Effective Date: June 11, 2025
1. Introduction.
Qredet (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you interact with our services.
This Policy applies to your use of the Qredet website, mobile applications, and associated subdomains (collectively, the “Service” or “Platform”). By accessing or using any part of our Service, you acknowledge that you have read, understood, and agreed to this Privacy Policy and our Terms of Service. Continued use of the Service constitutes consent to the practices described herein.
2. Definitions and Key Terms.
- Company: Qredet Digital SARL, BP 06 2452, II Plateau, Abidjan 06, Côte d’Ivoire.
- Country: Côte d’Ivoire, regulated by ARTCI for data protection compliance
- Customer: Any company, organization, or individual who registers or subscribes to Qredet services.
- Device: Any internet-connected device such as a smartphone, tablet, laptop, or desktop computer.
- IP Address: A unique number assigned to a device connected to the Internet.
- Personnel: Employees, contractors, or authorized representatives of Qredet.
- Personal Data: Information that directly or indirectly identifies a natural person (e.g., name, contact details, identifiers, and biometric data)
- Service: The Qredet platform, software, tools, mobile applications, and related services.
- Third Party Service: External service providers (e.g., hosting, payments, analytics, KYC) integrated with or used by Qredet.
- You: The individual or entity accessing or using Qredet’s services.
3. What Information Do We Collect?
We collect personal and technical information to operate our services effectively, comply with legal obligations, and improve user experience.
3.1 Personal Data You Provide
We collect personal data when you register an account, make a purchase, contact support, subscribe to communications, participate in surveys, or submit forms. This may include:
- Full name and username
- Email address and phone number
- Mailing or billing address
- Payment references and billing details
- Encrypted login credentials (we do not store plain-text passwords)
We do not request or store your date of birth. We also do not store raw payment card information. All payments are securely processed through PCI DSS-compliant third-party providers.
3.2 Automatically Collected Technical Data
When you access or interact with the Platform, we may automatically collect:
- IP address and general location
- Device type, operating system, and browser version
- Log data (time/date of access, session activity)
- Usage patterns and performance metrics
- Cookies and session identifiers used for authentication and analytics
This helps us detect security threats, ensure stability, and improve experience.
3.3 Optional Information from Mobile Devices (with Consent)
With your explicit consent, the app may access:
- Location services (GPS): For security, geo-verification, and tailored services
- Contacts: To enable peer-to-peer features you choose to use
- Camera: For profile updates, document capture, or QR/NFC workflows
- Photos/Gallery: For uploads needed to complete in-app activities
You can refuse or revoke these permissions at any time in your device settings without losing access to core features.
3.4 Sensitive or Biometric Information
Qredet may collect biometric information only if you opt into identity verification (e.g., selfie and facial geometry) for KYC/AML and fraud prevention. Biometric templates are processed securely through trusted verification partners and are deleted after verification unless a longer retention period is required by law. We never use biometric data for marketing or profiling, and we comply with ARTCI guidance and applicable international standards.
3.5 TrueDepth and Facial Recognition Data
Certain features of the application may access TrueDepth API or other device-based facial recognition and depth-sensing technology to verify user identity during optional authentication or KYC processes.
- TrueDepth facial depth or geometry data is used only to confirm your identity, detect liveness, and prevent fraud.
- Such data remains on your device unless transmitted securely to a regulated identity-verification partner for the sole purpose of verification.
- We do not store, share, or sell TrueDepth or facial recognition data.
- It is never used for advertising, analytics, or profiling.
- When used by authorized third parties, the data is encrypted in transit and deleted immediately after verification in accordance with ARTCI and GDPR principles.
- You may opt out of biometric verification and choose an alternative method.
4. Legal Basis for Data Collection and Use
In accordance with Law No. 2013-450 (Côte d’Ivoire) under ARTCI, and aligned with GDPR principles where relevant, we process your information on one or more of the following grounds:
- Consent: For optional features (e.g., biometrics, marketing communications)
- Performance of a contract: To deliver requested services and fulfill transactions
- Legal obligations: Compliance with AML/KYC and regulatory requirements
- Legitimate interests: Fraud detection, security, service improvement, provided your rights are not overridden
5. When We Use Third Party Information
We may receive data from trusted third parties such as payment processors, verification partners, and analytics providers to improve user verification, fraud prevention, and compliance operations. Third parties are contractually obligated to maintain confidentiality and process data securely.
6. How Do We Use the Information We Collect?
We use information to:
- Provide, operate, and maintain the Service
- Process payments and fulfill transactions
- Verifying identities and preventing fraud
- Improve usability and customer support
- Manage promotions, loyalty programs, and marketing (where consented)
Processing is based on consent, contract, legal obligations, or legitimate interests as applicable.
7. How We Use Your Email Address
By providing your email, you consent to receive:
- Transactional communications (e.g., receipts, password resets)
- Service notifications and critical updates
- Marketing messages only if you opt in (unsubscribe anytime via link in email)
With your prior consent, we may use your email for custom audiences on advertising platforms to deliver relevant messages. If an email was provided only for an order, it will be used solely for order updates. You can withdraw consent at any time; we will honor such requests promptly in line with ARTCI and GDPR requirements.
8. Do We Share Information with Third Parties?
We share limited information with vetted providers to enable hosting, payment, identity verification, and analytics. We never sell user data. Legal disclosures may occur only when required by law.
9. Where and When We Collect Information
We collect information when you:
- Register an account or make a purchase
- Interact with support, chatbot, or contact forms
- Participate in surveys, promotions, or feedback programs
- Use location-based or analytics features
We also collect information automatically via:
- Cookies, sessions, and local storage
- Third-party integrations (e.g., Google Maps API)
- Tracking technologies for security and performance
10. How Long Do We Keep Your Information? (Retention)
We retain personal data only as long as necessary for the purposes outlined in this Policy or as required by law. Account and transaction data are kept while your account is active and for at least five (5) years afterward to comply with financial and AML/KYC obligations. Biometric verification data is retained only for the duration of verification unless longer retention is legally required. Logs and analytics are kept for the shortest practical period consistent with security and operations. When retention expires, we securely delete or irreversibly anonymize the data.
11. How Do We Protect Your Information? (Security)
We implement technical and organizational measures including:
- TLS/SSL encryption in transit; encryption at rest for sensitive data
- PCI DSS-compliant payment handling via third-party gateways
- Role-based access control and least-privilege principles
- Continuous monitoring, vulnerability assessments, and a secure development lifecycle
- Incident response procedures with notification to affected users and ARTCI where required.
12. International Data Transfers
Your data may be processed in other countries (e.g., EU, UK, US) by trusted vendors. We use Standard Contractual Clauses (SCCs), vendor due diligence, and appropriate safeguards to protect your information in accordance with ARTCI standards and internationally recognized frameworks.
13. Your Rights
Consistent with ARTCI and GDPR-aligned principles, you have the right to:
- Access a copy of your personal data
- Correct or update inaccurate information
- Withdraw consent at any time (without affecting prior lawful processing)
- Request deletion (“right to be forgotten”) subject to legal retention
- Restrict or object to processing, including for marketing
- Request portability in a structured, commonly used, machinereadable format
We respond to verified requests within 30 days. To exercise rights, contact support@qredet.com . We may need to verify your identity before fulfilling a request. If you access Qredet through another organization, please contact that organization directly; Qredet will act as processor on their behalf.
14. Links to Other Websites
Our Platform may contain links to third-party sites or services not owned or controlled by Qredet. We are not responsible for their content, policies, or practices. Your use of third-party sites is governed by their terms and privacy notices. Review those policies before providing personal data.
15. Advertising
We may display advertisements or include links to third-party services. We do not endorse or guarantee third-party content. Where advertising cookies are used, they help ensure ad relevance, cap frequency, and measure performance. You can manage cookie preferences as described in Section 17.
16. Cookies and Similar Technologies
Qredet uses cookies and similar technologies to enhance performance and functionality.
- Essential cookies enable core features such as authentication and security.
- Performance and analytics cookies help us understand usage and improve the Service.
- Advertising cookies support remarketing and relevance where consented.
We do not store personally identifiable information in cookies. You can control cookies via your browser or device settings. Disabling some cookies may impact functionality. Blocking a category of cookie does not delete it; deletion must be performed in your browser settings.
17. Remarketing Services
We may use remarketing or retargeting to show relevant ads to users who previously visited our Platform. This may involve cookies or mobile identifiers controlled by you and subject to your consent. You can opt out via ad settings on respective platforms or your device.
18. Tracking Technologies
Qredet uses tracking technologies to improve user experience, security, and performance. These include:
- Google Maps API: Used for location-based services such as map display and address lookup. Data collection and use are governed by Google’s Privacy Policy.
- Local Storage (DOM Storage): Allows the app to store user-specific data on your device for faster access. This data is not transmitted in HTTP headers.
- Session Tracking: Provides temporary storage of navigation patterns and activity flow to improve responsiveness. Session data is deleted when you log out or close the app/browser.
These technologies operate in compliance with ARTCI and GDPR principles to ensure transparency and user control.
19. Payment Details
All payments are processed by PCI DSS-compliant gateways. Qredet does not store full card details on its servers. Where storage is required (e.g., tokens), it is handled securely by the authorized processor. We take reasonable precautions to protect financial data against unauthorized access, disclosure, alteration, or destruction.
20. Children’s Privacy
Our Services are not intended for children under 13. We do not knowingly collect personal data from children under 13. If we learn that such data was provided without verified parental consent, we will promptly delete it in line with ARTCI child data principles.
21. Personnel (Employees, Contractors, Applicants)
We collect and process personnel data for HR and recruitment, such as contact details, qualifications, ID/passport, compensation/benefits, and emergency contacts. This data is used to manage employment obligations and legal compliance, and access is restricted to authorized HR/admin staff. Personnel may request access, correction, or preference changes through HR channels. Some data must be retained for legal or contractual reasons.
22. Sale of Business / Change of Control
If Qredet or its assets are involved in a merger, acquisition, restructuring, or sale, personal data may be transferred to a successor subject to equivalent privacy obligations. Where required by law, we will provide reasonable notice before such transfer.
23. Governing Law and Compliance
This Privacy Policy is governed by the laws of Côte d’Ivoire and is supervised by the Autorité de Régulation des Télécommunications/TIC de Côte d’Ivoire (ARTCI).
Qredet ensures full compliance with national data protection legislation, including Law No. 2013-450 on the protection of personal data, and adheres to regional frameworks established by the West African Economic and Monetary Union (UEMOA).
For international or cross-border data transfers, Qredet aligns its practices with the principles of the General Data Protection Regulation (GDPR) to ensure a consistent level of security, transparency, and accountability across all jurisdictions in which it operates.
24. Your Consent
By using the Platform, registering an account, submitting information, or making a purchase, you confirm that you have read and agreed to this Privacy Policy. If you do not agree, please discontinue use of the Platform. You may withdraw consent at any time via account settings or by contacting us.
25. Changes to This Privacy Policy
We may update this Policy to reflect changes in services, legal requirements, or internal practices. Material changes will be communicated via email, in-app notice, or website banner before becoming effective. Continued use after the effective date constitutes acceptance.
