Privacy Policy
Last updated: June 1, 2026 • Compliant with Ghana DPA 2012 (Act 843)
1. Data Controller
OminiHub, operated by Afrilogic Solutions, is the data controller for personal data collected through our website (ominihub.com). When you use our APIs to process end-user data, you are the data controller and OminiHub acts as a data processor on your behalf.
2. Data We Collect
Account data: Name, email, company, role - collected when you create a developer account.
API data (processed on your behalf): MSISDNs, identity documents, biometric data, financial account information. This data is processed per your instructions and subject to your consent obligations.
Usage data: API call logs, error rates, latency metrics - collected for service delivery, debugging, and billing.
3. How We Protect Data
- MSISDNs are HMAC-SHA256 hashed and never stored in cleartext
- National ID numbers exist only transiently during KYC verification
- All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Immutable WORM audit logs for all data access events
- Role-based access control with principle of least privilege
4. Consent & Purpose Limitation
Under Ghana DPA 2012, personal data must be processed with consent and for specified purposes. OminiHub's Link service enforces scoped consent with 7 explicit OAuth scopes. Data is only accessible within the granted scope and consent period.
5. Data Retention
API call logs: 90 days. KYC records: Per regulatory requirements (minimum 5 years for AML). Consent records: Retained for the lifetime of the connection plus 7 years. Account data: Until account deletion plus 30-day grace period.
6. Your Rights
Under Ghana DPA 2012, you have the right to: access your personal data, request correction of inaccurate data, request deletion (subject to regulatory retention requirements), withdraw consent at any time, and lodge a complaint with the Data Protection Commission.
7. Data Processing Agreement
Enterprise customers receive a Data Processing Agreement (DPA) that specifies: categories of data processed, processing purposes, security measures, sub-processor lists, breach notification procedures, and data deletion obligations. Contact legal@ominihub.com for DPA requests.