← Back

Mbegu Privacy Policy

Effective date: March 5, 2026
Last updated: March 5, 2026

This Privacy Policy explains how Mbegu (“Mbegu,” “we,” “us”) collects, uses, shares, stores, and protects personal data when you use our website, mobile web app, and related services (the “Service”).

This Policy is intended to meet the notice requirements under Zambia’s Data Protection Act, 2021 and related laws.

1) Who we are (Data Controller)

Data Controller: Mbegu
Email: mbeguoffice@gmail.com

If you have questions about this Policy or want to exercise your rights, contact us using the details above.

2) What personal data we collect

We collect personal data in three main ways: (a) information you provide, (b) information collected automatically, and (c) information from third parties.

A. Data you provide

  • Account and profile data: email, name (if provided), authentication details (e.g., Google sign-in), and optional profile avatar selection.
  • Scan content: crop photos/images you upload, and any notes you enter.
  • Scan results & history: diagnoses, recommended actions, search terms, and saved history you choose to keep in your account.
  • Location data (optional): approximate or precise location (latitude/longitude) if you enable location to find nearby suppliers.
  • Communications: messages you send to support and feedback you submit.

B. Data collected automatically

  • Technical logs: device type, browser type, IP address, timestamps, and basic usage events (e.g., pages visited, feature usage).
  • Security and fraud signals: rate-limit signals, abuse prevention events, and error IDs generated to troubleshoot issues.

C. Data from third parties

  • Google OAuth: if you sign in with Google, we receive basic profile information (such as your email and name) as allowed by your Google settings.
  • Payment processors: when you pay for a plan, we receive confirmation details such as transaction reference, amount, status, and timestamps. We do not store your full card or bank credentials inside Mbegu.

3) Why we process personal data (Purposes)

We process personal data to:

  • Provide the Service: sign-in, scan processing, showing results, save scan history, generate certificates, and find suppliers near you.
  • Operate payments, credit usage, and plan eligibility.
  • Improve reliability and performance: debugging, monitoring errors, and preventing abuse.
  • Protect the Service: fraud prevention, account security, and investigating security incidents.
  • Communicate with you: support requests, service notices, and (if you choose) product updates.

4) Legal bases for processing

We process personal data when one or more of the following applies:

  • You consent (for example, optional precise location sharing, or certain optional features).
  • Processing is necessary to perform a contract with you (for example, providing scans you request and managing your account).
  • Processing is required for legal obligations (for example, accounting and compliance).
  • Processing is necessary to protect vital interests (rare; typically emergency-related situations).
  • Processing is for legitimate interests (for example, preventing abuse, securing the Service, and improving product quality), provided these interests do not override your rights.

5) Consent and how to withdraw

Where processing relies on your consent, you can withdraw at any time by:

  • Disabling the relevant permission in your device settings (for example, location), and/or
  • Contacting us at mbeguoffice@gmail.com.

Withdrawing consent may limit certain features. Where required by law, we will stop processing and delete/destroy personal data collected after withdrawal, subject to legal retention obligations.

6) How we share personal data

We share personal data only when necessary:

A. Service providers (processors)

We use vendors to help run Mbegu, such as:

  • Hosting, databases, authentication, storage
  • AI processing providers to analyze your uploaded crop image and generate scan results
  • Payments and billing
  • Maps/places providers when you search nearby suppliers

These providers may process personal data only under our instructions, for the purposes described in this Policy.

B. Legal and safety disclosures

We may disclose personal data if we believe it is reasonably necessary to:

  • Comply with applicable law, lawful requests, or court orders
  • Protect the rights, property, and safety of Mbegu, our users, or the public
  • Investigate suspected fraud, security incidents, or policy violations

C. Business transfers

If Mbegu is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be transferred as part of that transaction, subject to safeguards.

7) Cross-border processing and transfers

Mbegu may store and process personal data outside Zambia depending on where our service providers operate.

Where cross-border transfer applies, we will take steps required by Zambian law, which may include:

  • Using appropriate contractual safeguards with service providers, and/or
  • Obtaining consent where required, and/or
  • Seeking regulator approval where required for specific transfer categories.

To request more information about our cross-border safeguards, email mbeguoffice@gmail.com.

8) Data security

We use reasonable technical and organizational safeguards designed to protect personal data, including access controls, encryption in transit, and least-privilege access policies.

No method of transmission or storage is 100% secure, but we work to protect your data and to continuously improve our safeguards.

9) Security breach notification

If a security breach affecting personal data occurs, we will take reasonable steps to:

  • Notify the relevant authority within required timelines, and
  • Notify affected users as soon as practicable when required.

10) Data retention

We keep personal data only as long as needed for the purposes described in this Policy and as required by law.

In general:

  • Scan history and account information: kept while your account is active, and for a period after closure or inactivity to comply with legal and operational requirements.
  • Payment and billing records: kept as required for accounting, audit, and legal compliance.
  • Logs and security records: retained for security and troubleshooting for a limited period.

You may request deletion of personal data, subject to legal retention obligations.

11) Your rights under Zambian law

Depending on your circumstances, you may have rights including:

  • Right of access and confirmation of whether your personal data is processed
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure in certain cases
  • Right to object (including for direct marketing)
  • Right to restriction of processing
  • Right to data portability
  • Rights related to automated decision-making

To exercise your rights, contact mbeguoffice@gmail.com. We may need to verify your identity before responding.

If you believe your personal data is processed unlawfully, you may lodge a complaint with the relevant regulator and may have the right to appeal certain decisions in court.

12) Children and vulnerable persons

Mbegu is intended for users who can lawfully consent to data processing.

If we learn that we collected personal data from a child without appropriate consent, we will take steps to delete it.

Parents/guardians may contact us at mbeguoffice@gmail.com regarding a child’s data.

13) Cookies and similar technologies

We may use essential cookies and similar technologies for authentication, security, and basic service functionality.

Where we use non-essential analytics or marketing technologies, we will provide appropriate choices where required.

14) Changes to this Privacy Policy

We may update this Policy to reflect changes in our practices, technology, or legal requirements. If changes are material, we will provide notice through the Service or other appropriate means.

15) Contact

Questions, requests, and complaints:

Mbegu
Email: mbeguoffice@gmail.com