Privacy policy

This policy describes how KmerLoop (“we”, “the platform”) processes personal data from people who browse the site, create an account, post listings, use messaging, the electronic wallet, paid features, or identity verification (KYC).

The controller is the platform publisher identified in the legal notice. For questions about this policy, use the contact details at the end.

• The terms of use (ToU) complement this document for use of the service.
• If a translated version conflicts with the French version, the contractually applicable wording prevails as stated in the ToU.

For processing connected to our activity in Cameroon, we take into account national law, in particular Law No. 2024/017 of 23 December 2024 on the protection of personal data (official text on the Presidency of the Republic website: https://www.prc.cm/fr/multimedia/documents/10258-loi-n-2024-017-du-23-12-2024-web ). Implementation rules (data protection authority, timelines, formalities) may evolve: this policy will be updated to reflect implementing instruments and administrative practice.

Security measures, authentication, and hosting may also fall under earlier frameworks on electronic communications and cybersecurity (indicative reference: Law No. 2010/012 of 21 December 2010 on cybersecurity and electronic certification).

• Consent: for non-strictly-necessary trackers and audience measurement, we collect explicit consent through the cookie banner; the choice is stored in a cookie and in a server-side technical log (non-reversible hashes of IP address and browser, optional link to your account if signed in) for evidence and service improvement. Log retention should be set with counsel (12–24 months is common in corporate practice).
• Data subject rights: access, rectification, and other rights under applicable law; exercise via the “Contact” section and, where available, in-account settings.

• Data subjects: site visitors and mobile app users where applicable, registered users, advertisers, buyers or contacts, provider account holders, and anyone exchanging via messaging or support.
• Services covered: listing publication and browsing, provider directory and profiles, internal messaging, reviews, notifications, subscriptions and paid options, wallet (credits, spending, withdrawals), payments and manual Mobile Money proof uploads, identity verification requests, moderation and security.

Data depends on the features you use. It may include:

• Account: name or display name, email, phone number, password (stored as a hash or derivative), profile photo if provided, city or location, account type, notification and visibility preferences.
• Public profile: display settings (e.g. phone or email visibility), content you choose to show on your profile or provider page.
• Listings: text, price, category, location (city, region, address or coordinates if provided), category-specific fields, images and media.
• Providers: activity description, service area, availability, contact details after paid unlock where applicable.
• Messaging: message content, attachments allowed by the product, technical metadata (dates, participants, link to a listing where applicable).
• Payments and billing: transaction references, amounts, status, means used via integrated payment providers; screenshots or proofs for manual Mobile Money collection and related validation history.
• Wallet: balance and movements (credits, debits, withdrawal requests), registered Mobile Money numbers for payout or refund, distinctions between numbers tied to verified identity and numbers used for deposit refunds as shown in the product.
• Identity verification (KYC): ID document copy, selfie or verification photo if required, name as on the document, additional information submitted for review by authorised staff, request status and audit trail.
• Reviews: author, target (listing, provider, contextual transaction where applicable), content, date.
• Favourites, subscriptions, history of paid features and authenticated browsing.
• Technical and security data: session identifiers, strictly necessary cookies for operation and security, logs (IP address, timestamps, browser or device type), correlation IDs for support.
• Third-party data: when you use authentication, payment, third-party messaging, or geocoding, limited data may be shared with us to complete the service.

• Create and manage your account, authenticate sessions, and enforce the ToU.
• Publish, classify, moderate, and display listings and provider profiles.
• Provide messaging, notifications (email, SMS, instant messaging per your settings and active integrations), and user support.
• Process payments, subscriptions, unlocks, wallet top-ups, withdrawals, and financial disputes, including fraud prevention.
• Handle identity verification requests and adjust withdrawal rules per product policy.
• Moderate content, handle reports, investigate abuse, and strengthen platform security.
• Comply with legal obligations and respond to lawful authority requests.
• Produce aggregated or anonymised usage statistics where feasible without direct identification.
• Commercial prospecting only with separate consent and per available settings.

Depending on applicable law (Cameroon and any other targeted countries), processing may rely on: contract performance (ToU), legal obligation, legitimate interest (security, fraud prevention, service improvement with respect for your rights), or consent where required (e.g. some marketing or non-essential cookies).

A final purpose / legal basis matrix should be signed off with your counsel.

KmerLoop does not sell your personal data to advertisers. Any sharing with commercial partners outside a processing role must be explicitly described and lawfully grounded.

• Authorised publisher staff under role-based access (support, moderation, finance, engineering).
• Technical subprocessors: hosting and runtime, database, media storage, email and messaging delivery, payment gateways, geocoding, security or rate-limiting tools, backups.
• Other users: only data you make public or voluntarily send via messaging or listings.
• Public authorities when required by law or court order.

Some providers may process data from countries other than Cameroon (e.g. cloud host, CDN, transactional email). We implement appropriate safeguards (standard clauses, risk assessments, data minimisation) as required by applicable law and signed agreements.

• Keep an up-to-date list of recipient categories and countries with your DPAs and legal validation.

• Account and billing data: kept for the relationship and then per limitation periods and accounting or tax duties.
• Messaging and listings: tied to service use, moderation, and disputes; some records may be archived longer for security incidents or proceedings.
• Manual Mobile Money proofs and wallet logs: kept for financial traceability, fraud prevention, and claims handling.
• KYC files: kept as long as needed for stated purposes and legal duties, with restricted access; erased or anonymised when the law allows.
• Security logs: short to medium retention proportionate to investigation needs.

• TLS in transit, password hashing, role-based access, backups and availability measures aligned with industry practice.
• No system is perfect. Where a breach likely affects your rights, notice may be given as required by law.

• Access, rectification, and where the law allows, erasure or restriction.
• Withdraw consent for processing that depends on it (e.g. some marketing).
• Object or request restriction where local law provides.
• Lodge a complaint with a competent data protection authority if one exists in your jurisdiction.
• To exercise rights: use in-account tools if available, the site contact page, or the email in the legal notice. Proof of identity may be required to prevent impersonation.

The cookies and similar technologies deployed on the platform as of the update date are summarized below. Durations are maximums; actual lifetime may be shorter (sign-out, manual deletion, etc.). Legal bases are indicative and should be confirmed with counsel.

• Other analytics, advertising, or social trackers are used only if explicitly deployed, with notice and prior consent where the law requires.
• You can manage or block cookies in your browser settings; blocking strictly necessary login cookies may break some features (account, messaging, etc.).

• The service is intended for people legally able to contract under Cameroon law (or your local law). Minor accounts, if any, may require parental consent — confirm with counsel.

• We may update this policy to reflect product or legal changes. The date at the top is updated. Material changes may be notified by email or on-platform notice.

• For privacy questions: use the site contact form or the publisher email in the legal notice.