Plain language first. This Privacy Policy is written to be read and understood — not to confuse you. We will always tell you clearly what we collect, why we collect it, and what your rights are. If anything is unclear, email us at [email protected].
Kiriqoo is a Pan-African wellness and wealth ecosystem — a platform rooted in African wisdom, built to help people build wealth, heal the body, and free the mind. We are currently in pre-launch phase, collecting a waitlist of people interested in early access.
Data Controller: Kiriqoo Inc. (operating as Kiriqoo), Toronto, Ontario, Canada.
Data Protection Contact: [email protected]
For EU/UK residents, Kiriqoo acts as the data controller under GDPR and UK GDPR. For California residents, Kiriqoo is the "business" under CCPA.
We only collect what we need. Here is exactly what we collect through our waitlist form:
| Data | Required? | Why we collect it |
|---|---|---|
| Email address | Required | To notify you when Kiriqoo launches |
| First name | Optional | To personalise communications |
| Country | Required | To understand which communities we serve |
| Age range | Required | To ensure our services are age-appropriate |
| Primary interest | Optional | To understand what matters most to you |
| Phone number | Optional | For SMS launch notifications (only if you provide it) |
| Instagram handle | Optional | To connect with our community before launch |
We also automatically collect limited technical information when you visit our website:
We do not collect: payment information, government ID, biometric data, health records, or any sensitive personal data through the waitlist form.
Under GDPR and equivalent laws, we must have a valid legal reason ("legal basis") for processing your data. Our legal bases are:
| Purpose | Legal Basis |
|---|---|
| Sending you launch notifications | Consent — you actively agreed via the checkbox |
| Understanding our community | Legitimate interests — aggregate, anonymised data only |
| Analytics and website improvement | Consent — via the cookie banner |
| Security and fraud prevention | Legitimate interests — protecting the platform and community |
| Legal compliance | Legal obligation — complying with applicable laws |
You can withdraw your consent at any time by emailing [email protected] or clicking unsubscribe in any email we send.
We do not use your information for: targeted advertising, selling to third parties, profiling for automated decision-making, or any purpose other than those listed above.
| Data | Retention Period | Reason |
|---|---|---|
| Waitlist signup data | Until Kiriqoo launches + 12 months, or until you request deletion | To notify you at launch |
| Analytics data | 14 months (Google Analytics default) | Trend analysis |
| Security logs | 90 days | Fraud and abuse prevention |
After the retention period, data is permanently deleted from our systems and those of our service providers. You can request deletion at any time — see Section 8.
You have the following rights over your personal data. These apply regardless of where you are in the world:
Request a copy of all personal data we hold about you.
Request that we permanently delete your data ("right to be forgotten").
Request that we correct any inaccurate data we hold about you.
Request your data in a machine-readable format to take to another service.
Withdraw your consent at any time. We will stop processing your data immediately.
Object to processing based on legitimate interests.
To exercise any of these rights, email [email protected] with the subject line "Privacy Request." We will respond within 30 days (EU/UK: within 1 month as required by GDPR).
We will never charge a fee for handling privacy requests unless they are manifestly unfounded or excessive.
Canadian residents have the right to access and correct their personal information under PIPEDA. Quebec residents have additional rights under Law 25, including the right to data portability and the right to de-index information. You may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or the Commission d'accès à l'information du Québec.
EU residents have all rights listed in Section 8 under Articles 15–22 of the GDPR. You have the right to lodge a complaint with your national Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu. We respond to EU requests within 30 days and will extend to 60 days only for complex requests, with notification.
UK residents have equivalent rights under UK GDPR. You may file a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
California residents have the right to know what personal information is collected, the right to delete, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights. To exercise CCPA rights, email [email protected] with subject "CCPA Request." We will respond within 45 days.
Nigerian residents have rights under the Nigeria Data Protection Act 2023, including rights of access, rectification, erasure, restriction, portability, and objection. You may file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
South African residents have rights under the Protection of Personal Information Act (POPIA), including the right to access, correction, and deletion of personal information. Complaints may be lodged with the Information Regulator at inforegulator.org.za.
Kenyan residents have rights under the Data Protection Act 2019, overseen by the Office of the Data Protection Commissioner at odpc.go.ke.
Ghanaian residents have rights under the Data Protection Act 2012, overseen by the Data Protection Commission at dataprotection.org.gh.
In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant regulatory authority within 72 hours of becoming aware of the breach (as required by GDPR and PIPEDA).
Kiriqoo's waitlist and services are intended for people aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted information to us, please contact us at [email protected] and we will delete the information immediately.
We may update this Privacy Policy from time to time as Kiriqoo evolves. When we make material changes, we will:
Continued use of our services after changes take effect constitutes acceptance of the updated policy. If you do not agree with changes, you may request deletion of your data at any time.
Email: [email protected]
Subject line: "Privacy Request" for data access/deletion, "GDPR Request" for EU/UK, "CCPA Request" for California
Response time: Within 30 days for all jurisdictions (GDPR: within 1 month)
Kiriqoo Inc. · Toronto, Ontario, Canada · kiriqoo.com