Privacy Policy

Last updated: December 13, 2025

1. Introduction

NuLakaz ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our community platform. This policy applies to users in Mauritius, South Africa, the United States, the European Union, and other jurisdictions where our service is available.

By using NuLakaz, you consent to the data practices described in this policy. If you do not agree with our policies and practices, do not use our platform.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, residential address, apartment number
  • Profile Information: Profile photo, language preferences, country of residence, timezone
  • Verification Documents: Documents submitted during registration to verify residency
  • Communication Data: Posts, comments, messages, and other content you create or share
  • Subscription Information: Billing details, payment information (processed by third-party payment processors)

2.2 Automatically Collected Information

  • Usage Data: Login history, IP addresses, device information, browser type
  • Cookies and Tracking: Session cookies, authentication tokens, preferences
  • Analytics: Page views, feature usage, interaction patterns

3. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To create and manage your account, verify your identity as a building resident, and provide access to community features
  • Communication: To send you updates, notifications, and important information about your community
  • Security: To protect against fraud, unauthorized access, and other security threats
  • Improvement: To analyze usage patterns and improve our platform's functionality
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Subscription Management: To process payments, manage subscriptions, and send billing notifications

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our service agreement with you
  • Legitimate Interests: Processing necessary for our legitimate business interests (security, fraud prevention, service improvement)
  • Consent: Where you have provided explicit consent for specific processing activities
  • Legal Obligation: Processing required to comply with legal obligations

5. Data Sharing and Disclosure

5.1 Within Your Community

Your name, profile information, posts, and comments are visible to other verified residents in your building community. You can post anonymously when creating posts or comments.

5.2 Service Providers

We may share your information with trusted third-party service providers who assist us in:

  • Payment processing (Stripe)
  • Email delivery services
  • Cloud hosting and storage
  • Analytics and performance monitoring

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. We may retain certain information for longer periods when required by law or for legitimate business purposes such as:

  • Compliance with legal obligations (typically 7 years for financial records)
  • Dispute resolution and enforcement of agreements
  • Fraud prevention and security

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Privacy Rights

7.1 General Rights (All Users)

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and personal data
  • Data Portability: Receive your data in a structured, machine-readable format

7.2 European Union (GDPR Rights)

EU users have additional rights under GDPR:

  • Right to Object: Object to processing based on legitimate interests
  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 South Africa (POPIA Rights)

South African users have rights under the Protection of Personal Information Act (POPIA):

  • Request confirmation of what personal information we hold
  • Object to processing of personal information
  • Lodge a complaint with the Information Regulator

7.4 California (CCPA/CPRA Rights)

California residents have additional rights:

  • Know what personal information is collected, used, shared, or sold
  • Request deletion of personal information
  • Opt-out of the sale of personal information (Note: we do not sell personal information)
  • Non-discrimination for exercising privacy rights

To exercise any of these rights, please contact us at privacy@nulakaz.org

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encrypted storage of sensitive information
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Other legally approved transfer mechanisms

10. Children's Privacy

NuLakaz is not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences and settings
  • Analyze usage patterns and improve our services
  • Provide security features

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our platform.

12. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on our platform
  • Sending you an email notification
  • Displaying a prominent notice on the platform

Your continued use of NuLakaz after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@nulakaz.org

General Inquiries: support@nulakaz.org

Data Protection Officer: dpo@nulakaz.org

15. Supervisory Authorities

Depending on your location, you have the right to lodge a complaint with the relevant data protection authority:

  • European Union: Your local Data Protection Authority
  • South Africa: Information Regulator (South Africa)
  • Mauritius: Data Protection Office
  • United States: Federal Trade Commission (FTC) or your state Attorney General

This Privacy Policy is effective as of December 13, 2025