This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Zikwala marketplace to connect with buyers and sellers. By accessing or using the platform, you agree to the practices described below. Zikwala Marketplace (operated by Kenatrix) is the data controller for the processing described in this policy. This policy applies to users of the Zikwala platform within the United States. If you are located in a jurisdiction with additional privacy rights (for example, California under the CCPA/CPRA), those rights may apply in addition to the rights described here. We process your personal information based on your consent, our legitimate interests in operating and improving the marketplace, or as necessary to comply with legal obligations.

We collect only the information necessary to provide our services and ensure a secure and personalized experience. This includes your name, email address, and phone number; login credentials (either email/password or via Google/Apple); details of any listings you create (such as product or property information); messages exchanged between users; and general usage data—such as searches performed and interactions within the platform. We do not collect your age, payment or financial information, or any sensitive personal data. We do not collect national ID numbers or other sensitive categories of personal data unless required by applicable law or expressly requested and consented to by you (for example, where a governmental or compliance requirement applies). We may also collect device identifiers, IP addresses, and location metadata inferred from your IP address or device locale to provide and secure the service. We do not request or use device-level location permissions (e.g., GPS). For details about local storage and third-party integrations, please see Section 8.

We use the information you provide to create and manage your account, connect you with buyers and sellers, and facilitate communications between users. We also rely on it to comply with legal and regulatory obligations, detect and prevent fraud or abuse—including maintaining a safe and trustworthy marketplace—and continuously enhance your experience through personalized recommendations, streamlined search results, and improved features. We may also use de-identified or aggregated information to improve features and support product development. Aggregate data does not identify you personally. We may use personal information to provide customer support and to communicate important notices (for example, changes to terms or security alerts). We do not use personal information for targeted advertising, behavioral profiling, cross-app tracking, analytics, or crash reporting.

Zikwala Marketplace currently allows posting, listing creation, and selling activities only for users located within the United States. Users outside the United States may browse the platform but cannot create listings or offer items or services for sale. To enforce these geographic restrictions, we infer your approximate location using IP‑based geolocation provided through our hosting and content delivery infrastructure (such as CloudFront). This method identifies your country based on network information and does not involve GPS, precise device‑level location, or continuous tracking. We use this location information solely to determine feature availability, prevent misuse, and maintain compliance with our platform policies. We do not request or access device‑level location permissions, and we do not use location data for advertising, analytics, or profiling.

We do not sell your personal information. We share your information only in the following limited circumstances: - Between Users: Your name and contact details may be shared with other users only to facilitate communication—such as when you connect a buyer with a seller or exchange messages. If you choose to contact another user via WhatsApp, SMS, or external messaging services, those communications are outside our control and governed by the third party’s privacy terms. - With Service Providers: We may share personal information with trusted third-party service providers who assist us in operating, hosting, and maintaining our platform. For example, we use Amazon Web Services (AWS) for secure data storage and infrastructure (primarily located in the United States). These providers are contractually obligated to process data only as necessary to provide services to us and not for their own purposes. - With Firebase: We use Google Firebase for app initialization and push notifications. Firebase may collect anonymized device identifiers to ensure reliable delivery. We do not use Firebase for analytics or crash reporting. - When Required by Law: We may disclose your personal information to comply with a valid legal obligation, such as a court order, subpoena, or regulatory request. - Business Transfers: We may share or transfer personal information as part of a merger, acquisition, reorganization, sale of assets, or in the event of bankruptcy. Any such transfer will be subject to confidentiality conditions and handled consistent with this Privacy Policy or users will be notified. - International Transfers: Your personal information may be transferred to, stored, and processed in countries other than the country in which you reside (including the United States). We use appropriate safeguards for international transfers consistent with applicable law (for example, contractual protections or other legal mechanisms). We do not share your personal data for marketing or advertising purposes, and we never sell it to any third party. Where required by laws such as the CCPA/CPRA or GDPR, we will provide mechanisms to opt out of any permitted sharing activities while maintaining core service functionality.

All of our services—including user authentication, data storage, and processing—are powered by Amazon Web Services (AWS), primarily using AWS Cognito for identity and access management. Under the AWS shared responsibility model, AWS secures the infrastructure, while we configure and control how your data is processed. - Encryption: Data is encrypted in-transit using TLS/HTTPS and at-rest with AWS’s industry-standard AES-256 encryption. - Account security: We leverage Cognito’s authentication features—including multi-factor authentication (MFA), secure token issuance, and optional risk-based adaptive login policies—to protect your account. - Compliance-ready platform: AWS Cognito and our overall architecture are compliant with major standards (e.g., SOC, ISO, PCI DSS, GDPR), offering secure, scalable, and auditable infrastructure. We limit access to personal information to employees and contractors who need that access to perform services for us. We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. While we use commercially reasonable safeguards, no system is completely secure; in the event of a data breach affecting your personal information, we will notify you and any applicable regulator as required by law. If you suspect unauthorized access to your account or data, please contact security@kenatrix.com immediately.

When using third-party login options such as Google or Apple, we may receive access to your public profile and email address. These platforms manage your login credentials and govern the use of your data according to their own privacy policies. We do not control the privacy practices of those providers and are not responsible for their actions. Please review their privacy policies for details about how they process your data. We may receive additional profile information if you grant permission through the third-party provider. Third‑party login does not override geographic posting restrictions; users outside the United States may authenticate but cannot create listings.

You have rights regarding your personal information, including the ability to access, correct, or delete the data we hold about you. You can also request a copy of your data. Users may delete their own product listings at any time directly through the app. To delete your entire account and all associated personal data, you may email us at support@kenatrix.com or visit our Account Deletion Request Page. We will respond within 45 days, as required by applicable laws. If we require more time, we will notify you and explain the reason. Certain legal obligations may require us to retain some information even after your account is deleted. Depending on your jurisdiction, you may have additional rights under laws such as the EU GDPR (access, correction, deletion, portability, restriction, objection) or the California Consumer Privacy Act / CPRA (access, deletion, opt-out of sale/targeted advertising). We may request information to verify your identity before honoring certain requests. We do not charge a fee for reasonable requests, though in some jurisdictions a fee may apply for excessive or repetitive requests. If you disagree with how we handled your privacy request, you may appeal our decision by contacting privacy@kenatrix.com.

We use secure local storage and caching mechanisms to improve performance, maintain login sessions, and support core functionality across both mobile and web platforms. - On web, we may use browser-based local storage or caching to remember session state and enhance responsiveness. - On mobile, we use platform-native tools such as Hive, Secure Storage, and Shared Preferences to store session data and preferences securely. We do not use browser cookies or third-party tracking technologies. If you use third-party login options (such as Google or Apple), or access Cognito-hosted authentication flows, those providers may use cookies or similar technologies to manage session state. These behaviors are governed by their respective privacy policies. We do not use behavioral tracking, cross-app data collection, or analytics tools within the app. All locally stored data is used solely to support your experience within the Zikwala platform. Local storage may also be used to enforce geographic posting restrictions by remembering your region as inferred from CloudFront or IP‑based geolocation.

Our platform allows users to create and share listings and messages. To maintain a safe marketplace, users can report abuse, fraudulent activity, offensive content, or violations of our policies using the “Report Abuse” or “Report Unavailable” features. Reported content is reviewed and managed internally by our moderation team. While users cannot directly block other users, we take appropriate actions—including warnings, content removal, or account suspension—to prevent abuse and ensure platform safety. We do not monitor private messages for advertising purposes, but reports and certain automated tools help identify violations and protect the community. Users located outside the United States may browse content but cannot create listings or post new content.

Zikwala is designed to deliver a seamless and secure marketplace experience across mobile and web platforms while minimizing the use of device-level permissions. We only request access to features essential for core functionality, and all permissions are optional and user-controlled. Depending on your device and platform, we may request access to: - Camera Access: Enables users to take or upload photos for listings or profile customization. - Photo/Media Access: Allows users to select images from their device or browser when creating or updating posts. - Notification Access: Used to deliver timely updates about messages, offers, and account activity. Users can manage notification preferences through device or browser settings. - Location Inference: We estimate your general region using your IP address and device or browser locale to personalize your experience and enforce geographic posting restrictions. We do not request or use device-level location permissions (e.g., GPS), and users cannot manually override their region. We do not engage in background tracking or collect data beyond what is necessary to provide our services. All permissions can be reviewed and revoked at any time through your device or browser settings. Zikwala may also integrate trusted third-party tools to enhance performance and reliability, including: - Google Firebase: Used for app initialization and push notifications via Firebase Cloud Messaging (FCM). Firebase may collect anonymized device identifiers to ensure reliable delivery. We do not use Firebase for analytics or crash reporting. - Social Login SDKs: To enable secure authentication via Google or Apple. These third-party services operate under their own privacy policies. We do not track users across third-party apps or websites.

We retain your personal information—name, email address, phone number, and password—for as long as your account remains active or as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Once your account is deleted or you request that we no longer use your information, we will retain and use your data only to the extent required to comply with legal obligations, resolve disputes, and enforce our agreements. We ensure that your data is not retained longer than necessary and is securely deleted when no longer needed, in accordance with applicable data protection laws. Backups and archived copies of data may persist for a limited period (for example, 30–180 days) before being purged, depending on the specific data type and legal requirements. We will securely delete or anonymize data when it is no longer needed for the purposes set out in this policy.

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information as required by the Children's Online Privacy Protection Act (COPPA). If you believe we may have collected information from a child under 13, please contact us at contact@zikwala.com. If we are made aware that we have collected personal information from a child in a jurisdiction with a different threshold than 13 (for example, local law defining minors differently), we will comply with the applicable local requirement and take reasonable steps to delete the information.

We may update this Privacy Policy periodically to reflect changes in laws, technology, or our services. The most recent revision date will always be displayed. Continued use of our services implies acceptance of the updated terms. Where required by law or where changes materially affect user privacy, we will provide advance notice (for example, via email or in-app notification) prior to the effective date of the changes.

If you have questions or concerns about this Privacy Policy or your personal information, please contact our support team at support@kenatrix.com or visit https://zikwala.com/contact. For data protection inquiries, please include your state of residence and a clear description of your request so we can process it efficiently.

These Terms shall be governed by and construed in accordance with the laws of the United States. Users agree to submit to the exclusive jurisdiction of the courts of the United States.