Privacy Policy

Last updated: March 2026

1. Introduction

DuabaLabs ("DuabaLabs", "we", "us", or "our") respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you use our websites, platforms, applications, services, APIs, client-deployed systems, social media automation tools, logistics services, and educational platforms.

This Policy applies to all services under the DuabaLabs ecosystem, including but not limited to:

  • DPS (Duaba Platform Services)
  • Sellub (commerce marketplace)
  • 3y3anaa (business review platform)
  • Connect (social media automation services)
  • Studio (software development services)
  • Import/Export & Logistics operations
  • DuabaNti (educational platform)
  • Client-built applications powered by DuabaLabs infrastructure

By using our services, you agree to the practices described in this Policy.

2. Who We Are

DuabaLabs is a technology company headquartered in Ghana, providing:

  • Multi-tenant platform infrastructure
  • E-commerce marketplace services
  • Fintech-enabled applications
  • Software development services
  • Social media automation services
  • Logistics and trade facilitation
  • AI-powered educational platforms

Depending on the service, DuabaLabs may act as a Data Controller or as a Data Processor on behalf of clients.

3. Information We Collect

3.1 Information You Provide Directly

Account Information

  • Full name, username, email address, phone number
  • Password (encrypted)

Business & Merchant Information

  • Business name, registration documents, tax identification numbers, director information

Financial Information

  • Bank account details, mobile money details, payment identifiers, transaction history
  • Note: Card data is processed by certified third-party payment processors

Identity Verification (KYC/Compliance)

  • National ID, passport, selfie verification, proof of address

3.2 Information Collected Automatically

  • IP address, device type, operating system, browser type
  • Session logs, access timestamps, API usage logs
  • Clickstream data, crash logs

3.3 Information From Third Parties

  • Payment processors, identity verification providers
  • Logistics partners, social media platforms (via OAuth)
  • Cloud service providers, analytics providers

3.4 Sensitive Personal Data

Depending on service, we may process government ID data, financial account data, biometric verification (if required for KYC), and children's data (educational platforms with parental consent). Sensitive data is subject to enhanced safeguards.

4. How We Use Your Information

Service Delivery

  • Create and manage accounts
  • Process transactions
  • Provide platform access
  • Deploy applications
  • Provide logistics coordination

Compliance & Regulation

  • KYC verification
  • Anti-money laundering checks
  • Legal reporting
  • Tax compliance

Security & Fraud Prevention

  • Detect suspicious activity
  • Prevent fraud
  • Secure accounts

Platform Improvement

  • Analytics
  • Performance optimization
  • Product development

5. Legal Basis for Processing

We process personal data under: consent, contractual necessity, legal obligation, legitimate interest, and regulatory compliance. For EU data subjects, processing complies with GDPR legal bases.

6. Platform-Specific Processing

DPS (Platform Infrastructure)

  • User authentication
  • Role-based access management
  • API usage monitoring
  • Deployment tracking

Sellub (Marketplace)

  • Merchant onboarding
  • Product listing management
  • Buyer order history
  • Logistics tracking
  • Dispute resolution

3y3anaa (Review Platform)

  • Review submissions
  • Anti-abuse monitoring
  • IP-based fraud detection

Connect (Social Media Automation)

  • OAuth tokens (encrypted)
  • Scheduled post metadata
  • Campaign performance metrics
  • We do NOT store social platform passwords

Studio (Client Applications)

  • Client acts as Data Controller
  • DuabaLabs acts as Data Processor
  • Processing governed by separate DPAs

Educational Platforms (DuabaNti)

  • Parental consent required for minors
  • Limited data collection
  • No behavioral advertising
  • No sale of children's data

7. Cookies & Tracking Technologies

We use essential cookies, performance cookies, analytics cookies, and security cookies. You may disable cookies in your browser settings.

8. Data Sharing

We may share data with payment processors, hosting providers, logistics providers, legal authorities (when required), identity verification services, and security monitoring services. We do NOT sell personal data.

9. International Data Transfers

Where data is transferred outside Ghana, adequate safeguards are implemented, standard contractual protections are used, and transfers comply with GDPR where applicable.

10. Data Retention

  • Financial records: As required by law
  • KYC records: Regulatory duration
  • Marketing data: Until consent withdrawn
  • Account data: Until account deletion + legal retention period

After retention expires, data is securely deleted or anonymized.

11. Data Security

Technical Measures

  • TLS encryption
  • AES-256 encryption at rest
  • Role-based access control
  • Multi-factor authentication
  • Firewall & intrusion detection
  • Encrypted backups
  • Infrastructure isolation

Organizational Measures

  • Staff confidentiality agreements
  • Access control policies
  • Security training
  • Incident response protocols

12. Your Rights

  • Access your data
  • Request correction
  • Request deletion (subject to legal limits)
  • Withdraw consent
  • Object to processing
  • Request data portability
  • File a complaint with the Data Protection Commission (Ghana)

To exercise your rights, contact us at security@duabalabs.com. We respond within statutory timelines.

13. Data Breach Notification

If a data breach occurs, we conduct an immediate internal investigation, perform a risk assessment, notify regulators and affected individuals as required, and take remediation actions.

14. Children's Privacy

For services directed at children: parental consent is required, no data sale, no behavioral profiling, and enhanced security controls are applied.

15. Third-Party Links

Our platforms may link to external websites. We are not responsible for third-party privacy practices.

16. Automated Decision-Making

Where automated systems are used (e.g., fraud detection), decisions are subject to human review where required, and users may request explanation.

17. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised "Last Updated" date. Material changes may be communicated via email or platform notice.

18. Contact Information

DuabaLabs
Accra, Ghana
security@duabalabs.com

19. Governing Law

This Policy is governed by the laws of Ghana and applicable international regulations where relevant.