Data protection and processing principles

ZiBuntu acts as the data controller for personal data processed through its platform in relation to account management, beneficiary profiles, application workflows, payments, and operational coordination.

External partners such as underwriters, pharmacies, logistics providers, and payment processors may act as independent controllers or processors depending on the specific workflow.

ZiBuntu is designed to collect only the minimum amount of data required to:

• Identify users and beneficiaries
• Calculate age-based pricing
• Process applications and payments
• Coordinate pharmacy and logistics workflows

Users are explicitly advised not to input sensitive medical records unless a dedicated and secure workflow is provided.

Personal data is processed strictly for defined purposes including:

• Platform functionality and account access
• Membership application processing
• Payment handling and subscription management
• Pharmacy and logistics coordination
• Fraud prevention and security monitoring

Data is not reused for unrelated purposes without a valid legal basis.

Users are responsible for ensuring that beneficiary and account data is accurate and up to date.

ZiBuntu provides mechanisms to update or correct data where required.

Data is retained only as long as necessary to:

• Maintain active services and subscriptions
• Comply with legal and financial obligations
• Support dispute resolution and audit requirements

Certain records such as invoices, transactions, and audit logs may be retained beyond account closure where legally required.

ZiBuntu applies layered security controls, including:

• Secure authentication and session management
• Encrypted communication (HTTPS)
• Access control and role-based restrictions
• Audit logging and anomaly detection

While ZiBuntu applies strong safeguards, no system can guarantee absolute security.

ZiBuntu uses carefully selected third-party providers for essential services:

• Stripe for payments and subscriptions
• Supabase for infrastructure and data storage
• Gowaya for logistics coordination

These providers process data under their own compliance frameworks and contractual obligations.

Due to the nature of diaspora services, data may be accessed or processed across multiple jurisdictions including Europe and Zimbabwe.

ZiBuntu aims to ensure appropriate safeguards are in place for such transfers in line with applicable data protection laws.

Users may have the right to:

• Access their personal data
• Request correction of inaccurate data
• Request deletion where legally permissible
• Restrict or object to processing
• Request data portability

Requests may be limited where ZiBuntu must retain data for legal, contractual, or regulatory reasons.

ZiBuntu may offer an AI assistant for general health education and platform support. Data shared in this context may be processed to generate responses and improve system safety.

The AI assistant does not provide medical diagnosis and should not be used for emergency situations.

ZiBuntu acts as a coordination platform and does not assume liability for services delivered by third parties, including:

• Insurance underwriting decisions
• Pharmacy dispensing actions
• Logistics delivery outcomes (handled by Gowaya)

Each partner is responsible for its own operations and compliance.

For any data protection request, including access, correction, or deletion, users may contact ZiBuntu directly.