Skip to main content

Legal

Privacy Policy

Effective date: July 2, 2026

1. Who We Are

Afren AI (“Afren”, “we”, “our”, or “us”) operates the platform available at https://afren.ai (“the Platform”). Our Platform connects clients with the world's top remote tech talent, providing AI-assisted project scoping, talent matching, contract management, and payment processing.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the choices you have. By using the Platform you agree to this policy.

2. Data We Collect

2.1 Data You Provide

  • Account information — name, email address, password (hashed), profile photo, role (client or talent), professional skills, and biography.
  • Identity & professional data — portfolio links, work history, certificates, and any documents you upload during onboarding.
  • Payment information — billing address, bank account details for payouts, and payment card data processed by Stripe. We never store raw card numbers; Stripe handles PCI-DSS compliance.
  • Communications — messages exchanged through the Platform’s messaging system and any support requests you send us.
  • Project data — project descriptions, proposals, contracts, milestones, deliverables, and review content you submit.

2.2 Data We Collect Automatically

  • Usage data — pages visited, features used, search queries, and interaction timestamps.
  • Device & connection data — IP address, browser type, operating system, and referring URL.
  • Cookies & local storage — session tokens, preference settings, and authentication state. See Section 7 for details.

2.3 Data From Third Parties

  • Google OAuth — when you sign in with Google we receive your Google account email, name, and profile picture as authorised by Google’s OAuth 2.0 scopes. We do not receive your Google password.
  • GitHub OAuth — when you sign in with GitHub we receive your GitHub username, name, verified email, and avatar. We do not receive your GitHub password.
  • Stripe — payment status, transaction IDs, and fraud-detection signals returned by Stripe after payment processing.
  • Paystack — bank-account name-resolution results and transfer confirmations for payouts to Nigerian bank accounts.

3. How We Use Your Data

  • Provide the Platform — create your account, match you with clients or talent, process payments, and manage contracts.
  • AI features — see the dedicated subsection below for exactly what our AI processes and how.
  • Security & fraud prevention — detect and investigate unauthorised access, abuse, or fraudulent transactions.
  • Communications — send transactional emails (account verification, payment receipts, contract updates). Marketing emails require separate consent and can be unsubscribed at any time.
  • Legal obligations — comply with applicable laws, respond to lawful requests from authorities, and enforce our Terms of Service.
  • Platform improvement — analyse aggregate usage patterns to improve features and fix bugs. We do not sell this data.

3.1 AI Processing (what our AI actually does)

Afren uses Google’s Gemini models (via the Gemini API) to power the following features. In each case your data is sent to Google for processing under our agreement with Google; it is not used to train Google’s or our models.

  • Project scoping & builds — your project description and budget are processed to generate documentation, designs, and code.
  • AI interviews — with your explicit consent, pre-interviews are conducted and scored by AI; the audio is processed in real time and a transcript and score are stored on your profile. AI scores are decision support: hiring decisions are made by humans, and you can request a human review of any score.
  • Identity verification — with your explicit consent, uploaded ID documents are analysed by AI to confirm validity; uncertain results are reviewed by a human.
  • CV extraction — with your action, an uploaded CV is parsed by AI to prefill your profile, which you can edit before saving.
  • Talent matching — profiles are ranked by AI to suggest candidates to clients; clients make the final selection themselves.

Every consent you give is recorded with a timestamp, your IP address, and the policy version, and significant AI decisions are written to an immutable audit log.

4. Legal Bases for Processing (GDPR)

Where GDPR or similar legislation applies, we rely on the following legal bases:

  • Contract performance — processing necessary to create your account and deliver the services you requested.
  • Legitimate interests — fraud prevention, platform security, and aggregate analytics.
  • Legal obligation — retaining financial records as required by applicable tax and corporate law.
  • Consent — marketing communications and any optional data collection not covered above. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. How We Share Your Data

We do not sell your personal data. We share it only as described below:

  • Other users — your public profile (name, skills, portfolio, reviews) is visible to users on the opposite side of a transaction (e.g. clients can see shortlisted talent profiles).
  • Service providers — Stripe (payments & subscriptions), Paystack (Nigerian bank payouts & account resolution), AWS (cloud infrastructure, hosting & file storage, US-East region), Google (Gemini AI processing), and any other sub-processors who act under written data-processing agreements and may only use data to perform services for us.
  • Legal disclosure — when required by law, court order, or to protect the rights and safety of Afren AI and its users.
  • Business transfers — in the event of a merger, acquisition, or asset sale, your data may be transferred; we will notify you before it becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. You may request deletion at any time (see Section 9). After deletion we may retain:

  • Transaction records for up to 7 years to satisfy financial and tax obligations.
  • Anonymised, aggregate analytics data indefinitely.
  • Information we are legally required to retain for longer periods.

7. Cookies

We use the following categories of cookies:

  • Strictly necessary — session authentication tokens required for the Platform to function. These cannot be disabled.
  • Preference — remember your theme (light/dark) and language settings.
  • Analytics — aggregate page-view and feature-usage data to improve the Platform. We use privacy-respecting analytics and do not share raw event data with advertising networks.

You can manage or delete cookies through your browser settings. Disabling strictly necessary cookies will prevent you from signing in.

8. Security

We implement industry-standard safeguards including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, hashed passwords (bcrypt), role-based access controls, and regular security reviews. No system is 100% secure; if you discover a vulnerability please disclose it responsibly to privacy@afren.ai.

9. Your Rights

Depending on your jurisdiction you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — delete your account yourself from Settings → Security → Delete Account: the account is disabled immediately and permanently erased after a 14-day grace period (accounts with financial or legal records are anonymised instead, preserving only what the law requires us to keep). Uploaded files are removed from storage as part of the same process.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction & objection — restrict or object to certain processing activities.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email privacy@afren.ai. We will respond within 30 days. We may need to verify your identity before processing the request.

10. International Transfers

Afren AI is a global platform operated from Nigeria. Your data is processed in countries outside your own — principally the United States, where our infrastructure and processors run: AWS (hosting, database, and file storage in the US-East region), Google (Gemini AI processing), and Stripe (payments). By creating an account you consent to these transfers; where required we additionally rely on appropriate safeguards (e.g., Standard Contractual Clauses for EU data subjects and equivalent measures under the Nigeria Data Protection Act).

11. Children

The Platform is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately and we will delete it.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or by displaying a notice on the Platform at least 14 days before the change takes effect. Continued use of the Platform after that date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights, contact:

Afren AI — Privacy Team

Email: privacy@afren.ai

Website: https://afren.ai