Privacy Policy

Digital Native Africa ("DNA", "we", "our", or "us") is a digital skills and talent ecosystem headquartered in Africa. Our platform is accessible at digitalnativeafrica.com and app.digitalnativeafrica.com.

We are committed to protecting the privacy and personal data of every person who uses our services. This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have.

We collect only the data necessary to deliver and improve our services.

Account Data: When you register, we collect your name, email address, and password (stored as a salted hash). You may optionally provide a profile photo, bio, location, and social media links.

Learning Data: We track your progress through courses, quiz scores, assessment results, certificates earned, and time spent on lessons. This enables personalised recommendations and progress reports.

Payment Data: If you purchase a course or subscription, payment is processed by our third-party payment processor (Flutterwave or Stripe). DNA does not store full card numbers or bank account details.

Usage & Technical Data: We collect anonymised data about how you interact with our platform — including pages visited, features used, device type, browser, operating system, and approximate location (derived from IP address).

Communications: If you contact our support team, we retain a record of the correspondence to resolve your issue and improve our service.

We use your personal data to:

- Provide, operate, and maintain the DNA platform and your account

- Personalise your learning experience and content recommendations

- Process payments and issue certificates

- Send transactional emails (enrolment confirmations, certificate issuance, password resets)

- Send optional marketing communications (you may opt out at any time)

- Analyse usage patterns to improve our platform and content

- Detect, prevent, and respond to fraud and security incidents

- Comply with applicable laws and legal obligations

Where applicable privacy law requires a legal basis for processing, we rely on the following:

Contract performance: Processing necessary to provide the services you have signed up for.

Legitimate interests: Analytics, security monitoring, and fraud prevention, where our interests do not override your rights.

Consent: Marketing emails and optional cookies. You may withdraw consent at any time.

Legal obligation: Compliance with applicable laws, tax obligations, and regulatory requirements.

We do not sell your personal information to third parties.

We may share your data with:

Service providers: Trusted vendors who help us operate our platform, including cloud hosting (AWS / Google Cloud), payment processors (Flutterwave, Stripe), email delivery (Resend), and analytics (self-hosted only or privacy-preserving tools).

Legal authorities: Where required by applicable law, court order, or government regulation.

Business transfers: In connection with a merger, acquisition, or sale of assets, subject to continued protection under this policy.

All third-party service providers are contractually bound to process your data only on our behalf and in accordance with this policy.

We retain your personal data for as long as your account is active and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements.

Account data: Retained for the duration of your account and up to 2 years after deletion.

Learning records: Retained for up to 7 years to support certificate verification requests.

Payment records: Retained as required by applicable tax and financial regulations.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

- Access: Request a copy of the data we hold about you.

- Rectification: Ask us to correct inaccurate or incomplete data.

- Erasure: Request deletion of your data, subject to legal retention obligations.

- Restriction: Ask us to limit how we process your data in certain circumstances.

- Portability: Request your data in a structured, machine-readable format.

- Objection: Object to processing based on legitimate interests, including direct marketing.

- Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email privacy@digitalnativeafrica.com. We will respond within 30 days.

We use cookies and similar tracking technologies to operate and improve our platform. You can manage your cookie preferences via our Cookie Settings page.

Essential cookies are required for the platform to function and cannot be disabled. Analytics and marketing cookies are optional and require your explicit consent.

DNA is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@digitalnativeafrica.com and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or a prominent notice on our platform at least 14 days before the changes take effect. The updated date at the top of this policy will always reflect the latest revision.

For privacy-related questions, requests, or complaints, contact our Data Privacy team:

Email: privacy@digitalnativeafrica.com

Response time: Within 30 days of receipt