Last updated: 2026-05-14. This page is a launch-readiness draft for SokoYetu and should be reviewed before public launch.
1. Data protection commitment
SokoYetu aims to process personal data lawfully, fairly, transparently and only for legitimate marketplace purposes such as account access, orders, delivery, payments, support, fraud prevention and seller operations.
2. Personal data handled
The platform may process buyer names, seller names, phone numbers, email addresses, delivery addresses, order details, payment references, uploaded product images, support messages and account roles.
3. Role-based access
Buyer, seller and admin features must remain separated. Admin tools should be restricted to authorised admin accounts. Seller tools should only show seller products and seller-related orders.
4. Security measures
The platform should use password hashing, secure sessions, role protection, limited database access, careful logging, safe file uploads and controlled admin access.
5. Retention
SokoYetu should retain personal data only as long as necessary for business, legal, accounting, fraud-prevention, support or dispute-handling purposes.
6. Data rights
Users may contact SokoYetu to request access, correction or deletion of personal data, subject to lawful retention needs and platform security requirements.
7. Compliance note
Before public launch, SokoYetu should assess whether it must register as a data controller, data processor or both, and should maintain a practical data protection compliance file.