Amaipolicies

PRIVACY POLICY OF AMAI TECHNOLOGIES LTD

Last Updated: 21 August 2025 Effective Date: 8 August 2023

This Privacy Policy (“Policy”) describes the privacy practices of Amai Technologies Ltd (“Amai,” “we,” “us,” “our”) for the “Amai” mobile application (the “App”), our associated websites, and all related services (collectively, the “Services”). This Policy is a legally binding agreement between you (“User,” “you,” “your”) and Amai. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. If you do not agree with our practices, you must not use our Services. This Policy is hosted on our verified domain and is permanently linked from the homepage of our App and website.

  1. INTERPRETATION AND DEFINITIONS 1.1. Definitions. For the purposes of this Policy:
    • “Personal Data” means any information relating to an identified or identifiable natural person.
    • “Processing” covers any operation performed on Personal Data.
    • “Data Controller” means the entity that determines the purposes and means of the processing of Personal Data. 1.2. The Data Controller. Amai Technologies Ltd, with its registered office at Village Cell A, Ishaka Division, Bushenyi, Uganda, is the Data Controller for the Personal Data processed via our Services. 1.3. Children’s Eligibility. Our Services are not directed to individuals under the age of
  2. We do not knowingly collect Personal Data from children under 16. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to delete such information. If a parent or guardian becomes aware that their child has provided us with Personal Data without their consent, they should contact us immediately at privacy@allamai.org.
  3. THE CATEGORIES OF PERSONAL DATA WE COLLECT We collect information that you provide directly to us, that we collect automatically, and that we receive from third parties. 2.1. Data You Provide Voluntarily.
    • Account and Profile Information: Including your full name, username, email address, phone number, and profile photograph, which we process to create and administer your account.
    • User Content: Including text, writings, video, audio, photographs, and other materials you generate, upload, or broadcast through the Services.
    • Payment and Transaction Information: Including billing address, payment card details (handled by our secure third-party payment processors), and transaction history, which we process to fulfill your orders.
    • Communications: Records of your correspondence with us, including support requests and feedback. 2.2. Data Collected Automatically. When you interact with our Services, we and our third-party partners (as detailed in Section 4) may automatically collect:
    • Device and Log Information: Your IP address, mobile device ID (e.g., IDFA or Android ID), device type, operating system version, browser type, language preferences, and crash reports.
    • Usage Information: Details of your interactions with our Services, such as the features you use, the time and duration of your activities, and the pages or content you view.
    • Location Information: Precise geolocation (with your explicit consent) for location￾based services, and imprecise location derived from your IP address. 2.3. Data from Third Parties. We may receive information about you from other sources and combine that with information we collect directly.
    • Social Media Platforms: If you link your social media account (e.g., Google, Facebook, X), we may receive certain profile information as controlled by that service and your privacy settings thereon.
    • Service Providers: Our analytics and infrastructure partners provide us with aggregated data to help us understand user engagement and service performance.
  4. OUR LAWFUL BASES FOR PROCESSING YOUR DATA We process your Personal Data only where we have a valid legal basis to do so, which includes: • Performance of a Contract: To provide the Services you have requested. • Consent: Where you have given us clear consent for specific purposes (e.g., marketing communications, precise location tracking). You may withdraw consent at any time. • Legitimate Interests: To operate, improve, and secure our Services, where our interests are not overridden by your data protection rights. • Legal Obligation: To comply with applicable laws, regulations, or lawful requests from public authorities. •
  5. HOW WE USE AND SHARE YOUR PERSONAL DATA 4.1. Our Use of Data. We use the data we collect to: • Provide, maintain, and improve the core functionality of the Services. • Process transactions and send you related information, including confirmations and invoices. • Respond to your comments, questions, and requests and provide customer support. • Communicate with you about products, services, offers, and events offered by Amai, and provide news and information we think will be of interest to you (you may opt-out at any time). • Monitor and analyze trends, usage, and activities in connection with our Services. • Detect, investigate, and prevent fraudulent transactions and other illegal activities and protect the rights and property of Amai and others. 4.2. Our Disclosure of Data. We may share your Personal Data in the following circumstances: • With Your Consent: We will share your Personal Data with third parties when we have your explicit consent to do so. • Vendors and Service Providers: We engage trusted third parties to perform functions on our behalf (“Processors”). These entities are contractually bound to use your data only for the services they provide to us and in compliance with this Policy. These include: o Cloud Storage & Hosting: Google Cloud Platform, Firebase Hosting. o Analytics: Google Analytics for Firebase (data is anonymized where possible). o Payment Processing: PayPal, Stripe, and other certified payment gateways. o AI Service Providers: OpenAI and Google Cloud AI, strictly under binding agreements that prohibit the use of your data for model training and require its deletion after processing. Our use of information from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. • For Legal Reasons: We may disclose your data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability. • Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. • With Other Users: Information you post to public areas of the Services (e.g., comments, forums) will be available to other users.
  6. INTERNATIONAL DATA TRANSFERS Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. Specifically, our servers and third-party service providers are in the United States, Uganda, and other global jurisdictions. We ensure that such transfers are subject to appropriate safeguards as required by data protection laws. These include: • The European Commission’s Standard Contractual Clauses. • Reliance on the adequacy decisions of relevant authorities, where applicable. • For transfers to the U.S., ensuring partners participate in and certify compliance with the EU-U.S. Data Privacy Framework. •
  7. DATA RETENTION AND SECURITY 6.1. Retention Period. We retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Our retention periods are as follows: • Account Data: Retained for the duration your account is active and for 36 months thereafter to facilitate potential re-activation. • Transaction Data: Retained for 7 years from the date of transaction to comply with financial regulations. • Location Data: Retained for 30 days for operational and security purposes, unless a longer retention period is required by law. • Analytics Data: Aggregated and anonymized after 18 months. 6.2. Security Measures. We implement a comprehensive information security program incorporating organizational, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your Personal Data. These measures include, but are not limited to: • Encryption of data in transit using TLS/SSL and data at rest using AES-256 encryption. • Strict access controls and role-based authentication protocols. • Regular security testing and vulnerability assessments. • Mandatory privacy and security training for all employees. While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee its absolute security.
  8. YOUR DATA PROTECTION RIGHTS Depending on your geographical location, you may have the following rights regarding your Personal Data: • Access & Portability: The right to request copies of your Personal Data and to receive it in a structured, machine-readable format. • Rectification: The right to request that we correct any inaccurate or incomplete information we hold about you. • Erasure (“Right to be Forgotten”): The right to request that we delete your Personal Data. • Restriction of Processing: The right to request that we suspend the processing of your Personal Data. • Objection: The right to object to our processing of your Personal Data where we are relying on a legitimate interest. • Withdraw Consent: Where we rely on consent, the right to withdraw that consent at any time. • Opt-Out of Sale/Sharing: For California residents, the right to opt-out of the “sale” or “sharing” of your Personal Data as defined by the CCPA/CPRA. To exercise any of these rights, please submit a verifiable request to us by emailing privacy@allamai.org. or by visiting the “Privacy Settings” section within the Amai App. We will respond to all legitimate requests within 30 days, in compliance with applicable law. You have the right to lodge a complaint with a supervisory authority in your jurisdiction. For South African residents, this is the Information Regulator at POPIAComplaints@inforegulator.org.za.
  9. POLICY UPDATES AND NOTIFICATION OF CHANGES We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. The “Last Updated” date at the top of this Policy indicates when it was last revised. We will provide notice of any material changes by posting the updated Policy on our Services with a new effective date, and we may notify you more prominently through the App interface or via email. Your continued use of the Services after the effective date of the revised Policy constitutes your acceptance of the terms.
  10. CONTACT INFORMATION If you have any questions, concerns, or complaints about this Policy or our data practices, please contact our Data Protection Officer at: Amai Technologies Ltd Attn: Data Protection Officer Village Cell A, Ishaka Division Bushenyi, Uganda 1222POBox 440349 Email: privacy@allamai.org Phone: +256 758 811061