Privacy Policy

Last updated: 1 May 2026

Summary: We collect the minimum data needed to provide our anti-counterfeiting services. We never sell your data. Consumer scan data is used only for fraud detection and is never linked to an individual identity. You have full rights over your personal data.

1. Overview

VerifyGuard Africa ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website (verifyguard.africa), and related services (collectively, the "Services").

Please read this policy carefully. By accessing or using the Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Services.

2. Information We Collect

We collect information in the following ways:

Information you provide directly:
- Account registration data: name, email address, organisation name, and password hash.
- Product and batch information you upload to the platform.
- Communications you send us via email or contact forms.

Information collected automatically:
- Scan logs: IP address, approximate geolocation (city and country), user agent (browser/device type), and timestamp — collected each time a QR code is scanned.
- Device fingerprint signals: browser characteristics, screen resolution, and other non-personally-identifiable technical parameters used solely for counterfeit detection.
- Usage data: pages visited, features used, session duration.
- Cookies and similar tracking technologies (see Section 7).

Information from third parties:
- IP-based geolocation data from public geolocation databases for the purpose of fraud detection.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Services: Operate, maintain, and improve the platform including QR code generation, verification, and anomaly detection.
  • Anti-counterfeiting: Analyse scan patterns and device signals to detect and flag suspected counterfeit activity.
  • Account management: Manage your organisation's account, team members, and settings.
  • Communications: Send service-related notifications, security alerts, and (with your consent) marketing communications.
  • Analytics: Understand how the Services are used so we can improve them.
  • Legal compliance: Comply with applicable law, respond to legal process, and enforce our Terms of Service.
  • Security: Detect, prevent, and respond to fraud, abuse, and security incidents.

We do not sell your personal data to third parties.

4. Consumer Scan Data

When a consumer scans a QR code generated by our platform, we collect their IP address, approximate location, user agent, and device fingerprint signals. This data is:

  • Used solely for the purpose of counterfeit detection and risk scoring.
  • Made available to the brand organisation that generated the QR code in aggregated and per-scan form (without consumer identity).
  • Retained for no longer than 24 months from the date of collection.
  • Not linked to any personally identifiable consumer profile.

Consumers do not need to create an account and their identity is not collected or stored.

5. Data Sharing and Disclosure

We may share your information with:

  • Your organisation's team members who have been granted access to the platform.
  • Service providers who assist us in operating the platform (cloud hosting, email delivery, analytics), all bound by data processing agreements.
  • Law enforcement or regulatory authorities when required by law or to protect rights, safety, or property.
  • Acquirers in the event of a merger, acquisition, or asset sale, subject to standard confidentiality obligations.

We do not share personal data with advertisers or data brokers.

6. Data Security

We implement industry-standard technical and organisational measures to protect your information, including:

  • HMAC-SHA256 signing of all QR tokens.
  • Passwords hashed using bcrypt with per-user salts (never stored in plaintext).
  • HTTPS/TLS encryption for all data in transit.
  • Encrypted storage for sensitive fields at rest.
  • Role-based access control (RBAC) within the platform.
  • Comprehensive audit logs of all significant platform actions.

Despite these measures, no system is perfectly secure. We cannot guarantee absolute security and you use the Services at your own risk.

7. Cookies & Tracking Technologies

We use the following types of cookies:

  • Strictly necessary cookies: Required for authentication (session tokens) and core platform functionality.
  • Analytics cookies: Anonymous usage data to help us understand and improve the platform (e.g., page performance).
  • Preference cookies: Store your display preferences (e.g., sidebar state).

We do not use advertising cookies. You can disable non-essential cookies in your browser settings. Disabling strictly necessary cookies will impair platform functionality.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. Specifically:

  • Account data: Retained for the duration of your account plus 90 days after deletion.
  • Scan logs: Retained for 24 months.
  • Audit logs: Retained for 36 months for security and compliance purposes.
  • Counterfeit reports: Retained for 48 months.

You may request earlier deletion of your personal data subject to legal retention obligations.

9. Your Rights

Subject to applicable law, you have the right to:

  • Access: Request a copy of personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to certain processing activities.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise these rights, email us at privacy@verifyguard.africa. We will respond within 30 days.

10. Cross-Border Data Transfers

VerifyGuard Africa operates across multiple African countries. Your data may be processed on servers located outside your country of residence. Where we transfer data across borders, we take steps to ensure appropriate safeguards are in place, including contractual clauses compliant with applicable data protection laws.

11. Children's Privacy

Our Services are not directed at children under 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal data, we will delete it promptly. Contact us at privacy@verifyguard.africa if you have concerns.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice on the platform. Your continued use of the Services after any update constitutes acceptance of the revised policy. The "Last Updated" date at the top of this page will reflect the most recent revision.

13. Contact Us

For privacy-related enquiries, data subject requests, or concerns, please contact our Data Protection Officer:

Email: privacy@verifyguard.africa
Address: VerifyGuard Africa Ltd, Westlands, Nairobi, Kenya.