Ruka kwenye yaliyomo
Refya

Privacy Policy - Refya

This Privacy Policy explains how Lumen Labz, LLC (Refya) collects, uses, and shares data when you use the Refya platform.

Last updated: 23/01/26

1. Who this policy applies to

This policy applies to anyone using the Platform, including:

  • customer users;
  • partners/merchants (where applicable);
  • any person contacting support.

2. Data we process

2.1. Data provided by you

Depending on your use of the Platform, we may process:

  • identity and account data: first name, last name, phone number, and any information entered in your profile;
  • orders/requests data: information required to execute an order/request (for example delivery address when delivery is requested);
  • communications data: messages or information exchanged with support, and technical details required to send/receive notifications (email/WhatsApp) depending on enabled features;
  • merchant/partner data (if applicable): business information (profile, catalog, opening hours, etc.) and subscription-related information;
  • 2.2. Data processed automatically:
  • usage and connection data (date/time, viewed pages/screens, actions performed);
  • technical data (device type, OS version, language, technical identifiers, error logs).

3. Why we use this data (purposes)

We use data to:

  • provide the Platform (account creation/management, feature access);
  • connect users with merchants and enable execution of requests/orders;
  • provide support and handle complaints;
  • security: prevent fraud, abuse, incidents, and improve reliability;
  • product improvement: understand usage and improve experience (depending on enabled tools).

4. Data sharing

4.1. Sharing with merchants

When you place a delivery order, we may share strictly necessary data with the relevant merchant: first name, last name, phone number, delivery address.

4.2. Technical service providers

We may share data with providers who help us operate the Platform (hosting, storage, email/WhatsApp delivery, security, support, analytics when enabled). They process data on our behalf under our instructions.

4.3. Payments (merchant subscriptions)

If you are a merchant/partner and pay for a subscription, payments are processed by a payment provider (for example Stripe). Refya does not directly process full card details; they are handled by the payment provider.

4.4. Legal obligations

We may disclose data when required by law, or to protect our rights, our users, or to prevent fraud/security threats.

5. Legal bases (general framework)

Depending on applicable law and your country, our processing may rely on:

  • performance of a contract (service provision);
  • our legitimate interest (security, abuse prevention, improvement);
  • your consent where required (for example marketing communications when enabled).

6. Communications (email, WhatsApp)

We may send transactional messages necessary for operation (for example support, security, request/order-related information) via email and/or WhatsApp depending on enabled features.

Marketing messages (promotions, newsletters) may require consent/opt-in depending on country and enabled features. Where available, you may unsubscribe.

7. Regulated products/services (alcohol, OTC medicines)

If the Platform offers products subject to restrictions (for example alcohol) or over-the-counter medicines, some information may be required to meet compliance obligations (for example age checks).

Refya minimizes this data and does not provide medical advice.

8. Data retention

We retain data as long as necessary to provide the Platform and comply with legal obligations.

Account data is kept while the account is active, then deleted/anonymized subject to legal and technical constraints.

Some data may be retained longer in case of legal obligations, disputes, or security needs (anti-fraud).

9. Security

We implement reasonable technical and organizational measures to protect data.

No system is completely secure, so we cannot guarantee absolute security.

10. Your rights

Depending on applicable law and your country, you may request:

  • access to your data;
  • correction;
  • deletion;
  • objection to or restriction of some processing;
  • withdrawal of consent (where processing is based on consent).
  • Requests can be made through the Support section in the app.

11. International transfers

Our technical providers may be located in different countries.

Where international transfers occur, we put appropriate safeguards in place according to applicable law.

12. Changes

We may update this policy.

The current version is the one published in the app with its update date.

13. Contact

For any question or request related to your data, contact us through the Support section in the app.