Privacy Policy

Last Updated: February 26, 2026

Effective Date: February 26, 2026

Welcome to Diasfrica (“Diasfrica”, “we”, “us”, or “our”). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use the Diasfrica mobile application, website, and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

---

1. Information We Collect

1.1 Information You Provide Directly

We may collect information that you provide to us, including:

• Account Information: name, email address, phone number, profile photo.
• Authentication: Google Sign-In or Apple Sign-In identifiers.
• Event Hosting: event title, description, images, venue, date, time, pricing, and policies.
• Vendor Onboarding & Profiles: business name, service categories, service cities, vendor bio, and marketplace operating preferences.
• Event Participation: ticket purchases, RSVPs, check-ins, and attendance status.
• Wallet & Payments: transaction records, payout history, and wallet balances (payment details are processed by third-party providers; Diasfrica does not store full card or mobile money credentials).
• Vendor Payout Setup: payout account references and payout onboarding status signals needed to enable vendor settlements.
• Communications: messages, customer support requests, feedback, and survey responses.

---

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Device Information: device type, operating system, app version, and device identifiers.
• Usage Data: pages/screens viewed, features used, actions taken, and session duration.
• Approximate Location: city or region (if permission is granted) for event discovery.
• Log Data: IP address, timestamps, and error logs for security and fraud prevention.
• Analytics & Crash Reports: Google Analytics 4 (web), Firebase Analytics (app), and Firebase Crashlytics data.

---

1.3 Information from Third Parties

We may receive information from third-party services, including:

• Google Sign-In: name, email address, profile photo.
• Apple Sign-In: name and email address (where shared).
• Payment Providers: payment confirmations, transaction status, chargeback notifications.
• Payout Providers: vendor payout onboarding and account capability status from integrated payout providers.
• Mapping Services: location coordinates for event mapping and directions.

For diaspora marketplace vendor payouts, Diasfrica integrates Stripe Connect.

---

2. How We Use Your Information

We use your information to:

• Create and manage user accounts.
• Enable event discovery, ticket purchases, hosting, and check-ins.
• Enable vendor onboarding, vendor profile discovery, marketplace quotes, bookings, and settlement operations.
• Process wallet transactions, payouts, and refunds.
• Verify vendor eligibility, risk signals, and payout readiness before enabling marketplace transactions.
• Communicate important updates, notifications, and receipts.
• Improve platform performance, features, and user experience.
• Detect, prevent, and investigate fraud or abuse.
• Comply with legal obligations and enforce our Terms of Service.

---

3. Legal Bases for Processing (Where Applicable)

Where required by law (including GDPR), we process personal data based on:

• Contractual necessity (to provide the Service).
• Legitimate interests (security, fraud prevention, analytics).
• Legal obligations (financial and regulatory compliance).
• User consent (marketing communications and optional permissions).

---

4. Data Retention

We retain personal data only as long as necessary:

• Account Data: retained for the life of the account and up to 30 days after deletion. Accounts that remain inactive for 90 days may be deleted automatically after warning notifications are sent at approximately 60 days, 80 days, and 89 days of inactivity.
• Vendor Onboarding Data: retained while vendor features are active and for a reasonable period after deactivation for fraud prevention, audits, and dispute handling.
• Event Data: retained as part of the platform’s public event record.
• Transaction Data: retained for up to 7 years for financial, audit, and compliance purposes.
• Analytics Data: retained according to Firebase default retention (up to 26 months).
• Crash Logs: retained for up to 90 days.

---

5. Data Sharing and Disclosure

We share information only as necessary with trusted third parties, including:

• Firebase (Google): hosting, authentication, analytics, and security.
• Payment Providers: to process payments, payouts, refunds, and chargebacks.
• Payout Providers: to enable and verify vendor payout accounts and settlement status.
• Mapping Services: to display event locations and directions.
• Legal Authorities: where required by law or to protect legal rights.

We do not sell personal data.

---

6. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We take appropriate safeguards to ensure your data remains protected in accordance with this Privacy Policy.

---

7. Your Privacy Rights

Depending on your location, you may have the right to:

• Access: request a copy of the data we hold about you.
• Correction: update inaccurate or incomplete data.
• Deletion: request deletion of your account and personal data.
• Restriction: limit how we process your data.
• Portability: request your data in a machine-readable format.
• Opt-Out: unsubscribe from marketing communications at any time.

Requests can be made via the contact information below.

---

8. Data Security

We implement appropriate technical and organizational measures, including:

• Encryption in transit (TLS 1.2+) and at rest.
• Role-based access controls and audit logging.
• Secure cloud infrastructure and Firestore security rules.
• Fraud detection and monitoring systems.

Despite our efforts, no system is 100% secure.

---

9. Children’s Privacy

Diasfrica is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal data from children. If we become aware of such data, we will delete it promptly.

---

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain user sessions.
• Analyze usage and improve performance (Google Analytics 4 on the website; Firebase Analytics in the app).
• Prevent fraud and abuse.

Website analytics cookies (GA4) are only activated after you provide consent via the cookie banner; you can revoke consent at any time by clearing or updating your preferences. Mobile analytics respect in-app telemetry/consent settings where available.

You can manage cookies through your browser or device settings and, where supported, use the Google Analytics Opt-out Browser Add-on to disable GA4 measurement.

---

11. Payment Processing and Payment Security

Wallet Top-Ups and Transactions

• Diasfrica processes wallet top-ups through PCI-DSS Level 1 certified payment processors
• Users are directed to secure external payment gateways to complete transactions
• Diasfrica does not store, process, or retain payment card data, bank account information, or mobile money credentials
• All payment information is encrypted and processed entirely by payment processors
• Transaction records are logged in our database for refund processing and account reconciliation, but card details are never retained

Vendor Marketplace Payouts (Diaspora)

• Diaspora vendor marketplace payouts are facilitated through Stripe Connect
• Vendors may be redirected to Stripe-hosted onboarding flows to create or complete connected payout accounts
• Diasfrica receives onboarding and payout capability status signals (for example, details submitted / payouts enabled) to determine marketplace readiness
• Diasfrica does not store full bank account numbers or payment card credentials for Stripe payouts

Refund Policy

• Wallet credits are generally non-refundable
• Refunds for failed transactions are processed within 5-7 business days
• Chargebacks are resolved in accordance with payment processor policies
• For payment disputes, contact your payment provider

Compliance with App Store Policies

• Diasfrica complies with Apple App Store and Google Play Store payment policies
• Payment processing occurs through external payment gateways outside the app
• Users have the option to manage payment methods directly with their payment provider
• For questions about charges or billing, users should contact their payment provider or Diasfrica via the contact information below

---

12. Contact Us

If you have questions or requests regarding this Privacy Policy:

Email: privacy@diasfrica.com

Mailing Address: Washington, DC

---