Legal
Privacy Policy
Last updated: 24 March 2026
Hayil Inc. (“Hayil”, “we”, “our”, or “us”) is committed to protecting the privacy of everyone who uses our platform - citizens, political figures, and government offices alike. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights in relation to it.
By using Hayil - whether through our mobile app, USSD service, or web dashboard - you agree to the practices described in this policy.
1. Who We Are
Hayil Inc. is a civic intelligence platform incorporated in Ghana. Our registered address is 26 Pearl Green Street, Accra, Ghana. For privacy-related enquiries, contact us at privacy@hayil.org.
2. Information We Collect
2.1 Citizens
- Phone number - used as your primary identifier and for OTP verification. We do not store your password; authentication is entirely OTP-based.
- Profile information - optional name, date of birth, gender, and location you choose to provide.
- Submission content - petitions you sign or create, complaints you file, issue reports you submit, and referendum votes you cast.
- Usage data - how you interact with the app (screens visited, features used, timestamps) to improve the platform.
2.2 Political Figures and Office Accounts
- Account details - name, phone, email, organisation name, and role.
- Dashboard activity - how submissions are managed, responded to, and resolved.
- Payment information - billing details processed securely through Paystack. We do not store card numbers.
- Published content - referendums, announcements, and public reports you create on the platform.
2.3 Automatically Collected Data
- Device type, operating system, and app version
- IP address and approximate location (country / region level)
- Session duration and crash reports
3. How We Use Your Information
| Provide the platform | Process submissions, authenticate users, route petitions to the correct office |
| Analytics for offices | Aggregate and anonymise citizen submissions into sentiment reports and dashboards |
| Communication | Send OTP codes, status updates, and official responses |
| Platform improvement | Analyse usage patterns to fix bugs and build new features |
| Legal compliance | Comply with applicable Ghanaian and international data protection law |
| Fraud prevention | Detect and prevent abuse, spam, and manipulation of civic processes |
We do not sell your personal data to third parties. We do not use your data for advertising purposes. Office analytics are always presented in aggregate - individual citizen identities are never exposed to offices unless the citizen explicitly identifies themselves in a submission.
4. Referendum and Vote Anonymity
Votes cast in government referendums are anonymous by default. Results are presented as aggregate statistics. We retain a cryptographic record sufficient to enforce one-person-one-vote rules without linking a vote back to a specific citizen in any publicly accessible form. Audit logs accessible to Hayil staff are governed by strict internal access controls.
5. Data Sharing
We share data only in the following circumstances:
- With the relevant government office - when you file a complaint or petition addressed to them. The submission content and your chosen identifier are shared; your phone number is only shared if you explicitly consent.
- With service providers - cloud hosting (AWS), SMS delivery (Twilio / AWS SNS), payments (Paystack), and analytics infrastructure. All providers are contractually bound to our data protection standards.
- With authorities - if required by a valid court order or applicable law. We will notify you unless prohibited from doing so.
- In a corporate event - if Hayil is acquired or merges, your data may transfer to the new entity under equivalent privacy protections.
6. Data Retention
| Active account data | Retained while your account is active |
| Deleted account data | Anonymised within 30 days of account deletion |
| Submission content | Retained for the lifetime of the civic record (petitions, complaints) unless you request deletion |
| Referendum votes | Anonymised aggregate retained indefinitely; individual linkage deleted after audit period (90 days) |
| Payment records | Retained for 7 years per financial regulation |
| Usage / analytics logs | Rolling 90-day retention |
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access - request a copy of the personal data we hold about you
- Correction - ask us to correct inaccurate data
- Deletion - request deletion of your account and personal data
- Portability - receive your data in a machine-readable format
- Objection - object to certain processing activities
- Withdrawal of consent - where processing is based on consent, withdraw it at any time
To exercise any of these rights, email privacy@hayil.org. We will respond within 30 days.
8. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, OTP-only authentication (no passwords to breach), rate limiting on all authentication endpoints, and regular penetration testing. No system is perfectly secure - if you discover a vulnerability, please disclose it responsibly to security@hayil.org.
9. Children
Hayil is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. When we do, we will update the “Last updated” date above and notify active users via the app. Your continued use of Hayil after changes constitutes acceptance of the revised policy.
11. Contact
Hayil Inc. - Privacy Team
26 Pearl Green Street, Accra, Ghana
privacy@hayil.org