Legal

Privacy Policy

Last updated: June 21, 2026  ·  Effective: June 21, 2026

Contents
  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Data Sharing
  5. Data Security
  6. Data Retention & Deletion
  7. Your Rights
  8. Children's Privacy
  9. Changes to This Policy
  10. Contact Us
01

Who We Are

Lobana ("we," "our," or "us") is a language and communication platform built to help communities speak together across languages and borders. This Privacy Policy applies to the Lobana mobile application and any associated services (collectively, the "Service").

We are committed to handling your personal information responsibly and transparently, in compliance with applicable privacy and data protection laws — including the EU General Data Protection Regulation (GDPR), the Kenya Data Protection Act, the South Africa Protection of Personal Information Act (POPIA), the US Children's Online Privacy Protection Act (COPPA), the Nigerian Data Protection Act, and Google Play's User Data Policy.

02

Data We Collect

We collect only the data necessary to provide and improve the Service. This includes:

Parent / Guardian Account Information

  • Name and display name
  • Email address or phone number (used for account registration and OTP verification)
  • Profile photo (optional)
  • Subscription tier and payment transaction references (see Payment Data below)

Child Profile Information

Child profiles are created and managed by a verified parent or guardian. We collect the following for each child profile:

  • Child's first name (used for personalised greetings only; display-only, not used for identification)
  • Date of birth (used to age-gate content and calibrate learning difficulty)
  • Primary and secondary language preferences
  • Optional avatar / profile photo (not used for AI training or biometric purposes)

Usage & Activity Data

  • Session activity, flashcard interactions (views, swipes, category selections), and learning progress
  • Chore assignments, goal updates, and reminder entries within the family management module
  • Device type, operating system version, and app version
  • Anonymised crash reports and diagnostic logs
  • Anonymised event analytics (e.g., session started, card swiped, chore created) — no advertising identifiers are collected

Payment Data

If you subscribe to a paid tier, payments are processed by M-Pesa (Safaricom Daraja API). We store only a transaction reference number for subscription verification — we do not store card numbers, bank account details, or full payment credentials.

Permissions We May Request

  • Notifications — to deliver chore alerts, learning streak reminders, goal milestones, and other Service updates
  • Camera — to enable profile photo capture (optional; only if you choose to set a profile photo)

We request each permission only at the moment it is needed, and only after explaining why. You may deny any permission; doing so limits only the specific feature that requires it.

What we do NOT collect: The app does not request or use the microphone at any point. No voice recordings are ever captured, stored, or transmitted from any device — including a child's device. No advertising identifiers (e.g., Google Advertising ID / GAID) are collected. No child data is used for advertising or profiling purposes.

03

How We Use Your Data

We use the data we collect for the following purposes:

  • Providing, operating, and improving the Lobana Service
  • Personalising the child's learning experience (flashcard frequency, difficulty, and language pacing) — this runs entirely on-device using a local AI model; identifiable child data is not transmitted to our servers for this purpose
  • Enabling family coordination features: chore tracking, goal setting, reminders, and reward management
  • Authenticating your account and maintaining session security
  • Sending you Service-related push notifications (chore completions, learning streaks, reminders, goal milestones)
  • Generating weekly learning progress summaries for the parent or guardian
  • Processing subscription payments and managing access to premium features
  • Diagnosing and fixing technical issues through anonymised crash and error reports
  • Complying with applicable legal obligations
  • Detecting and preventing fraud, abuse, or policy violations

We do not use your personal or sensitive data for advertising purposes, and we do not build advertising profiles based on your usage. No advertising identifiers are collected or shared with ad networks.

04

Data Sharing

We do not sell your personal or sensitive data to third parties. We may share data only in the following limited circumstances:

  • Infrastructure & Cloud Providers — Google Cloud Platform (hosting, database, storage, push notifications via Firebase Cloud Messaging) and Cloudflare (audio content delivery). These providers process data under strict data processing agreements and may not use your data for their own purposes.
  • Communications Providers — Africa's Talking or equivalent SMS gateway for OTP verification; SendGrid for transactional email. Only the minimum data required for delivery is shared.
  • Payment Processor — M-Pesa (Safaricom) for subscription payments. A transaction reference is returned to us for verification; full payment credentials are handled entirely by M-Pesa and are not transmitted to or stored by us.
  • Analytics & Crash Reporting — Firebase Analytics and Firebase Crashlytics, operated in COPPA-compliant mode with advertising identifiers disabled. Crash reports are anonymised before upload; child profile identifiers are redacted.
  • Legal Requirements — when required by law, court order, or valid governmental request.
  • Business Transfers — in connection with a merger, acquisition, or sale of assets, with legally adequate notice to users.
  • Safety — to protect the rights, safety, or property of Lobana, our users, or the public where disclosure is necessary.

We do not sell your data. All third-party service providers are contractually prohibited from using your data for purposes beyond what is described above. No data is shared with advertising networks or data brokers.

05

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or disclosure. These measures include:

  • All data transmitted between the app and our servers is encrypted in transit using HTTPS/TLS
  • Data at rest is stored using industry-standard encryption
  • Access to personal data is restricted to authorised personnel on a need-to-know basis
  • Regular security assessments and monitoring

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

06

Data Retention & Deletion

We retain your personal data only for as long as necessary to provide the Service or as required by law. When you delete your account:

  • Your account, child profiles, and all associated personal data are deleted within 30 days
  • Anonymised or aggregated data (which cannot identify you) may be retained for analytics and model improvement
  • Payment transaction references may be retained for the minimum period required by financial regulations
  • Certain records may be retained for a limited period where required for legal, security, or fraud-prevention purposes — we will inform you of this in our account deletion flow

Account Deletion: You can request account deletion directly within the app under Settings → Account → Delete Account, or by contacting us at the email below. We will process your request within 30 days.

07

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal data
  • Portability — receive your data in a machine-readable format
  • Objection — object to certain processing of your data
  • Restriction — request we restrict processing of your data in certain circumstances
  • Withdraw Consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us using the details in Section 10. We will respond within 30 days.

08

Children's Privacy

Sauti ya Familia is designed for use by children (ages 1–8) within the Sauti Kids learning module, under the direct supervision and account ownership of a parent or guardian. Children do not create accounts. Only adults create accounts; child profiles are sub-entries under a verified adult account.

We comply with child data protection laws applicable in our target markets, including COPPA (US), POPIA (South Africa), and the Nigerian Data Protection Act. The following safeguards are built into the architecture of the app:

  • Parental consent gate — a child profile cannot be created without an authenticated adult account and explicit acknowledgement of this data policy at the time of creation
  • No microphone access — the app does not declare or request microphone permission. No child's voice is ever captured, stored, or transmitted
  • On-device AI only — the personalisation engine that adapts flashcard difficulty and frequency runs entirely on the child's device using a local model (TensorFlow Lite). Learning interactions are synced to our servers using only an anonymous child profile identifier — no name, date of birth, or photo is transmitted with learning events
  • No advertising identifiers — Google Advertising ID (GAID) and equivalent identifiers are not collected for any child-linked activity
  • Crash reporting — child profile identifiers are redacted from crash reports before upload
  • Minimal data collection — for child profiles, we collect only: first name (display only), date of birth, and language preferences. No other personal data is required

If you believe a child has been registered without proper parental consent, or if you wish to review, correct, or delete your child's profile data, please contact us immediately at the address in Section 10.

09

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you via the app or by email prior to the change taking effect, and update the "Last Updated" date at the top of this page.

Continued use of the Service after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

10

Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out to us:

Privacy Contact
Company Digisoft Consulting Services
Website digisoftke.com
Email privacy@lobana.africa
Response We aim to respond to all privacy inquiries within 30 days.

© 2025 Lobana — Speak Together. All rights reserved.