Privacy Policy

Summary: We collect only what we need to deliver your daily opportunity alerts. We never sell your data. You can withdraw consent and delete your account at any time by sending CANCEL or emailing privacy@bodiop.rw.

Introduction

Bodiop Ltd ("we", "us", "our") is a SaaS platform registered with the Rwanda Development Board (RDB). We are fully committed to protecting your personal data in accordance with Law No. 058/2021 relating to the Protection of Personal Data and Privacy (the "DPP Law"), overseen by the National Cyber Security Authority (NCSA), and international best practices aligned with GDPR principles where applicable.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our website, WhatsApp service, or any related features (collectively, the "Service").

By using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Data you provide directly

Full name, phone number (for WhatsApp), email address
Age (to confirm 18–35 youth focus), location (city/district in Rwanda)
Skills, interests, education level, employment status
Preferences for opportunity categories (jobs, scholarships, grants, internships, fellowships, etc.)
Optional profile details (e.g., refugee status, gender for targeted alerts)

Automatically collected data

Device information (phone model, operating system)
IP address and approximate location
Usage data (which alerts you open, click rates)
Communication logs (date/time of delivered alerts)

We do not collect sensitive data such as race, health, religion, or biometric data unless you voluntarily include it in your profile for better opportunity matching.

2. How We Use Your Data

We process your data only for the following lawful purposes under the DPP Law:

To deliver daily personalized, scam-filtered opportunity alerts via WhatsApp or email
To match opportunities to your skills, location, and status using AI
To improve the Service (analyze usage to refine AI matching)
To send administrative messages (trial reminders, billing, policy updates)
To prevent fraud, filter scams, and comply with legal obligations

We do not use your data for marketing to third parties or for any purpose unrelated to opportunity alerts.

3. Legal Basis for Processing

Consent: You give explicit opt-in consent during profile creation. You can withdraw at any time.
Contractual necessity: To provide the subscribed Service.
Legitimate interest: Improving matching accuracy and scam filtering.

4. Sharing Your Personal Data

We share data only in limited, necessary cases with our service providers under strict contracts:

n8n — workflow automation
OpenAI — AI processing (data is anonymized in prompts)
Twilio — WhatsApp message delivery
Hetzner — secure hosting and storage
Google Sheets / Airtable — database management
MTN MoMo / Airtel Money — payment processing

We also share data if required by law (NCSA, courts, or regulatory authorities). We never sell your personal data.

5. International Transfers

Some processors (OpenAI, Hetzner) are located outside Rwanda. We ensure appropriate safeguards including standard contractual clauses or equivalent measures approved by NCSA. Data is minimized and pseudonymized where possible.

6. Data Security

We implement technical and organizational measures required by DPP Law Article 38:

Encryption in transit and at rest
Access limited to authorized personnel only
Regular security audits and backups
AI prompts designed to avoid sending identifiable personal data to external models

In the event of a personal data breach, we will notify NCSA within 48 hours and affected users without undue delay.

7. Data Retention

Active users: for the duration of your subscription + 30 days after cancellation
Profile data: until you request deletion
Anonymized usage data: up to 2 years for service improvement
Legal obligations: as required by RRA or other applicable laws

8. Your Rights as a Data Subject

Under DPP Law Articles 10–20, you have the following rights (free of charge):

Right to access your data
Right to rectification (correct inaccurate data)
Right to erasure ("right to be forgotten")
Right to withdraw consent at any time
Right to object to processing
Right to data portability
Right to restriction of processing
Right not to be subject to automated decision-making

To exercise any right, contact us at privacy@bodiop.rw or WhatsApp +250 781 408 443. We respond within 30 days (7 days for urgent requests). You may also lodge a complaint with the NCSA at cyber.gov.rw.

9. Children and Vulnerable Groups

Our Service is for users aged 18–35. For users under 18, we require verifiable parental or guardian consent. We prioritize alerts for women, refugees, and rural youth when you indicate such status.

10. Changes to This Policy

We may update this Policy to reflect changes in our practices or the law. The Effective Date at the top will be updated. We will notify you via WhatsApp alert or website banner for material changes. Continued use after changes constitutes acceptance.

Contact Us

Data Controller: Jean Bosco Ndayishimiye, Bodiop Ltd

Address: Kigali, Rwanda (virtual operation)

Email: privacy@bodiop.rw

WhatsApp: +250 781 408 443