Skip to main content

Personal data

Privacy Policy

Last updated : May 6, 2026

Legal stub pending finalization. Document to be reviewed by a data-protection lawyer (Senegal CDP + EU GDPR) before production. {{ ... }} placeholders to be filled in.

1. Data controller

The controller for personal data collected through Lokat is:

  • {{COMPANY_LEGAL_NAME}}, {{COMPANY_FORM}}, RCCM {{RCCM_NUMBER}}
  • Registered office: {{REGISTERED_ADDRESS}}, Dakar, Senegal
  • DPO email: contact@sbcgrow.com (designation pending)

2. Legal framework

Processing of your data complies with:

  • Senegalese Law No. 2008-12 of January 25, 2008 on personal data protection;
  • EU Regulation 2016/679 (GDPR) for users residing in the European Union;
  • Pending registration with the Personal Data Commission (CDP) of Senegal.

3. Data we collect

3.1 Current phase (waitlist)

When you join the Lokat waitlist, we collect:

  • Email address (required)
  • First name (optional)
  • Country of residence (FR, US, CA, IT, BE, CH, ES, DE, SN, other)
  • Role (tenant or property owner)
  • Minimal technical data: IP address, browser type, pages visited (via Google Analytics where enabled)

3.2 Product phase (upcoming)

When the platform launches, additional data will be collected (national ID/passport via KYC partner Smile ID, proof of ownership, payment history via Wave/Orange Money). This policy will be updated before those features go live.

4. Purpose of processing

Your data is processed to:

  • notify you when the platform opens and grant you early access;
  • communicate about project progress and product updates (newsletter — one-click unsubscribe);
  • measure site audience and improve the experience (aggregated analytics);
  • comply with our legal obligations (security, fraud prevention, record-keeping).

5. Legal basis

  • Consent (GDPR Art. 6.1.a) for the waitlist and newsletter — collected via the signup checkbox.
  • Legitimate interest (GDPR Art. 6.1.f) for audience measurement and site security.
  • Legal obligation (GDPR Art. 6.1.c) for retaining transactional records.

6. Retention period

  • Waitlist: until you unsubscribe, or 36 months after your last interaction.
  • Technical logs (analytics): 14 months (standard GA4 setting).
  • Contractual data (future): 10 years after lease end (OHADA requirement).

7. Recipients of data

Your data is accessible to:

  • The Lokat team (on a strict need-to-know basis)
  • Our technical sub-processors (all Google):
    • Firebase Hosting — site delivery (Google Ireland Limited / Google Cloud)
    • Cloud Firestore (eur3 region: Belgium, Netherlands, Poland) — database for the waitlist
    • Firebase Analytics / Google Analytics 4 — anonymized audience measurement (when enabled)

No data is sold to third parties. No advertising or profiling cookies are placed.

8. Cross-border transfers

Your data is stored in Cloud Firestore in the European region (eur3: Belgium, Netherlands, Poland). For other Google services (analytics, support infrastructure), some data may transit through the United States. Such transfers are governed by the Standard Contractual Clauses approved by the European Commission and by Google LLC's EU-US Data Privacy Framework certification.

9. Your rights

Under Law 2008-12 and the GDPR, you have the following rights:

  • Access to your data
  • Rectification of inaccurate data
  • Erasure ("right to be forgotten")
  • Restriction of processing
  • Portability of your data
  • Objection to processing, in particular to direct marketing
  • Withdrawal of consent at any time, without retroactive effect
  • Complaint to the CDP of Senegal (cdp.sn) or to the data-protection authority of your country of residence (CNIL in France, etc.)

To exercise these rights, write to contact@sbcgrow.com with a copy of your ID. We respond within 30 days.

10. Cookies

The Lokat website uses a minimal number of cookies:

  • Strictly necessary (security, language preference, site functionality) — exempt from consent.
  • Audience measurement (Firebase Analytics / Google Analytics 4, when enabled) — subject to your consent via the cookie banner. Uses anonymized IP.

No advertising or profiling cookies are placed. You can change your preferences at any time via the "Manage cookies" link at the bottom of any page.

11. Security

We implement reasonable technical and organizational measures to protect your data: end-to-end HTTPS encryption, restricted access to authorized personnel, regular backups, access logging.

12. Modification

This policy may be updated. The date at the top indicates the last revision. Substantial changes will be notified to you by email.

13. Contact

For any question relating to your personal data: contact@sbcgrow.com or contact@sbcgrow.com.