Privacy Policy

1. Who We Are

IB4ME Ltd is a company registered in Sierra Leone that operates a medical emergency crowdfunding platform. We act as the data controller for personal information collected through the Platform.

2. Information We Collect

We collect the following categories of personal information:

2.1 Account Information

When you register for an account, we collect:

• Full name
• Email address
• Phone number
• Password (stored in encrypted form)
• Profile photo (optional)
• Country and city of residence

2.2 Identity Verification Documents

To comply with Know Your Customer (KYC) and Know Your Business (KYB) regulations, we collect:

For Individuals:

• Government-issued identification (national ID, passport, driver's license)
• Proof of address (utility bill, bank statement)

For Organizations:

• Business registration certificate
• Tax identification documents
• Representative identification
• Proof of registered address

2.3 Campaign Information

When you create a campaign, we collect:

• Patient name, age, and photo
• Medical diagnosis and condition details
• Hospital or healthcare provider information
• Medical documentation (diagnosis letters, cost estimates, receipts)
• Campaign narrative and updates
• Fundraising goal amount

2.4 Donation Information

When you make a donation, we collect:

• Donation amount
• Payment method selection
• Donor name (optional for anonymous donations)
• Donor email (optional)
• Donation message (optional)

2.5 Payment Information

To process payments and payouts, we collect:

• Mobile money account details (provider, phone number, account name)
• Bank account information (bank name, account number, account holder name)
• Transaction history

Note: Full payment card details are processed directly by our payment processors and are not stored on our servers.

2.6 Technical Information

We automatically collect:

• IP address
• Browser type and version
• Device information
• Operating system
• Login timestamps
• Session duration
• Pages visited

2.7 Communication Data

We collect information when you:

• Contact our support team
• Receive notifications (email, SMS, WhatsApp)
• Participate in surveys or feedback requests

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Platform Operations

• Creating and managing your account
• Processing campaign creation and verification
• Facilitating donations and payouts
• Providing customer support

Legal Basis: Contractual necessity to provide our services.

3.2 Verification and Compliance

• Verifying your identity (KYC/KYB)
• Preventing fraud and financial crimes
• Complying with anti-money laundering (AML) regulations
• Meeting legal and regulatory requirements

Legal Basis: Legal obligation and legitimate interests in fraud prevention.

3.3 Payments

• Processing donation payments
• Disbursing funds to campaign creators
• Managing transaction records
• Resolving payment disputes

Legal Basis: Contractual necessity.

3.4 Communications

• Sending donation confirmations and receipts
• Notifying you of campaign updates
• Sending payout status updates
• Delivering account security alerts
• Providing customer support responses

Legal Basis: Contractual necessity and legitimate interests.

3.5 Security and Fraud Prevention

• Detecting and preventing fraudulent activity
• Monitoring for suspicious transactions
• Protecting against unauthorized access
• Maintaining audit logs

Legal Basis: Legitimate interests in platform security.

3.6 Platform Improvement

• Analyzing usage patterns
• Improving platform features
• Fixing technical issues

Legal Basis: Legitimate interests in service improvement.

4. Sharing Your Information

We share personal information with the following categories of recipients:

4.1 Payment Processors

We share payment information with:

• Monime: Our primary payment processing partner
• Orange Money: For mobile money transactions
• AfriMoney: For mobile money transactions
• Card Networks: Visa, Mastercard for card payments

These providers process payments on our behalf and have their own privacy policies.

4.2 Cloud Service Providers

We use third-party services for:

• Cloudinary: Secure storage of images and documents
• Database Hosting: Secure data storage

These providers are contractually obligated to protect your data.

4.3 Communication Providers

To send notifications, we share contact information with:

• WhatsApp Business API: For WhatsApp messages
• SMS Providers: For text message notifications
• Email Service Providers: For email communications

4.4 Legal and Regulatory Authorities

We may disclose information when required by:

• Court orders or legal process
• Government or regulatory requests
• Law enforcement investigations
• Anti-money laundering reporting obligations

4.5 Information We Do NOT Share

We do not sell, rent, or share your personal information with:

• Marketing companies
• Data brokers
• Third parties for their advertising purposes

5. Medical Information

We recognize that medical information is particularly sensitive and requires enhanced protection.

5.1 Special Handling

Medical information shared through campaigns (diagnoses, medical records, health conditions) is:

• Treated as sensitive personal data
• Accessible only to authorized staff on a need-to-know basis
• Subject to additional security controls
• Not used for any purpose other than campaign verification and display

5.2 Consent Requirements

Campaign Creators must obtain consent from patients (or their legal guardians) before sharing medical information on the Platform. By creating a campaign, you represent that you have obtained such consent.

5.3 Public Display

Medical information shared in campaign descriptions is publicly visible on the Platform. Campaign Creators control what medical details are shared publicly.

6. Data Security

We implement robust security measures to protect your personal information:

6.1 Technical Safeguards

• Encryption: All data transmitted to and from the Platform uses HTTPS/TLS encryption
• Password Security: Passwords are hashed using bcrypt encryption
• Access Controls: Role-based permissions limit data access to authorized personnel
• Two-Factor Authentication: Optional additional security for user accounts

6.2 Administrative Safeguards

• Staff Training: Employees receive privacy and security training
• Access Logging: All access to sensitive data is logged and auditable
• Confidentiality Agreements: Staff and contractors sign confidentiality agreements
• Incident Response: Procedures for detecting and responding to security incidents

6.3 Audit Logging

All administrative actions are logged, including:

• Account modifications
• Campaign verification decisions
• Payout approvals
• Data access by staff

7. Data Retention

We retain personal information for the following periods:

After these periods, data is securely deleted unless retention is required for ongoing legal proceedings, regulatory investigations, or unresolved disputes.

8. Your Rights

You have the following rights regarding your personal information:

8.1 Right of Access

You can request a copy of the personal information we hold about you.

8.2 Right of Correction

You can request correction of inaccurate or incomplete personal information.

8.3 Right of Deletion

You can request deletion of your personal information, subject to:

• Legal retention requirements
• Ongoing transactions or disputes
• Fraud prevention needs

8.4 Right to Data Portability

You can request your data in a commonly used, machine-readable format.

8.5 Right to Object

You can object to processing based on legitimate interests.

8.6 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

8.7 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@ib4me.org

We will respond to requests within 30 days. We may request identity verification before processing requests.

9. Cookies and Tracking

9.1 Cookies We Use

9.2 Analytics

We may use analytics tools to understand how the Platform is used. Analytics data is aggregated and does not identify individual users.

9.3 Managing Cookies

You can manage cookies through your browser settings. Disabling essential cookies may affect Platform functionality.

10. Third-Party Services

The Platform integrates with third-party services that have their own privacy practices:

10.1 Payment Processors

• Monime: Subject to Monime Privacy Policy
• Orange Money: Subject to Orange Money terms and conditions
• AfriMoney: Subject to AfriMoney terms and conditions

10.2 Cloud Services

• Cloudinary: Subject to Cloudinary Privacy Policy

10.3 Communication Services

Third-party messaging providers process communications on our behalf under data processing agreements.

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

11. International Data Transfers

Your personal information may be transferred to and processed in countries outside Sierra Leone where our service providers operate. These countries may have different data protection laws.

When transferring data internationally, we implement appropriate safeguards, including:

• Contractual protections with service providers
• Security measures to protect data in transit and at rest

12. Children's Privacy

The Platform is intended for users aged 18 years and older. We do not knowingly collect personal information from children under 18.

Campaigns for Minors: Adults may create campaigns on behalf of minors (e.g., for a child's medical treatment). In such cases, the adult Campaign Creator is responsible for obtaining appropriate consent.

If we become aware that we have collected personal information from a child under 18 without appropriate consent, we will take steps to delete that information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated through:

• Email notification to registered users
• Notice posted on the Platform
• Updated "Last Updated" date at the top of this policy

Continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Data Protection Legislation

Sierra Leone is developing comprehensive data protection legislation. We are committed to complying with applicable laws, including:

• Right to Access Information Act 2013 (Sierra Leone)
• Upcoming Data Protection and Right to Access Information Bill (Sierra Leone)
• General Data Protection Regulation (GDPR) (for users in the European Union)

We aim to apply high data protection standards regardless of specific legal requirements.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days.

16. Complaints

If you are not satisfied with our response to a privacy concern, you may have the right to lodge a complaint with a relevant data protection authority in your jurisdiction.