use cookies on afrisovera.com. See our separate Cookie Policy for full details.
9. Your rights under UK GDPR
You have the following rights regarding your personal data. Most are free to exercise and we will respond within 1 month (extendable to 3 months for complex requests):
- Right to be informed — receive clear information about how we use your data (this policy)
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — have inaccurate or incomplete data corrected
- Right to erasure — request deletion of your data (subject to legal retention requirements)
- Right to restrict processing — limit how we use your data in specified circumstances
- Right to data portability — receive your data in a structured, commonly-used, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making and profiling
- Right to withdraw consent — where processing is based on consent
To exercise any right: email privacy@afrisovera.com.
10. How to complain
If you're not satisfied with our response, you can complain to the:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/
11. Data security
We take appropriate technical and organisational measures to protect your data, including encryption of data in transit (HTTPS / TLS), access controls, multi-factor authentication, regular security reviews, and incident response procedures.
If you believe your account has been compromised, contact us immediately at privacy@afrisovera.com.
12. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the current version. For material changes, we will notify registered users by email and post a prominent notice on the website.
13. Specific notes for Afrisovera services
Marketplace
When you use Marketplace, your identity may be visible to other users you transact with. Your contact details are NOT shared without your consent.
Safehold (Stripe-backed protection)
Safehold payments are processed and held by Stripe Payments Europe, Ltd (FCA firm reference 900665), acting as a data processor under UK GDPR Article 28. Full card and bank account details sit with Stripe under Stripe’s Privacy Policy. Afrisovera sees transaction status, amounts, and the platform fee — not card or bank account details. Afrisovera never holds principal funds.
Foundation (Talent Kids)
If you apply to or are sponsored by the Talent Kids program, we collect additional educational and personal information. We will provide a separate fair-processing notice at the point of collection.
Shield (Whistleblowing)
Reports made via Shield can be submitted anonymously. If you provide identity information when reporting, we treat it as confidential and only share it as necessary to investigate, or where required by law.
14. Use of SOV Network for account verification
Afrisovera does NOT operate a traditional email-and-password signup. To access account-based features, we redirect you to a separate independent open-source service called the SOV Network.
What happens when you "Sign in with SOV"
- You click "Sign in with SOV" on afrisovera.com.
- You are redirected to SOV Network's authentication portal.
- SOV Network verifies your identity through its proprietary biometric protocol (palm-print enrollment) using its SOV mobile application.
- SOV Network issues you a pseudonymous identifier called a Sovereign ID (e.g.
SOV-XXXXXXXX) and a nickname (e.g.BraveBear). - SOV Network sends Afrisovera only your Sovereign ID, nickname, and a cryptographic password verifier — not your biometric data, name, address, or any other personal information.
- Afrisovera creates or updates your account record using only that minimal information.
What Afrisovera does and does not see
| What Afrisovera holds | What Afrisovera does NOT hold |
|---|---|
| Your Sovereign ID | Your palm biometric data — and neither does SOV Network; biometric data is processed ephemerally on your device and never stored anywhere |
| Your palm nickname | Your real name (until Tier 2 KYC) |
| A password verifier (one-way hash) | Your address (until Tier 2 KYC) |
| Tier 2 KYC data, if you complete it for financial transactions | Your seed phrase or wallet keys (these stay on your phone) |
| Your activity history on Afrisovera | Your activity on other SOV-linked platforms |
No one stores your biometric
Your palm-print is never stored on Afrisovera servers OR on SOV Network nodes. When you enroll in the SOV app, your phone derives a cryptographic structural commitment from your palm and sends only that commitment to a SOV node for verification. The verification happens in milliseconds, the commitment is then garbage-collected, and the node only persists a derived pseudonymous Sovereign ID.
Even in the worst-case scenario of a complete breach of every Afrisovera server AND every SOV node, your biometric data cannot be exposed, because it does not exist outside your phone.
Two-tier identity model
| Tier | When triggered | What's required |
|---|---|---|
| Tier 1 — Account access | Browsing, community, free listings | Sovereign ID only (no further personal data) |
| Tier 2 — Financial transactions | Buying, selling, escrow, real estate | Full Customer Due Diligence under Money Laundering Regulations 2017 |
Separate controllers
Afrisovera and SOV Network are separate data controllers. We each decide independently what to do with the data we hold. SOV Network is an independent open-source project; we are simply a platform that uses its authentication service, similar to how other websites use "Sign in with Google".
Accessibility
Palm biometric enrollment requires functional hand mobility. If you have a disability that prevents palm enrollment, please contact us at accessibility@afrisovera.com and we will arrange an alternative manual verification path under the Equality Act 2010.
15. Contact us
For any privacy questions or to exercise your rights:
- Email: privacy@afrisovera.com
- Post: Data Protection, Afrisovera, Office 19286, 182-184 High Street North, East Ham, London, E6 2JA