← Home

Privacy Policy

App Store & Google Play Compliant

Last Updated: April 12, 2026

Dawn Telecommunication SARL

1. Introduction

Alkebulan ("we," "our," or "us") operates a multi-vertical SuperApp including e-commerce marketplace, BulanPay financial services, ThirtyMin delivery, healthcare services, Lodear automotive marketplace, and B2B wholesale. This Privacy Policy explains how we collect, use, and protect your information across all our services.

2. UEMOA Regulatory Compliance

Alkebulan complies with Regulation No. 001/CTRCE-UEMOA/2021 on personal data protection within the West African Economic and Monetary Union (UEMOA). We also comply with the regulations of the Central Bank of West African States (BCEAO) for financial and transactional data processed through BulanPay.

3. Information We Collect

Information We Collect:

  • Personal identification information (name, email, phone, date of birth)
  • Financial data (BulanPay wallet, transaction history, KYC documents, credit score)
  • Delivery data (addresses, GPS location for ThirtyMin tracking)
  • Health information (consultations, prescriptions — only with explicit consent)
  • Vehicle information (VIN, vehicle listings on Lodear)
  • Commerce data (order history, wishlists, reviews, preferences)
  • Device information (app version, OS, push notification tokens)

4. How We Use Your Information

How We Use Your Information:

  • Provide, maintain, and improve our six integrated verticals
  • Process transactions through BulanPay (payments, BNPL, investments, savings)
  • Coordinate ThirtyMin deliveries and real-time tracking
  • Enable telemedicine consultations and prescription management
  • Power AI recommendations and personalization (Yennenga)
  • Comply with KYC/AML regulations across multiple jurisdictions
  • Detect and prevent fraud via our fraud engine

5. Cookies & Local Storage

Our platform uses a single authentication cookie (auth-token), which is an httpOnly JWT cookie required for secure session management. We do not use third-party tracking cookies, advertising cookies, or analytics cookies. No personal data is stored in local storage or session storage.

6. Data Retention Periods

  • Account data: retained for the duration of your account plus 1 year after deletion
  • Financial transactions: 10 years (BCEAO legal obligation)
  • KYC documents: 5 years after account closure
  • Connection logs: 1 year

7. Medical Data Protection

Health data collected through our Digital Health vertical benefits from enhanced protection. Access is strictly limited to authorized healthcare professionals (DOCTOR and PHARMACY roles). All medical data is encrypted end-to-end. Prescriptions and consultation records are never shared without your explicit consent.

8. Data Security

We implement bank-grade security across 24 dedicated modules: encrypted storage, JWT authentication, role-based access control (8 roles), transaction OTP, wallet PIN protection, fraud detection engine, and SAR reporting. Your financial data in BulanPay meets PCI DSS standards.

Technical Security Measures

All data is encrypted using AES-256-GCM for data at rest and TLS 1.3 for data in transit. Our infrastructure includes double-layer rate limiting (Nginx + Express), CSRF protection, Content Security Policy (CSP) headers, and HTTPS enforcement on all endpoints. Financial transactions benefit from additional protections: idempotency guards, transaction OTP, and wallet PIN.

9. Data Sharing

Data Sharing:

  • BulanPay payment processors (Senfenico, mobile money providers)
  • ThirtyMin delivery drivers (only delivery address and order details)
  • Healthcare providers (only with your explicit consent)
  • Regulatory authorities (KYC/AML compliance requirements)
  • AI processing (Yennenga uses anonymized data for recommendations)

10. Third-Party Services

We work with the following third-party services to deliver our platform: Senfenico (Mobile Money payments processing), Firebase (push notifications), and mapping/geolocation services (for ThirtyMin delivery tracking). Each third-party provider is subject to its own privacy policy. We only share the minimum data required for each service to function.

11. Your Rights

Your Rights:

  • Access your data across all verticals
  • Request correction of inaccurate information
  • Delete your account and associated data
  • Export your transaction and health records
  • Withdraw consent for health data sharing
  • Opt out of AI-powered recommendations

12. Data Portability

You have the right to export all your personal data in a standard, machine-readable format (JSON or CSV). This includes your account information, transaction history, order history, health records (with your consent), and all other data we hold about you. To request an export, contact our privacy team.

13. Information for Mobile App Users

Our mobile applications (available on the App Store and Google Play) collect only the data necessary for the operation of our services. We do not sell your personal data to third parties. You can disable push notifications and geolocation at any time in your device settings. The app requires an internet connection to function. Offline data is synced securely when connectivity is restored.

14. Contact

Contact:
alkebulan@dawngroup.shop
Dawn Telecommunication SARL — privacy@dawngroup.shop