🛡️ Privacy Policy — Medueti

Last updated: November 25, 2025

Introduction
Data Controller Identity
Data We Collect
How We Use Your Data
Legal Basis for Processing (GDPR)
Data Sharing and Third-Party Services
Advertising and Personalization
Device Permissions
Cookies and Tracking Technologies
Data Security
Data Retention
Your Rights
International Data Transfers
Children's Privacy
User-Generated Content
Account Verification
Payment Processing
California Privacy Rights (CCPA)
Changes to This Policy
Contact Us

1. Introduction

Welcome to Medueti, the super-app connecting the African diaspora worldwide through a rich social network featuring communities, marketplace (Afroshop), money transfers, events, local services, shipping logistics, and more.

The protection of your personal data is our priority. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Medueti application ("the App") on mobile devices or web platforms.

By downloading, installing, or using Medueti, you acknowledge that you have read and understood this Privacy Policy and agree to the practices described herein.

If you do not agree with this policy, please do not use our services.

2. Data Controller Identity

Company Name	Medueti
Contact Email	support@medueti.com
Privacy Contact	privacy@medueti.com
Administrative Headquarters	Hamburg, Germany
Data Controller	Medueti Team
Website	https://medueti.com

For any privacy-related inquiries, including exercising your data protection rights, please contact us at privacy@medueti.com.

3. Data We Collect

Medueti collects data necessary to provide and improve our services. We collect information in the following categories:

3.1 Account Registration Data

When you create an account, we collect:

Data Type	Required	Purpose
Email address	Yes	Account identification, communications
Phone number	Optional	Account verification, 2FA
Full name	Yes	Profile display, community features
Password	Yes	Account security (stored hashed)
Date of birth	Optional	Age verification
Gender	Optional	Profile personalization
Profession	Optional	Community matching
Languages spoken	Optional	Content localization

3.2 Profile Information

Data Type	Purpose
Profile photo	Visual identification
Username/handle	Unique identifier
Bio/description	Self-expression
Country of residence	Localized content
City/town	Nearby services & events
Address	Service delivery, shipping

3.3 User-Generated Content

Content Type	Description
Social posts	Text, images, videos, location tags
Messages	Text, images, videos, audio, files (end-to-end encrypted)
Comments & reviews	Text, ratings
Events	Title, description, venue, dates, images, tickets
Service listings	Service descriptions, pricing, availability
Product listings	Product descriptions, images, pricing
Shipping requests	Origin/destination, package details, photos
Portfolio items	Artwork, images, categories

3.4 Transaction & Financial Data

Data Type	Purpose
Purchase history	Order management
Booking history	Service reservations
Subscription status	Feature access
Event credits balance	Virtual currency
Transaction metadata	Amount, date, type

⚠️ Important: We do not store credit/debit card numbers. All payment card data is processed securely by our payment provider, Stripe.

3.5 Device & Technical Data

Data Type	Purpose
Device model & OS version	App optimization
App version	Compatibility, updates
Push notification tokens (FCM)	Delivering notifications
Device advertising ID	Ad personalization (with consent)
IP address	Security, approximate location
Crash logs & error reports	App stability
Biometric capability	Authentication options

3.6 Location Data

Type	Collection Method	Purpose
Country	User-provided	Localized content
City/town	User-provided or GPS	Nearby services & events
Precise GPS coordinates	Device sensors (with permission)	Nearby discovery, event check-in

📍 Location data is collected only when you grant permission and can be disabled at any time in your device settings.

3.7 Usage & Analytics Data

Data Type	Purpose
Screen views	Understand feature usage
Button interactions	UX improvement
Search queries	Search optimization
Content engagement (likes, shares)	Content recommendations
Session duration	Performance metrics
Feature usage patterns	Product development

3.8 Communication Data

Data Type	Purpose
Support tickets	Customer service
In-app communications	Notifications, updates
Email preferences	Marketing communications

4. How We Use Your Data

We use collected data for the following purposes:

4.1 Service Provision

Create and manage your user account
Provide social networking features (feed, profiles, following)
Enable messaging and real-time communication
Operate the marketplace (products & services)
Process event creation and ticketing
Manage shipping and logistics services
Provide portfolio and gallery features

4.2 Personalization

Recommend content, services, and events based on your interests
Display localized content based on your location
Customize your feed based on your interactions
Provide relevant search results using machine learning

4.3 Transactions & Payments

Process purchases and subscriptions
Manage event credits and virtual currency
Handle refunds and disputes
Generate invoices and receipts

4.4 Communications

Send transactional notifications (orders, bookings, messages)
Deliver push notifications for interactions (likes, comments, follows)
Send security alerts and account notifications
Provide customer support
Send marketing communications (with your consent)

4.5 Safety & Security

Verify user identities
Detect and prevent fraud
Enforce our Terms of Service
Protect against unauthorized access
Monitor for abuse and policy violations

4.6 Analytics & Improvement

Analyze app usage to improve features
Conduct research and development
Monitor app performance and stability
Debug and fix issues

4.7 Advertising

Display advertisements within the app
Measure ad performance
Provide personalized ads (with your consent)

4.8 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and court orders
Enforce our legal rights

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

Legal Basis	Examples
Contract Performance	Account creation, service delivery, payments, messaging
Legitimate Interests	Security, fraud prevention, analytics, app improvement
Consent	Marketing communications, personalized advertising, location access
Legal Obligation	Tax records, responding to legal requests

You may withdraw consent at any time by adjusting your settings or contacting us.

We do not sell your personal data. We share information only in the following circumstances:

6.1 Service Infrastructure Providers

Provider	Service	Data Shared	Privacy Policy
Google Firebase	Backend infrastructure, database, file storage, authentication	All app data	Google Privacy Policy
Google Cloud Platform	Cloud functions, hosting	Processed data	Google Cloud Privacy

6.2 Analytics Providers

Provider	Service	Data Shared	Privacy Policy
Firebase Analytics	Usage analytics	Anonymized usage data, device info	Firebase Privacy
Firebase Performance	Performance monitoring	App traces, network metrics	Firebase Privacy
Firebase Crashlytics	Crash reporting	Crash logs, device info	Firebase Privacy

6.3 Payment Processors

Provider	Service	Data Shared	Privacy Policy
Stripe	Credit/debit card payments, subscriptions	Billing info, transaction data	Stripe Privacy Policy
Google Play Billing	Android in-app purchases	Purchase data	Google Privacy Policy
Apple App Store	iOS in-app purchases	Purchase data	Apple Privacy Policy

6.4 Authentication Providers

Provider	Service	Data Received	Privacy Policy
Google Sign-In	Social login	Email, name, profile photo	Google Privacy Policy
Sign in with Apple	Social login	Email (may be hidden), name	Apple Privacy Policy

6.5 Advertising Partners

Provider	Service	Data Shared	Privacy Policy
Google AdMob	Mobile advertising	Device advertising ID, ad interactions	Google Ads Privacy
SKAdNetwork Partners (iOS)	Ad attribution	Attribution data	Various (see Section 7)

6.6 Location Services

Provider	Service	Data Shared	Privacy Policy
Nominatim (OpenStreetMap)	Address autocomplete	Search queries	OSM Privacy
Photon (Komoot)	City search	Location queries	Komoot Privacy

6.7 Machine Learning Services

Provider	Service	Data Processed	Privacy Policy
Google ML Kit	Image labeling for visual search	Images (processed on-device)	Google ML Kit Privacy

⚠️ Note: ML Kit image processing occurs on-device and images are not sent to Google servers.

6.8 Other Sharing Circumstances

Legal Requirements: We may disclose data to comply with applicable laws, legal processes, or governmental requests.
Safety & Security: To protect against fraud, security threats, or protect rights and safety.
Business Transfers: In case of merger, acquisition, or sale of assets, user data may be transferred (you will be notified).
With Your Consent: When you explicitly authorize sharing.

7. Advertising and Personalization

7.1 Google AdMob

Medueti displays advertisements through Google AdMob. AdMob may collect and use:

Device advertising identifier (IDFA on iOS, GAID on Android)
IP address (for approximate location)
Ad interaction data (impressions, clicks)
Device information (type, OS, language)

7.2 Ad Personalization

By default, you may see personalized ads based on your interests and activity. You can choose to receive non-personalized ads by:

Adjusting your device advertising settings
iOS: Settings → Privacy → Tracking → Disable "Allow Apps to Request to Track"
Android: Settings → Google → Ads → Opt out of Ads Personalization

7.3 iOS App Tracking Transparency (ATT)

On iOS 14.5+, we will request your permission before tracking your activity across other apps and websites for advertising purposes. You can change this setting at any time in your device settings.

7.4 SKAdNetwork (iOS)

For iOS, we work with the following SKAdNetwork partners for ad attribution:

Click to see SKAdNetwork Partner List

Google (cstr6suwn9.skadnetwork)
Facebook (v9wttpbfk9.skadnetwork)
Unity Ads (4dzt52r2t5.skadnetwork)
ironSource (su67r6k2v3.skadnetwork)
AppLovin (ludvb6z3bs.skadnetwork)
Vungle (gta9lk7p23.skadnetwork)
AdColony (4pfyvq9l8r.skadnetwork)
Chartboost (f38h382jlk.skadnetwork)
InMobi (wzmmz9fp6w.skadnetwork)
Mintegral (kbd757ywx3.skadnetwork)
And others as required by ad partners

These networks receive limited attribution data to measure ad campaign effectiveness.

7.5 Premium Users

Users with Premium, Pro, or Business subscriptions may enjoy an ad-free experience based on their subscription tier and our current policies.

8. Device Permissions

Medueti requests the following device permissions to enable specific features:

8.1 Android Permissions

Permission	Purpose	Required
`INTERNET`	Connect to Medueti servers	Yes
`ACCESS_NETWORK_STATE`	Check connectivity status	Yes
`CAMERA`	Take photos/videos for posts and profile	No
`READ_MEDIA_IMAGES` (Android 13+)	Select photos from gallery	No
`READ_MEDIA_VIDEO` (Android 13+)	Select videos from gallery	No
`READ_MEDIA_AUDIO` (Android 13+)	Select audio files for chat	No
`READ_EXTERNAL_STORAGE` (Android ≤12)	Access media files	No
`WRITE_EXTERNAL_STORAGE` (Android ≤12)	Save downloaded files	No
`ACCESS_FINE_LOCATION`	Find nearby services/events	No
`ACCESS_COARSE_LOCATION`	Approximate location for services	No
`POST_NOTIFICATIONS` (Android 13+)	Display push notifications	No
`READ_CONTACTS`	Find friends from contacts	No
`VIBRATE`	Notification vibrations	No
`USE_BIOMETRIC`	Fingerprint/face authentication	No
`USE_FINGERPRINT`	Fingerprint authentication (legacy)	No
`FOREGROUND_SERVICE`	Background messaging/uploads	Yes
`com.android.vending.BILLING`	In-app purchases	Yes

8.2 iOS Permissions

Permission Key	Purpose	Required
`NSCameraUsageDescription`	Take photos for posts and profile	No
`NSPhotoLibraryUsageDescription`	Access photo library	No
`NSPhotoLibraryAddUsageDescription`	Save images to library	No
`NSLocationWhenInUseUsageDescription`	Find nearby services	No
`NSContactsUsageDescription`	Find friends from contacts	No
`NSFaceIDUsageDescription`	Face ID authentication	No
`NSUserTrackingUsageDescription`	Ad tracking (ATT prompt)	No

📱 All optional permissions can be denied without blocking basic access to the app. You can modify permissions at any time in your device settings.

9. Cookies and Tracking Technologies

9.1 Mobile App

The Medueti mobile app uses:

Firebase Analytics: Collects anonymized usage data using device identifiers
Firebase Remote Config: Stores feature flags and A/B test assignments
Local Storage: Stores user preferences, cached data, and authentication tokens

9.2 Web Platform

Our website may use:

Essential cookies: Required for basic functionality
Analytics cookies: Google Analytics for website traffic analysis
Preference cookies: Remember your settings and preferences

9.3 Managing Cookies

Mobile: Adjust tracking settings in your device privacy settings
Web: Use your browser settings to manage or delete cookies
Analytics Opt-Out: Disable Firebase Analytics in app settings (when available)

10. Data Security

We implement comprehensive security measures to protect your data:

10.1 Technical Measures

Measure	Description
Encryption in Transit	All data transmitted using HTTPS/TLS encryption
Encryption at Rest	Data stored encrypted on Google Cloud servers
End-to-End Encryption	Private messages encrypted with AES-256
Password Hashing	Passwords stored using secure one-way hashing
Firebase App Check	Device attestation to prevent unauthorized API access
Rate Limiting	Protection against brute-force attacks

10.2 Access Controls

Restricted access to personal data (need-to-know basis)
Multi-factor authentication for administrative access
Regular security audits and penetration testing
Employee security training and confidentiality agreements

10.3 Biometric Authentication

Medueti supports biometric authentication (Face ID, Touch ID, fingerprint) as an optional security feature. Biometric data is:

Processed and stored only on your device
Never transmitted to Medueti servers
Used solely for local authentication

10.4 Data Breach Response

In the event of a data breach affecting your personal data, we will:

Notify affected users within 72 hours as required by GDPR
Notify relevant supervisory authorities
Take immediate steps to mitigate the breach
Provide guidance on protective measures

11. Data Retention

We retain personal data only as long as necessary for the purposes described:

Data Category	Retention Period
Account data	Until account deletion + 30 days grace period
User content	Until deleted by user or account deletion
Chat messages	Until deleted by user or account deletion
Transaction records	7 years (legal/tax requirements)
Analytics data	26 months (anonymized)
Security logs	12 months
Push notification tokens	Automatically cleaned when invalid
Support tickets	3 years after resolution

11.1 Automatic Data Cleanup

Expired notifications: Deleted after 7 days
Typing indicators: Cleaned via scheduled process
Invalid FCM tokens: Automatically removed
Deleted messages: Hard-deleted after 30-day retention period

12. Your Rights

12.1 Rights Under GDPR (EEA/UK/Switzerland)

Right	Description
Right of Access	Request a copy of your personal data
Right to Rectification	Correct inaccurate or incomplete data
Right to Erasure	Request deletion of your data ("right to be forgotten")
Right to Restrict Processing	Limit how we use your data
Right to Data Portability	Receive your data in a machine-readable format
Right to Object	Object to processing based on legitimate interests
Right to Withdraw Consent	Withdraw previously given consent
Right to Lodge a Complaint	File a complaint with a supervisory authority

12.2 How to Exercise Your Rights

In-App Options:

Data Export: Settings → Privacy → Export My Data
Account Deletion: Settings → Account → Delete Account
Notification Preferences: Settings → Notifications
Ad Personalization: Settings → Privacy → Ad Settings

Contact Us:

Email: privacy@medueti.com
Response time: Within 30 days

12.3 Account Deletion

When you delete your account:

Your data enters a 30-day grace period (account recovery possible)
After 30 days, all personal data is permanently deleted or anonymized
Certain data may be retained for legal compliance (e.g., transaction records)

13. International Data Transfers

Your data may be processed in countries outside your residence:

Provider	Location	Safeguards
Google Cloud/Firebase	USA, EU	Standard Contractual Clauses (SCCs)
Stripe	USA	Standard Contractual Clauses, Privacy Shield (legacy)

We ensure all international transfers comply with GDPR through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Additional safeguards as required

14. Children's Privacy

Medueti is intended for users aged 18 and over.

We do not knowingly collect data from children under 18
If we discover a minor's account, it will be immediately deleted
Parents/guardians who believe their child has provided data should contact us at privacy@medueti.com

15. User-Generated Content

15.1 Content Moderation

Users may publish text, photos, videos, comments, and listings. Medueti reserves the right to remove content that is:

Contrary to applicable laws
Hateful, discriminatory, violent, or pornographic
Violating the privacy or intellectual property of others
Spam, scams, or fraudulent
Otherwise violating our Terms of Service

15.2 Reporting System

In-app reporting for inappropriate content
Human moderation review
Appeals process available

15.3 Public vs. Private Content

Public content (posts, listings, profiles) may be visible to other users
Private messages are encrypted and only visible to participants
Adjust your profile visibility in Settings → Privacy

16. Account Verification

16.1 Business Verification

Business accounts may submit verification documents:

Document Type	Purpose
Government ID	Identity verification
Proof of address	Location verification
Business registration	Business legitimacy
Professional certifications	Service provider verification

16.2 Document Handling

Documents reviewed by authorized personnel only
Stored securely with encryption
Deleted after verification (or retained if required by law)
Not shared with third parties

17. Payment Processing

17.1 Stripe Payments

Credit/debit card payments are processed by Stripe:

Card numbers are never stored on Medueti servers
Stripe is PCI DSS Level 1 compliant
We receive only transaction confirmation and last 4 digits of card

17.2 In-App Purchases

Platform	Purchases	Billing
Google Play	Subscriptions, credits	Google Play Billing
Apple App Store	Subscriptions, credits	Apple In-App Purchase

17.3 Subscription Types

Business Subscription: Monthly/yearly
Shop Feature: Monthly
Services Feature: Monthly
Event Credits: Consumable (virtual currency)

Manage subscriptions through your device's app store settings.

18. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

18.1 Your CCPA Rights

Right	Description
Right to Know	Request what personal information we collect, use, disclose, and sell
Right to Delete	Request deletion of your personal information
Right to Opt-Out	Opt out of the "sale" of personal information
Right to Non-Discrimination	We will not discriminate against you for exercising your rights

18.2 Categories of Personal Information Collected

(Under CCPA categories)

Identifiers: Name, email, phone number, IP address, device ID
Personal Information: Account information, payment history
Commercial Information: Purchase history, transaction records
Internet Activity: Browsing history, search history, interaction data
Geolocation Data: Location information (with permission)
Sensory Data: Photos, videos, audio uploaded by user
Inferences: Preferences, characteristics, behavior patterns

18.3 "Sale" of Personal Information

We do not sell your personal information in the traditional sense. However, sharing data with advertising partners may constitute a "sale" under CCPA. You can opt out of this by:

Disabling ad personalization in your device settings
Contacting us at privacy@medueti.com

18.4 Exercising Your CCPA Rights

We will verify your identity before processing requests.

19. Changes to This Policy

Medueti may update this Privacy Policy to reflect changes in our practices, legal requirements, or features
The "Last updated" date at the top indicates the most recent revision
Material changes will be notified via:
- In-app notification
- Email to registered users
- Prominent notice in the app
Continued use after changes constitutes acceptance

We recommend reviewing this policy periodically.

20. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

General Support	support@medueti.com
Privacy Inquiries	privacy@medueti.com
Data Protection Officer	dpo@medueti.com
Website	https://medueti.com
Mailing Address	Medueti, Hamburg, Germany

Summary of Key Points

✅ We collect registration data, profile info, content you create, usage analytics, and technical data
✅ We use your data to provide services, personalize experience, process payments, and display ads
✅ We share data with service providers (Firebase, Stripe, AdMob) but never sell your data
✅ You control your data through privacy settings, data export, and account deletion
✅ We protect your data with encryption, secure infrastructure, and strict access controls
✅ Your rights include access, deletion, portability, and objection (GDPR/CCPA)
✅ Messages are encrypted end-to-end for your privacy
✅ Ads can be personalized or not — your choice

This Privacy Policy was last updated on November 25, 2025.

🌍 Medueti — Connecting the African Diaspora Worldwide