Contents
Creator Privacy Notice
Version 1.0 · Effective 2026-06-15 · Last reviewed 2026-05-02
This Notice describes how Jiji Africa Holdings Ltd and its market subsidiaries (collectively, “Jiji”, “we”, “us”) collect, use, share, store, and protect Personal Data when you (“you”, “Creator”) use the Jiji Partners Creator Portal (the “Portal”). It complements — and where the Portal differs, overrides — the general Jiji marketplace privacy notice.
This Notice is the binding statement of our practices toward you. Where it conflicts with our internal Data Processing Agreement (DPA), the conflicting clause does not override creator-facing rights granted under the data-protection law of your market (see §13 Per-market addenda).
§1 Who is the Controller
Jiji Africa Holdings Ltd is the Controller of your Personal Data, acting through the market subsidiary that signed up your account:
- Jiji KE Ltd (Kenya)
- Jiji NG Ltd (Nigeria)
- Jiji GH Ltd (Ghana)
- Jiji UG Ltd (Uganda)
- Jiji TZ Ltd (Tanzania)
- Jiji ET Ltd (Ethiopia)
- Jiji BD Ltd (Bangladesh)
The market subsidiary is your primary point of contact for data-protection matters. The Group DPO is reachable at dpo@jiji.partners; per-market DPOs are listed in §13.
§2 Personal Data we collect
2.1 Data you provide directly
- Account identity: name (as it appears on your government ID), email address, phone number (E.164), date of birth, country of residence, preferred currency.
- KYC documents: government-ID image (national ID, passport, or driver’s licence), selfie liveness capture, proof-of-address where required, and the structured fields extracted from these documents (ID number, issue/expiry date, document country, name match).
- Payout-rail credentials: mobile-money handle (M-Pesa / MoMo / bKash / Nagad / Telebirr) or bank-account details. We store these as opaque references to a secrets vault and a UI-safe masked display string — the raw handle is never queryable from the application database (see §6 Security).
- Tax identifiers where you provide them: KRA PIN (Kenya), TIN (Nigeria), BIN (Bangladesh), equivalent in other markets.
- Support communications: anything you send to creator-support@jiji.partners, in-app help threads, attached files.
2.2 Data generated by your use of the Portal
- Click-attribution events: every click on a tracked Jiji Partners link — timestamp, source platform (where inferable), the Product Card clicked, anonymised buyer fingerprint, geo at the IP-region level.
- Order and commission events: orders attributed to your links, the commission accrued, holdback expiry, reversal events, payout requests, payout settlement status.
- Authentication events: sign-in attempts, OAuth refresh-token rotations, sign-out events, session creation/termination.
- Device and connection signals: IP address, browser user-agent, OS family, device class (mobile / tablet / desktop), referrer for the entry hit, language preference.
- Behavioural-fraud signals: click velocity, conversion patterns, geo / IP / device anomalies — used to detect self-dealing and abusive accounts.
2.3 Data we receive from third parties
- OAuth providers (Google as of v1.0): your verified email, given name, profile picture URL, the OAuth subject identifier. Profile pictures are surfaced from
lh3-lh6.googleusercontent.com and never copied to our origin. - KYC vendors (Smile Identity, IDology, equivalents per market): the verification verdict (verified / rejected / pending), match confidence, document-fraud flags, sanctions-screening result. We do not store the vendor’s raw biometric template.
- Payout-rail providers (M-Pesa, Paystack, MoMo, Telebirr, bKash, Nagad, partner banks): payout settlement confirmations, failure codes, and chargeback events.
We do not buy Personal Data from data brokers and we do not enrich your profile from external sources beyond the explicit integrations above.
§3 Why we process your data (purposes and legal bases)
| Purpose | Categories used | Legal basis |
|---|
| Operate the Portal account | Account identity | Performance of contract |
| KYC / sanctions screening | KYC documents, identifiers | Legal obligation (AML/CFT) + Performance of contract |
| Calculate and settle commissions | Orders, attribution events | Performance of contract |
| Disburse payouts | Payout-rail credentials, identifiers | Performance of contract |
| Tax reporting | Tax identifiers, payout history | Legal obligation |
| Detect fraud and abuse | Behavioural signals, device data | Legitimate interest (programme integrity) |
| Provide support | Support communications | Performance of contract |
| Send transactional emails | Email, account events | Performance of contract |
| Send marketing emails | Email, account, opt-in flag | Consent (you may opt-out at any time) |
| Comply with regulator requests | Any of the above | Legal obligation |
We do not use Personal Data for:
- Training generic ML models on creator data (a specific commitment also imposed on our Sub-processors via §3.5 of the DPA).
- Selling or licensing Personal Data to advertisers or data brokers.
- Profile enrichment for resale.
§4 Who we share data with
4.1 Sub-processors (act on our instructions)
- Cloud infrastructure: AWS (Cape Town
af-south-1 for KE/NG/GH/UG/TZ; Dublin eu-west-1 for ET; Mumbai ap-south-1 for BD), and Google Cloud where named in the DPA. - Payment rails: M-Pesa (Safaricom), Paystack, MTN MoMo, Airtel Money, Telebirr (Ethio Telecom), bKash, Nagad, partner banks.
- KYC vendors: Smile Identity, IDology, regional equivalents (Veriff, Onfido per addendum).
- Email delivery: AWS SES; per-market fall-back providers documented in our Sub-processor registry.
- Observability: Sentry (with PII scrubbing at SDK level), Datadog (no PII fields shipped to logs).
- Customer-support tooling: an in-app threaded inbox; no third-party helpdesk SaaS sees the raw thread bodies as of v1.0.
The current Sub-processor registry is published at dpo@jiji.partners on request. Material additions get 30 days’ prior notice by email + in-app banner; you may close your account during this window if you object (§9 of the Terms).
4.2 Joint-Controllers (independent decisions on shared data)
- OAuth providers when you sign in (Google as of v1.0) — they decide what claims are issued; we decide which to retain.
- Payment-rail providers when they make their own AML / chargeback determinations.
4.3 Regulators and law enforcement
We disclose Personal Data to regulators, courts, or law-enforcement agencies when legally compelled (court order, warrant, regulatory production order) or where disclosure is required to protect the vital interests of a person. We notify you of such requests where the legal compulsion does not forbid notice.
4.4 Corporate transactions
In the event of a sale, merger, financing, or restructuring of Jiji or any of its subsidiaries, Personal Data may transfer to the successor entity, subject to this Notice (or a successor notice with no less protection).
§5 International transfers
We store Personal Data in the regional zone listed in §4.1. Cross-border transfers within the Group (e.g., centralised analytics in af-south-1 for KE-resident creators) operate on the legal basis of the Controller-Sub-processor agreement and, where the destination is non-adequate, EU Standard Contractual Clauses (2021/914) plus a documented Transfer Impact Assessment.
We do not transfer Personal Data outside the listed regions without an approved transfer mechanism.
For Ethiopia specifically: cross-border foreign-currency settlement is subject to NBE directives, and your payouts may be domestic-ETB only until forex licensing changes.
§6 Security
We protect your data with measures described in Article 32 GDPR / per-market equivalent:
- Encryption at rest (AES-256) and in transit (TLS 1.2+, TLS 1.3 preferred).
- Access controls — role-based, least-privilege, mandatory MFA for any production-data access, quarterly access reviews.
- Audit logs of all production-data access, retained ≥ 365 days, tamper-evident.
- Pseudonymisation wherever processing purpose allows (e.g., analytics on hashed-email tuples).
- Annual external pentest; CVSS ≥ 7 patched within 30 days, ≥ 9 within 7 days.
- Personnel background checks for staff with production-data access; mandatory annual security training.
We do not promise that no security incident will ever happen. We do promise to notify you within 72 hours if a breach affecting your data triggers your market’s notification threshold (per ODPC, NDPC, equivalent regulators).
§7 Retention
| Category | Retention |
|---|
| Account profile, when account is active | For the life of the account |
| Account profile, after account closure | 30 days for normal closure; up to 7 years where legally required |
| KYC documents and verification verdicts | 5–7 years from account closure (AML/KYC law) |
| Tax records (payouts, withholding) | 7 years (general tax-law minimum) or longer per local rule |
| Click-attribution events | 13 months rolling, then aggregated |
| Authentication events | 90 days |
| Support communications | 24 months from last message; longer if part of an open dispute |
| Marketing-email opt-in/opt-out flags | Until you opt out + 6 months (suppression-list retention) |
After the retention period, data is deleted or anonymised so that re-identification would require disproportionate effort (e.g., aggregated commission totals lose the per-creator key).
You may request earlier deletion under §8.3, but we will retain anything still legally required (KYC, tax) for the full statutory window.
§8 Your rights
Under your market’s data-protection law, you have at least the following rights, exercisable by writing to privacy@jiji.partners with subject “Data subject request — \[your action\]”:
8.1 Access. A copy of the Personal Data we hold about you, in a structured machine-readable format.
8.2 Rectification. Correction of inaccurate or incomplete data. Most fields are self-service in the Portal under Profile → Account; KYC fields require re-verification.
8.3 Erasure (“right to be forgotten”). Deletion, subject to retention obligations. We honour the request for everything not legally retained; the residual retained data is restricted from active processing.
8.4 Restriction. Pause processing of certain data while a dispute is open (e.g., contested KYC verdict).
8.5 Portability. Receive your data in a structured, machine-readable format and have it transmitted to another controller where technically feasible.
8.6 Objection. Object to processing based on legitimate interest (§3 — fraud detection). We balance against the programme-integrity interest; in most cases we cannot stop fraud detection while the account is active, but we will document the trade-off.
8.7 Withdraw consent. For any processing based on consent (§3 — marketing emails), you may withdraw at any time. This does not affect the legality of processing carried out before withdrawal.
8.8 Lodge a complaint. The right to complain to your market’s data-protection authority (§13).
We respond to verified rights requests within 30 days (or the shorter statutory window of your market). We may extend by up to 60 days for complex requests, with notice.
We do not charge for rights requests except where they are manifestly unfounded or excessive (in which case we tell you the basis before charging).
§9 Cookies and similar technologies
We use a small set of cookies and browser storage:
- Authentication session (
__Host-authjs.csrf-token, __Secure-authjs.session-token) — strictly necessary; remembering you are signed in. No legal basis required beyond §3 “operate the Portal”. - Attribution cookies (
jp-attr-*, where applicable) — track which creator referred a buyer, for the per-market attribution window. Considered strictly necessary for the affiliate model on the buyer side; on the Creator Portal side, these cookies are not set. - Preference cookies (theme, locale) — strictly necessary for the UI you chose.
We do not use third-party analytics, advertising, or tracking cookies on the Creator Portal as of v1.0. If we ever add them, we will update this Notice and ask for consent before activation.
§10 Automated decision-making and profiling
We do automated decisioning in two narrow contexts:
- KYC pass / fail — based on the vendor’s match confidence + sanctions-screening verdict. A failure is reviewable by a human Compliance Officer on request.
- Fraud risk score — combining click velocity, conversion patterns, and device/IP signals to flag suspect accounts for human review. A flag is not an automated termination; a human reviews before any account-state change with material consequence.
Neither produces a final decision with legal or similarly significant effect on you without human review (the threshold under GDPR Art. 22 / DPA-KE §35 / NDPA §37). You may request the human-review record under §8.
§11 Children
The Portal is not intended for under-18s. We do not knowingly collect data from children. If you believe a child has signed up, write to privacy@jiji.partners and we will delete the account on verification.
§12 Changes to this Notice
Material changes (new categories of data, new purposes, new Sub-processors with broader scope, retention extensions): 30 days’ notice by email + in-app banner.
Non-material changes (clarifications, contact-info updates, correction of typos): notice on next sign-in.
Continued use of the Portal after the effective date of a change constitutes acceptance. If you do not accept, you may close your account per §9 of the Terms.
§13 Per-market addenda
The following addenda apply to creators registered in the named market and override this Notice where conflicting. Each lists: applicable law, regulator, your rights window, and the per-market DPO.
§13.1 Kenya (KE)
- Law: Data Protection Act 2019 (DPA-KE).
- Regulator: Office of the Data Protection Commissioner (ODPC). Complaints: complaints@odpc.go.ke.
- Rights response: 30 days (DPA-KE §26).
- Per-market DPO: dpo-ke@jiji.partners.
- Cross-border: §43 DPA-KE — transfer to a country with adequate protection or under appropriate safeguards.
§13.2 Nigeria (NG)
- Law: Nigeria Data Protection Act 2023 (NDPA) + NDPC General Application & Implementation Directive.
- Regulator: Nigeria Data Protection Commission (NDPC). Complaints: portal at ndpc.gov.ng.
- Rights response: 30 days (NDPA §34).
- Per-market DPO: dpo-ng@jiji.partners.
- Cross-border: NDPA §41 — adequacy or SCCs + TIA.
§13.3 Ghana (GH)
- Law: Data Protection Act 2012 (Act 843).
- Regulator: Data Protection Commission (DPC).
- Rights response: 40 days.
- Per-market DPO: dpo-gh@jiji.partners.
§13.4 Uganda (UG)
- Law: Data Protection and Privacy Act 2019.
- Regulator: Personal Data Protection Office (PDPO).
- Rights response: 30 days.
- Per-market DPO: dpo-ug@jiji.partners.
§13.5 Tanzania (TZ)
- Law: Personal Data Protection Act 2022.
- Regulator: Personal Data Protection Commission (PDPC-TZ).
- Rights response: 30 days.
- Per-market DPO: dpo-tz@jiji.partners.
§13.6 Ethiopia (ET)
- Law: Personal Data Protection Proclamation (when proclaimed; interim — National Bank of Ethiopia data-handling regulations apply for the financial-data subset).
- Regulator: TBD on proclamation; interim notifications go to NBE per the financial-services rule.
- Rights response: 30 days target (anticipated).
- Per-market DPO: dpo-et@jiji.partners.
§13.7 Bangladesh (BD)
- Law: Digital Security Act 2018; Personal Data Protection Act draft 2023 (enactment pending).
- Regulator: Digital Security Agency (interim); future PDPA regulator on enactment.
- Rights response: 30 days target (anticipated).
- Per-market DPO: dpo-bd@jiji.partners.
- General privacy queries: privacy@jiji.partners
- DPO (Group): dpo@jiji.partners
- Per-market DPO: see §13 (
dpo-<market>@jiji.partners) - Postal: Jiji Africa Holdings Ltd, Attn: Data Protection Office; per-market subsidiary address on request.
If we cannot resolve your complaint, you may complain to your market’s data-protection authority (§13).