Privacy Policy

Effective date:

20

November 2025

Rafiki Works LTD — Privacy Policy

Effective date: 20 Nov 2025

Company Information

Rafiki Works LTD is the data controller for this Privacy Policy.
Registered Address: 86–90 Paul Street, London, United Kingdom, EC2A 4NE
Company Status: Active
Company Type: Private Limited Company
Contact Email: info@rafiki.works

Rafiki Works LTD (“Rafiki,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our website, software platform, mobile app, and any related services (the “Platform”).

By accessing or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, you must stop using the Platform.

1. Who We Are

Rafiki is a technology platform that provides workflow, invoicing, payment-routing, collaboration, and marketplace tools for agencies, freelancers, contributors, and project-based teams.

Rafiki is not a provider of financial services, custody services, or identity verification services. Certain activities on the Platform require interaction with independent, licensed third-party providers, who process personal data under their own legal obligations.

This Privacy Policy covers only Rafiki’s processing of data.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide Directly

  • Name, email address, phone number, and business details
  • Profile information (skills, biography, marketplace listings)
  • Project and invoice data
  • Communications sent to or through the Platform
  • Preferences and account settings

2.2 KYC/KYB Information (Handled by Licensed Third Parties)

If you choose to activate payment or custodial functionality, you may be required to submit identity documentation or business verification information.

Rafiki does not perform KYC/KYB itself.
This data is collected and processed directly by licensed third-party compliance providers. Rafiki may receive verification status updates but does not access full documentation unless strictly necessary and legally permitted.

2.3 Usage and Interaction Data

  • Pages visited
  • Features used
  • Time spent in product
  • Navigation patterns
  • Interactions with support or notifications

2.4 Device and Technical Data

  • IP address
  • Browser type and version
  • Device identifiers
  • Operating system
  • Mobile device details
  • Diagnostic and log data

2.5 Location Data

If enabled, we may collect approximate location information for security and fraud-prevention purposes.

2.6 Transaction and Financial Metadata

Rafiki does not store or control user funds.

We may process:

  • Payment instructions you initiate
  • Invoice details
  • Allocation rules for contributor payouts
  • Project-based payment metadata
  • Status updates from custodial or payment partners

Rafiki does not hold private keys or access wallet balances.

2.7 Blockchain Data

Certain actions (e.g., stablecoin transactions) generate public blockchain records including:

  • Wallet addresses
  • Transaction amounts
  • Fees
  • Timestamps

This data is inherently public and outside Rafiki’s control.

3. How We Use Your Information

3.1 To Operate and Provide the Platform

  • Managing user accounts
  • Invoicing and project workflows
  • Routing of payment instructions
  • Facilitating collaboration
  • Operating marketplace and profile features

3.2 Support for Third-Party Financial and Compliance Services

Rafiki may share minimal data required for:

  • Identity verification
  • Payment processing
  • Custodial wallet provisioning
  • AML or sanctions screening
  • Off-ramp activity

These third parties process data independently under their own legal obligations.

3.3 To Improve the Platform

  • Analytics and usage measurement
  • Error detection
  • Product development
  • Research and user insights

We may use aggregated or anonymised information where possible.

3.4 Communications

We may contact you to:

  • Provide service updates
  • Respond to support requests
  • Process billing or subscription details
  • Deliver marketing communications (with your consent where required)

3.5 Security, Fraud Prevention and Legal Compliance

  • Monitoring suspicious activity
  • Enforcing Platform rules
  • Protecting users
  • Complying with applicable laws

4. How We Share Information

We do not sell personal data.

4.1 Licensed Third-Party Financial and Compliance Providers

Shared only to the extent needed to enable:

  • Identity verification
  • Custodial wallets
  • Payment execution
  • AML screening
  • Off-ramping

These entities operate independently of Rafiki.

4.2 Service Providers

We use trusted partners for:

  • Cloud hosting and storage
  • Analytics
  • Authentication
  • Communications
  • Customer support tools

They may only process data on Rafiki’s instructions.

4.3 Marketplace Visibility

If you publish a profile or listing, some information becomes visible to other users or to the public depending on your settings.

4.4 Business Transfers

In a merger, acquisition, or corporate restructuring, personal data may be transferred under continued privacy safeguards.

4.5 Legal and Regulatory Requirements

We may disclose data when required to:

  • Comply with legal obligations
  • Respond to law-enforcement requests
  • Enforce our Terms
  • Protect our rights or users

5. International Data Transfers

Data may be processed in the:

  • United Kingdom
  • European Economic Area
  • South Africa
  • Other jurisdictions where our service providers operate

Where data is transferred internationally, we apply safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • UK Addendum / IDTA
  • Contractual and organisational protections

6. Data Retention

We retain personal data only as long as necessary to:

  • Provide the Platform
  • Meet legal obligations
  • Resolve disputes
  • Enforce agreements

Financial-related data may be subject to mandatory retention periods imposed on Rafiki’s third-party partners.

7. Your Rights

Depending on your jurisdiction (including UK GDPR, EU GDPR, and POPIA), you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Delete your data (subject to lawful exceptions)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent (where applicable)
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact info@rafiki.works.

8. Your Choices

You may:

  • Update account information
  • Manage marketing preferences
  • Request account deletion
  • Control cookies via browser settings
  • Decide what profile data appears in the marketplace

Certain data cannot be deleted if required for legal or operational reasons.

9. Security

We implement technical and organisational measures including:

  • Encryption
  • Access controls
  • Secure cloud infrastructure
  • Monitoring and logging
  • Regular reviews

Users must secure their own devices and accounts.

10. Children’s Privacy

The Platform is not intended for users under 18.
We do not knowingly collect data from minors.
If discovered, such data will be deleted.

11. Changes to This Privacy Policy

We may update this Privacy Policy.
Material updates will be communicated via the Platform or email.
The Effective Date will reflect the latest version.

Continued use of the Platform constitutes acceptance.

12. Contact Us

For privacy questions, data requests, or complaints, contact:

Rafiki Works LTD
Registered Address: 86–90 Paul Street, London, United Kingdom, EC2A 4NE
Email: info@rafiki.works