Privacy Policy

This policy applies to the EFG Afro Market website, the role-based dashboards (Admin, Supplier, Buyer, Staff), mobile apps, and any communication you receive from us. It should be read together with our Terms & Conditions.

Account & contact data.

• Full name, email, phone number, password hash.
• Company name, trade licence number, business registration, country, industry / product interest.
• User-uploaded avatar.

Verification (KYC) data.

• Identity documents and bank statements uploaded during onboarding.
• Review status and timestamps (PENDING / IN_REVIEW / APPROVED / REJECTED) for each document.
• Reviewer identity + remarks when applicable.

Transactional data.

• Products listed, inquiries, quotes, cart items and orders.
• Payment intents, payment status, escrow lifecycle events and payouts (including Stripe Connect account identifiers).
• Shipping addresses and invoice records.

Device & telemetry data.

• Browser user-agent, IP address, approximate location (country-level), session identifiers.
• Push-notification tokens (FCM) for registered mobile devices.
• Error reports and server logs collected for debugging.

• To create and operate your account, including authentication and KYC review.
• To enable inquiries, quotes, orders, escrow and payouts — the core trading function.
• To communicate important order, payment and compliance events (email + push notifications).
• To detect, prevent and respond to fraud, security incidents and abuse.
• To meet legal, regulatory and audit obligations in the jurisdictions we operate in.
• To improve the platform through aggregated, non-identifying analytics.

We engage specialist service providers to run parts of the platform. These processors only receive the minimum data required to perform their function and are bound by contractual data-protection commitments:

• Stripe (payments, Stripe Connect, escrow, payouts) — https://stripe.com/privacy
• Amazon Web Services (database, object storage, email delivery) — hosted in the ap-south-1 region.
• Google Firebase Cloud Messaging (push notifications).
• OpenExchangeRates (FX rates — anonymous currency pair lookups only; no user data shared).
• Operational email service for transactional messages.

We retain account and transactional records for as long as your account is active and for the retention periods required by applicable law (typically 5–7 years for financial records). KYC documents are retained for the same period for anti-money-laundering compliance. You may close your account at any time; we will anonymise or delete personal identifiers after the legal retention window expires.

We use TLS in transit, encryption at rest on managed AWS databases and buckets, hashed passwords (bcrypt), scoped API access tokens, and role-based access controls for internal staff. Payment card details are never stored on our servers; they are tokenised directly with Stripe via the PaymentElement. No system is 100% secure, but we work to raise the bar continuously.

• Access: request a copy of the personal information we hold about you.
• Correction: update inaccurate or incomplete information directly from your Settings page.
• Deletion: ask us to delete your personal data, subject to lawful retention obligations.
• Portability: request a machine-readable export of your account data.
• Objection & restriction: object to certain processing activities (e.g. marketing).
• Withdraw consent: for data we process based on your consent; this does not affect past processing.

Send any request to privacy@efgafromarket.ae. We respond within 30 days.

Your data may be processed outside your country of residence — typically in India (AWS ap-south-1) and the United States (Stripe). Where such transfers occur, we rely on standard contractual clauses or equivalent safeguards with the recipient.

We use first-party cookies and localStorage to keep you signed in, remember your locale, theme, and notification preferences, and to cache non-sensitive catalog data between sessions. We do not run cross-site tracking cookies. Third-party cookies (such as Stripe's iframe cookies on the checkout page) are operated by those providers under their own policies.

The platform is for business users and is not directed at persons under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact privacy@efgafromarket.ae.

We may update this Privacy Policy to reflect product, legal or regulatory changes. Material updates are announced in-dashboard and via email; continued use of the platform after the effective date constitutes acceptance.

Data-protection queries: privacy@efgafromarket.ae. General support: support@efgafromarket.ae.