Privacy Policy

IraChat ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

By using IraChat, you consent to the data practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide During Registration

When you create an account, we collect basic information:

• Required: Full name, username, date of birth (for age verification)
• Authentication: Email address OR phone number (depending on registration method)
• Optional: Profile photo, bio

1.2 Extended Profile Information (Optional)

You may choose to add additional information to your profile later:

• Professional Info: Work history, education, skills, achievements, experience
• Contact Info: Additional email, phone, website, social media links (LinkedIn, Twitter, GitHub, portfolio)
• Location: City, district, address (for profile display, not tracking)
• Media: Cover image, additional photos
• Privacy Preferences: Whether to show email/phone publicly, allow search visibility

1.3 Content You Create

• Messages: Text, photos, videos, voice notes, documents shared in chats (private messages are end-to-end encrypted)
• Posts & Stories: Video updates, articles, comments, polls shared publicly
• Business Content: Business profiles, product listings, orders (if you create a business)
• Institution Content: Organization profiles, opportunity postings (if you register as an institution)
• Opportunities: Job postings, scholarship listings, applications (if you post or apply)

1.4 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Features used, time spent on the App, interaction patterns
• Log Data: IP address, access times, app crashes, and system activity
• Connection Information: Network type and connection status for offline functionality

1.5 Contacts Access (Optional)

With your explicit permission, IraChat may access your device contacts to help you find friends on IraChat.

• Purpose: To display which of your contacts are on IraChat and facilitate connections
• Storage: Contact data is processed locally on your device and is NOT uploaded to our servers
• Control: You can deny or revoke this permission at any time in your device settings

1.6 Location Access (Optional)

With your explicit permission, IraChat may access your location for location-based features.

• Purpose: To show nearby opportunities, businesses, and institutions relevant to your area
• Precision: We only use approximate location (city/region level), not precise GPS coordinates
• Storage: Location data is NOT stored permanently and is only used during active sessions
• Control: You can deny or revoke this permission at any time in your device settings

1.7 Information We Do NOT Collect

• Content of end-to-end encrypted messages (we cannot access these)
• Background location tracking (we do not track your location when the app is closed)
• Contact data on our servers (contacts are processed locally only)
• Financial/payment information (we do not process payments)

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: To operate, maintain, and improve the App's four main tabs: Chats, Business, Opportunities, and Updates
• Account Management: To create and manage your account
• Communication: To send you service-related notifications and updates
• Personalization: To provide AI-powered recommendations for products and opportunities
• Security: To detect, prevent, and address fraud, abuse, and security issues
• Analytics: To understand how users interact with the App and improve our services
• Legal Compliance: To comply with applicable laws and regulations
• Support: To respond to your inquiries and provide customer support

3. Legal Basis for Processing

Under the Uganda Data Protection and Privacy Act, 2019, and GDPR, we process your personal data based on:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of our services to you
• Legal Obligation: Processing is necessary to comply with applicable laws
• Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services and ensuring security

4. Data Sharing and Disclosure

4.1 We May Share Your Information With:

• Other Users: Your profile information and public content are visible to other users as per your privacy settings
• Service Providers: Third-party vendors who assist us in operating the App (e.g., Firebase for cloud hosting and authentication)
• Business Partners: When you interact with businesses on the platform, they receive information necessary for the transaction
• Legal Authorities: When required by law, court order, or to protect our rights and safety

4.2 We Do NOT:

• Sell your personal data to third parties
• Share the content of your encrypted messages with anyone
• Provide your data to advertisers for targeted advertising
• Use third-party tracking or advertising SDKs

5. Data Security

We implement robust security measures to protect your data:

• End-to-End Encryption: Private messages are encrypted so only you and the recipient can read them
• Secure Authentication: We support phone verification, email verification, and Google Sign-In
• App Lock: Optional PIN, pattern, or biometric authentication to protect access to the App
• Secure Infrastructure: We use industry-standard security practices for data storage and transmission
• Regular Security Audits: We regularly review and update our security practices

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

• Account Data: Retained as long as your account is active or as needed to provide you services
• Messages: Encrypted message content is stored on our servers only until delivered. Once delivered, messages are stored locally on devices
• Deleted Accounts: When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes
• Anonymized Data: We may retain anonymized, aggregated data for analytics purposes

7. Your Rights

Under the Uganda Data Protection and Privacy Act, 2019, and applicable international laws, you have the following rights:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent

To exercise these rights, please contact us at support@irachat.com or use the "Export Data" and "Delete Account" features in the App settings.

8. Privacy Controls

IraChat provides you with extensive privacy controls in Settings:

• Profile Visibility: Control who can see your profile (Everyone, Contacts Only, Nobody, or Everyone Except specific users)
• Last Seen: Control who can see when you were last active
• Profile Photo Visibility: Control who can see your profile photo
• Read Receipts: Control whether others see when you've read their messages
• Blocking: Block users, businesses, or institutions from contacting you
• Screenshot Protection: Prevent screenshots in your chats (Global Chat Privacy)
• Message Sharing Protection: Prevent sharing/forwarding of your messages
• App Lock: Enable PIN, pattern, or biometric lock with auto-lock duration

9. Children's Privacy

9.1. IraChat is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13.

9.2. If you are between 13 and 18 years old, you must have parental or guardian consent to use the App. We verify age during registration and require confirmation of parental consent for users under 18.

9.3. If we discover that we have collected personal data from a child under 13 without parental consent, we will delete that information promptly.

9.4. Parents or guardians who believe their child has provided us with personal data should contact us at support@irachat.com.

10. International Data Transfers

10.1. IraChat is based in Uganda. Your data may be transferred to and processed in countries outside Uganda.

10.2. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your data in accordance with the DPPA and applicable international standards.

10.3. For users in the European Economic Area, we ensure transfers comply with GDPR requirements through appropriate legal mechanisms.

11. Cookies and Tracking

11.1. As a mobile application, IraChat does not use browser cookies.

11.2. We use local storage on your device to store preferences, cached data, and authentication tokens.

11.3. We do not use third-party tracking or advertising SDKs.

12. Third-Party Services

IraChat uses the following third-party services:

• Firebase (Google): Authentication, database, storage, and analytics
• Google Sign-In: Optional authentication method

These services have their own privacy policies, and we encourage you to review them.

13. Data Breach Notification

13.1. In the event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by the Uganda Data Protection and Privacy Act, 2019.

13.2. We will notify affected users within 72 hours of becoming aware of a breach that poses a risk to their rights and freedoms.

13.3. Notification will include the nature of the breach, likely consequences, and measures taken to address it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date
• Sending a notification through the App for significant changes

Your continued use of IraChat after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us: