Privacy Policy
Last updated: April 6, 2026
Table of Contents
1. Introduction
Sikani Technologies Pty Ltd ("Sikani," "we," "our," or "us") operates the Sikani POS platform, a scan-to-pay smart point-of-sale system that includes the Sikani Buyer App, the Sikani Seller App, and associated web services (collectively, the "Service").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service immediately.
This policy is designed to comply with the General Data Protection Regulation (GDPR), the Ghana Data Protection Act, 2012 (Act 843), and other applicable data protection laws worldwide.
2. Information We Collect
2.1 Personal Information
When you register for an account or use our Service, we may collect the following personal information:
- Identity data: full name, date of birth, national identification number or passport number, photographs, and selfie verification images
- Contact data: email address, phone number, mailing address
- Business data (sellers): business name, registration number, business address, tax identification number, and Know Your Customer/Know Your Business (KYC/KYB) documentation
- Financial data: bank account details, mobile money account information, wallet balances, and transaction history
2.2 Payment Data
When you make or receive payments through the Service, we process:
- Transaction amounts and currencies
- Payment method details (card type, last four digits, mobile money number)
- Transaction timestamps and reference numbers
- Merchant and buyer identifiers associated with each transaction
We do not store full card numbers or CVV codes on our servers. All card payment data is handled by our third-party payment processor in compliance with PCI DSS standards.
2.3 Device & Technical Data
We automatically collect certain technical information when you use the Service:
- Device type, model, and operating system version
- Unique device identifiers (e.g., device ID, advertising ID)
- IP address and approximate geolocation
- Browser type and version (for web access)
- App version and build number
- NFC and Bluetooth capability information
2.4 Usage Data
We collect information about how you interact with the Service:
- Pages and screens viewed, features used, and actions taken
- Time spent on the app and session duration
- Navigation paths and user flow data
- Error logs and crash reports
- Search queries within the app
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: to create and manage your account, process payments, facilitate QR-code and NFC transactions, and maintain wallet balances
- Verification & compliance: to perform KYC/KYB checks, verify seller identities, comply with anti-money laundering (AML) regulations, and meet legal obligations
- Security & fraud prevention: to detect, prevent, and investigate fraud, unauthorized access, and other illegal activities
- Communication: to send transaction receipts, account notifications, security alerts, and service updates via email, SMS, or push notifications
- Improvement & analytics: to analyze usage patterns, troubleshoot issues, improve the Service, and develop new features
- Legal compliance: to comply with applicable laws, regulations, legal processes, and enforceable governmental requests
- Marketing: to send promotional offers and updates about Sikani, with your consent where required by law (you can opt out at any time)
4. Data Sharing & Third Parties
We do not sell your personal data. We may share your information with the following categories of third parties:
- Third-party payment processor: we share necessary transaction and identity data with our payment processor to facilitate card and mobile money payments. They are PCI DSS compliant and process data under their own privacy policies.
- SMS & communication providers: we use third-party providers to deliver OTP codes, transaction notifications, and marketing messages to your phone number.
- Analytics providers: we use analytics tools to understand how users interact with our Service. Data shared with analytics providers is aggregated and anonymized where possible.
- Cloud infrastructure: your data is stored on secured cloud infrastructure with AES-256 encryption at rest.
- Legal & regulatory authorities: we may disclose information when required by law, court order, or government regulation, or to protect the rights, property, or safety of Sikani, our users, or the public.
- Business transfers: in the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify affected users in advance.
5. Data Security
We take the security of your data seriously and implement industry-leading measures to protect it:
- Encryption at rest: all stored data is encrypted using AES-256 encryption in our object storage systems and databases with column-level encryption for sensitive fields
- Encryption in transit: all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
- Access control: file access is managed through time-limited, pre-signed URLs that expire automatically, minimizing exposure of stored documents
- PCI DSS compliance: our payment processing infrastructure adheres to Payment Card Industry Data Security Standards
- Authentication: multi-factor authentication, JWT token-based sessions, and biometric verification options to secure your account
- Monitoring: continuous monitoring and intrusion detection systems to identify and respond to security threats
- Regular audits: periodic security assessments and penetration testing to identify and address vulnerabilities
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Financial records & transaction data: retained for 7 years from the date of the transaction, as required by applicable tax and financial regulations
- KYC/KYB verification documents: retained for 7 years after the closure of your account, in compliance with anti-money laundering regulations
- Account data: retained for the duration of your active account plus 2 years after account closure
- Application logs & usage data: retained for 30 days and then automatically purged
- Marketing preferences: retained until you withdraw consent
When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with you.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of access: you may request a copy of the personal data we hold about you
- Right to rectification: you may request correction of inaccurate or incomplete personal data
- Right to erasure ("right to be forgotten"): you may request deletion of your personal data, subject to legal retention requirements
- Right to data portability: you may request that we provide your data in a structured, commonly used, machine-readable format
- Right to restrict processing: you may request that we limit the processing of your personal data under certain circumstances
- Right to object: you may object to the processing of your personal data for direct marketing purposes or processing based on legitimate interests
- Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, please contact us at legal@sikani.tech. We will respond to your request within 30 days. For requests under GDPR, we will respond within the statutory period of one calendar month.
If you are located in Ghana, your rights under the Data Protection Act, 2012 (Act 843) are also fully respected. You may lodge a complaint with the Data Protection Commission of Ghana if you believe your data rights have been violated.
If you are located in the European Economic Area, you may lodge a complaint with your local supervisory authority.
8. Cookies & Tracking Technologies
Our website and Service use cookies and similar tracking technologies to enhance your experience and analyze usage. Below is an explanation of the types of cookies we use:
8.1 Essential Cookies
These cookies are strictly necessary for the operation of our website and Service. They enable core functionality such as authentication, session management, and security features. You cannot opt out of essential cookies as the Service cannot function without them.
8.2 Analytics Cookies
We use analytics cookies to understand how visitors interact with our website. These cookies collect information such as pages visited, time spent on pages, and navigation patterns. This data is aggregated and anonymized. You may opt out of analytics cookies through your browser settings or our cookie consent banner.
8.3 Functional Cookies
Functional cookies remember your preferences and settings (such as language, currency, and display preferences) to provide a more personalized experience. Disabling these cookies may affect certain features of the Service.
8.4 Marketing Cookies
We may use marketing cookies to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These cookies are only set with your explicit consent.
8.5 Managing Cookies
You can manage or delete cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may impair the functionality of the Service. For more information on managing cookies, visit your browser's help documentation.
9. Children's Privacy
The Sikani POS Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are under 18, please do not use the Service or provide any personal information.
If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take immediate steps to delete that information from our servers. If you believe we have inadvertently collected data from a child, please contact us at legal@sikani.tech.
10. International Data Transfers
Sikani Technologies operates globally. Your personal data may be transferred to, stored in, and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those in your jurisdiction.
When we transfer data internationally, we ensure that appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
- Data processing agreements with all third-party service providers that process data on our behalf
- Encryption of data in transit and at rest, regardless of storage location
- Compliance with the Ghana Data Protection Act requirements for cross-border data transfers
By using the Service, you acknowledge and consent to the transfer of your data to countries outside your jurisdiction where the data protection standards may differ.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you via email or in-app notification for significant changes
- Where required by law, obtain your renewed consent
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy inquiries: legal@sikani.tech
- General inquiries: legal@sikani.tech
- Legal inquiries: legal@sikani.tech
Sikani Technologies Pty Ltd
Website: sikani.tech
We aim to respond to all privacy-related inquiries within 30 days of receipt.