Privacy notice · v1.0

How we handle your identity data.

Last updated: 29 May 2026. Plain-English version. The full legal document is on file with our DPO.

Who we are

AfriID™ is an identity verification network operated by Agodi Technologies (Pty) Ltd ("Agodi", "we", "us"), powered by IDVero™ infrastructure. We are the Responsible Party (POPIA) / Data Controller (GDPR) / Data Controller (NDPR) for the identity records we mint.

What we collect

  • Identity proof: selfie image, photo of government ID (passport, driver's licence, national ID), liveness signals.
  • Account data: email, phone, display name, country of residence.
  • Verification signals: IP address (hashed), device user-agent, time of verification, source product where verification was initiated.
  • Consent records: which policy version you accepted, when, from which IP/device.

Why we collect it (lawful basis)

  • To establish your verified identity once and let you reuse it across partner products — your explicit consent.
  • To prevent fraud, scam, and abuse on the platforms that accept AfriID — legitimate interest balanced against your rights.
  • Where AfriID is used inside a regulated product (fintech, healthcare), to comply with KYC / AML / sector law — legal obligation.

What we share, with whom

By default, partner products see only a minimal subset:

  • Verified yes/no flag
  • Trust score (0–100)
  • Verification badges (face match, ID check, liveness, etc.)
  • Country (no street address)

The underlying images, full ID number, date of birth, and biometric vectors are never shared with partner products. They live in encrypted storage accessible only to Agodi's security-cleared review team for fraud investigations, subject to the right-of-access audit log.

How long we keep it

Verification records are retained for as long as your account is active, plus a regulatory retention period of up to seven years where required by local law (e.g. South African FICA). Selfie and ID images are deleted immediately upon successful verification once the underlying biometric vector is created; vectors themselves are pseudonymised.

Your rights

Under POPIA (SA), GDPR (EU), and NDPR (Nigeria) you may:

  • Access a copy of your data
  • Correct inaccurate fields
  • Object to processing for marketing or non-essential analytics
  • Withdraw consent (revokes platform-wide verification)
  • Request erasure (subject to regulatory retention windows)
  • Lodge a complaint with your local supervisory authority

Email privacy@agoditechnologies.com with your request. We respond within 30 days.

Where we store it

Data residency follows the user's country of verification. South African verifications stay in africa-region infrastructure (eu-west-1 currently, with planned migration to af-south-1). Cross-border transfers occur only under appropriate safeguards (Standard Contractual Clauses, Adequacy Decisions where available).

Cookies + similar

We use only strictly-necessary cookies on the AfriID website itself (session, CSRF, language). No advertising trackers, no third-party analytics that fingerprint you, no behavioural profiling. Partner products that embed AfriID make their own choices, governed by their own notices.

Children

AfriID is not intended for users under 18. Where AfriID is embedded in a product that serves minors (e.g. PlayOlu), the underlying account belongs to the parent / guardian whose identity we verify.

Changes

We will notify you in-app and by email at least 30 days before any material change to this notice. Previous versions remain accessible to you via the consent log.

Contact

Data Protection Officer
Agodi Technologies (Pty) Ltd
privacy@agoditechnologies.com