Privacy Policy

ResearchFlow (“we”, “us”, or “our”) operates researchflowafrica.com and related services. This policy applies to all information collected through our platform and any related services, sales, marketing, or events.

We process your data to provide and improve the ResearchFlow platform, facilitate research collaboration, and build a connected academic community across Africa. We are committed to transparency about how we use your data and to giving you meaningful control over your information.

Information You Provide:

• Account information: name, email address, university affiliation, academic level, department
• Profile information: bio, skills, research interests, profile photo, portfolio items
• Content you create: research ideas, project data, messages, comments, showcase entries
• Communications: emails and messages you send to us or through our platform

Information Collected Automatically:

• Usage data: pages visited, features used, time spent on the platform
• Device information: browser type, operating system, IP address
• Interaction data: clicks, searches, matches viewed, collaborations initiated

We use the information we collect to:

• Create and manage your account and provide platform services
• Match you with potential research collaborators based on your interests and skills
• Send you notifications about activity relevant to your research and network
• Improve the platform through analytics and user feedback
• Ensure the security and integrity of our services
• Comply with legal obligations
• Communicate important updates about the platform

We do not sell your personal information to third parties or use it for advertising purposes unrelated to ResearchFlow.

We share your information only in the following circumstances:

• With other users: Profile information you set as public is visible to other ResearchFlow users for collaboration purposes
• Service providers: We use trusted third-party services (Supabase for database and authentication) that process data on our behalf under strict data processing agreements
• Legal requirements: We may disclose your information if required by law or in response to valid legal process
• Business transfers: In the event of a merger or acquisition, your data may be transferred as a business asset

Your data is stored on secure servers provided by Supabase, with infrastructure located in appropriate regions. We implement industry-standard security measures including:

• Encryption in transit (TLS) and at rest
• Row-level security policies to ensure data access controls
• Regular security audits and monitoring
• Secure authentication with support for multi-factor authentication

We retain your data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing of your data for certain purposes

To exercise any of these rights, contact us at privacy@researchflowafrica.com. We will respond to your request within 30 days.

ResearchFlow uses essential cookies necessary for the platform to function. These include:

• Authentication cookies to keep you logged in
• Session cookies to maintain your preferences during a visit
• Security cookies to detect and prevent fraudulent activity

We do not use third-party advertising cookies or tracking pixels. You can disable cookies in your browser settings, but this may prevent some features of the platform from functioning properly.

ResearchFlow is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

ResearchFlow serves researchers across Africa and may process your data in countries outside your own. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or other legally recognized mechanisms.

We are committed to compliance with applicable data protection laws across African jurisdictions, including Kenya's Data Protection Act, Nigeria's NDPR, South Africa's POPIA, and other relevant legislation.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

• Email: privacy@researchflowafrica.com
• Response time: We aim to respond within 5 business days

You also have the right to lodge a complaint with your local data protection authority if you believe we have handled your data improperly.