← BACK TO PLATFORM
Afrimintel — Privacy Policy
Privacy Policy
Effective date: 21 May 2026
Last updated: 23 May 2026
Version: 1.1.1
Note on legal-entity naming. Sections of this Privacy Policy reference Afrimintel as [ENTITY] with registration number [REG]. These placeholders are intentional and will be filled with the operator's confirmed legal-entity structure in the counsel-integrated v1.2 release. Mauritius is the operating jurisdiction and Afrimintel is VAT-registered in Mauritius; the placeholders concern the precise legal-entity form, not the operating jurisdiction. The data controller for privacy purposes is the operating entity at nikesh@afrimintel.com.
Note on counsel-pending decisions. Section 6 (International data transfers) carries a bracketed reference to the transfer mechanism for EU/UK users ([Standard Contractual Clauses / UK IDTA]) pending counsel confirmation of the operative form. Both mechanisms are standard transfer instruments — Standard Contractual Clauses for transfers from EEA-based data exporters, UK International Data Transfer Agreement for transfers from UK-based data exporters — and Afrimintel applies the mechanism appropriate to the user's jurisdiction; counsel confirmation in the counsel-integrated v1.2 release will codify the operative form for each user category.
1. Who we are
Afrimintel ("Afrimintel", "we", "us") is an Africa-focused mineral intelligence platform operated by [ENTITY], a company registered in Mauritius (registration number: [REG]).
Editorial responsibility: Nikesh Patel, Honorary Consul of Rwanda in Mauritius.
For all privacy-related correspondence: nikesh@afrimintel.com
For data protection enquiries from EU, UK, or South African users: same address, marked "Privacy enquiry."
2. Scope of this policy
This policy explains:
- What personal data we collect when you use afrimintel.com or interact with us
- Why we collect it
- How we use it
- Who we share it with (and who we don't)
- How long we keep it
- What rights you have
It applies to all users of afrimintel.com and all subscribers to any Afrimintel tier (Free, Pro, Institutional, Team where applicable, and Government / Project engagements).
3. What we collect
3.1 Information you give us directly
- Account information: name, email address, organisation, role, country of residence. Required for all paid tiers; optional fields for the Free tier (email only required).
- Billing information: company name, billing address, VAT number where applicable. For Institutional and Team tiers: contact name, purchase order details. We do not store full credit card numbers. Card payments are processed by Stripe; we receive only a transaction reference and the last four digits of the card.
- Communications: any email, support ticket, or message you send us.
- Optional profile details: professional background, areas of interest. Used to personalise your dashboard and Daily Brief.
3.2 Information we collect automatically when you use the platform
- Usage data: pages viewed, features used, queries run, time spent on each section. Used to improve the product and to understand which intelligence outputs are most valuable to which user roles.
- Watchlist and saved-query data: the deposits, provinces, and commodities you have starred or queried. This is private to your account and is never shared with other subscribers or third parties.
- Deal Tracker entries: if you use the Deal Tracker feature, the deals you log. Stored locally in your browser by default; never leaves your device unless you explicitly export.
- Technical data: IP address, browser type, device type, operating system, referring URL, session timestamps. Used for security, fraud prevention, and analytics.
3.3 Information from third parties
- Stripe provides us with billing and payment confirmation data for paid subscriptions.
- OAuth providers (if you use Google / LinkedIn sign-in, where offered) provide us with your name and email address only — we do not access any other profile data.
- Email service provider (Brevo) handles transactional email delivery and reports delivery / open / click metrics back to us.
3.4 What we do NOT collect
- We do not collect biometric data.
- We do not collect special-category data (health, ethnicity, political views, religious belief, sexual orientation, trade union membership) under GDPR Article 9.
- We do not collect your physical location beyond country of residence (no GPS tracking).
- We do not collect any data from minors. The platform is for professional B2B use only and is not directed at anyone under 18.
3.5 Analytics — what we measure about how you use Afrimintel
Afrimintel uses a privacy-first, first-party analytics service (Plausible, an EU-based, GDPR-compliant provider operated by Plausible Insights OÜ in Estonia) to understand how the platform is being used so we can improve it. The data collected is limited and narrowly scoped.
What we collect via analytics:
- Page-level events — which pages on afrimintel.com you visit, how long you spend on each, the referrer URL that brought you to the platform, your browser type, screen size, and country (derived from IP address; the IP address itself is not stored).
- Dossier-level events — which deposit dossiers and which province pages are viewed. Counted in aggregate; individual dossier views are not linked to individual users.
- Tool-level events — which tools (Deal Evaluator, DCF/NPV, Country Pitch Builder, Capital Raise Prep) are started and whether they are completed. Tool inputs and tool outputs are NOT captured.
- Document-level events — which downloadable PDFs (Methodology, Category Paper, Acquirer Brief, API Reference, Competitor Gap) are downloaded, and from which page on the platform.
- Conversion events — pricing-page tier CTA interactions: Pro tier monthly subscription click, Pro tier annual subscription click, Team tier click, Institutional tier inquiry, and Project Engagement tier inquiry. These events capture only that a click or inquiry occurred on the named tier; they do not capture personal data, form contents, or downstream contractual outcomes. Calendly booking for Institutional discovery call initiation or completion is similarly tracked at event level.
What we deliberately do NOT collect via analytics:
- Your IP address (used at session level for country derivation, then discarded — not stored)
- User-level identification beyond standard session cookies
- The specific search queries you run on the platform
- The inputs you provide to any tool (DCF assumptions, deal terms, jurisdiction selections, etc.)
- The outputs any tool produces for you
- The specific deposits or provinces you search for
- Cross-site browsing activity beyond afrimintel.com
- Any data that, if disclosed, could compromise your competitive position or the confidentiality of a deal you are evaluating
Why this matters. Afrimintel users include DFI investment officers evaluating live deals, exploration geologists assessing competitive ground positions, and government ministries preparing investor pitches. The privacy of what you are evaluating on Afrimintel is part of the product. We do not capture data that, if breached, would tell a competitor what you are working on.
This is a deliberate design choice. We will not change it without first publishing the change in our Audit Log and updating this Privacy Policy with a versioned amendment.
Plausible does not use cookies and does not collect personal data. Our analytics configuration is described in Section 10 (Cookies and similar technologies).
4. Why we collect it (lawful basis under GDPR / DPA Mauritius)
| Purpose | Lawful basis |
|---|
| Account creation and login | Contract performance (Art. 6(1)(b) GDPR) |
| Subscription billing | Contract performance |
| Personalising your dashboard and Daily Brief | Legitimate interest (Art. 6(1)(f)) |
| Sending operational emails (password reset, billing alerts) | Contract performance |
| Sending product update emails (newsletter, feature releases) | Consent (opt-in only); you can withdraw at any time |
| Security, fraud prevention, abuse mitigation | Legitimate interest |
| Compliance with VAT and tax obligations (Mauritius) | Legal obligation (Art. 6(1)(c)) |
| Compliance with anti-money-laundering checks for Institutional subscribers | Legal obligation |
| Improving the product and methodology | Legitimate interest; aggregated and anonymised wherever possible |
5. Who we share it with
5.1 Service providers (data processors)
We share specific data with the following service providers, each operating under data processing agreements with Afrimintel:
- Stripe — payment processing
- Netlify — website hosting
- Email service provider — Brevo (Sendinblue SAS), EU-based; handles transactional email under data processing agreement
- Analytics provider — Plausible Insights OÜ (Estonia, EU). Plausible does not use cookies and does not collect personal data. See Section 3.5 for what is and is not collected via analytics.
- Customer support tooling — no separate customer-support tooling is in use at this stage; subscriber and reader support flows via direct email to nikesh@afrimintel.com, delivered through the email service provider above
- AI service providers — Anthropic, for the platform's AI deep-dive feature, used as paid API provider under Anthropic's published terms. Queries you submit to AI deep-dive may be processed by the provider under their own privacy policy. We do not send your account information with these queries; only the query text and a session token. Additional or replacement AI providers, if introduced, will be added to this list under a versioned amendment to this Privacy Policy and disclosed in the platform Audit Log.
Each of these providers operates under their own privacy policies; we have data processing agreements with each. We do not authorise them to use your data for their own purposes beyond providing the service.
5.2 Who we do NOT share with
- We do not sell your data. Not to data brokers, not to mining operators, not to acquirers, not to anyone.
- We do not share your watchlist, saved queries, or Deal Tracker entries with any third party, including other subscribers, mining companies whose assets you may have queried, or DFIs.
- We do not share your usage data with operators or governments whose data appears on the platform.
- We do not provide individual subscriber lists to acquirer prospects. Aggregated subscriber metrics (total count by tier, geographic distribution, sector distribution) may be disclosed under NDA in M&A processes — never named subscriber lists.
- We do not export, share, sell, or otherwise transmit Afrimintel analytics or behavioural data to any related entity, partner, commercial affiliate, or portfolio venture of Afrimintel or its editorial responsibility holder. Analytics data exists for one purpose only: improving Afrimintel itself. This is a permanent commitment. Material change to it requires a versioned amendment to this Privacy Policy with at least 30 days' user notification, and an Audit Log entry documenting the change and the reason.
5.3 Legal disclosure
We may disclose personal data if compelled by valid legal process (court order, regulatory request, AML obligation in a member jurisdiction). Where legally permitted, we will notify the affected user before disclosure.
5.4 Business transfer
If Afrimintel is acquired or undergoes a change of control, your personal data may be transferred to the acquirer as part of that transaction. The acquirer will be required to honour the terms of this Privacy Policy or provide equivalent or stronger protections. We will notify you of any such transfer.
6. International data transfers
Afrimintel is operated from Mauritius. Some of our service providers operate in the EU, UK, USA, and other jurisdictions.
- For EU/UK users: international transfers rely on [Standard Contractual Clauses / UK IDTA — confirm with counsel]. Mauritius is not currently the subject of an EU adequacy decision.
- For South African users: transfers comply with POPIA Section 72 conditions.
- For Mauritius users: transfers comply with the Data Protection Act 2017.
We will provide further documentation of our transfer mechanisms on request (write to nikesh@afrimintel.com).
7. How long we keep it
| Data category | Retention |
|---|
| Active account data | For the lifetime of the account, plus 90 days after account deletion |
| Billing records | 7 years after the end of the relevant tax year (Mauritius VAT requirement) |
| Transactional email logs | 12 months |
| Usage analytics (Plausible) | 24 months at event level on rolling basis; beyond 24 months, aggregate counts only |
| Support correspondence | 36 months |
| AI deep-dive query logs | 90 days, after which logs are retained in aggregated, anonymised form only |
| Marketing email subscription preferences | Until you unsubscribe, plus 12 months |
When data reaches the end of its retention period, it is deleted from active systems within 30 days. Backups are overwritten on rolling cycles; data may persist in backups for up to 90 days beyond the active-system deletion date.
8. Your rights
Under the Mauritius DPA 2017, EU/UK GDPR, South Africa POPIA, and equivalent laws in other jurisdictions, you have the following rights:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): request deletion of your account and associated data, subject to retention obligations under tax law
- Right to restriction of processing: request that we limit how we process your data
- Right to data portability: receive your data in a machine-readable format (JSON) for transfer to another service
- Right to object: object to processing based on legitimate interest
- Right to withdraw consent: for processing based on consent (e.g. marketing emails)
- Right to lodge a complaint with your local data protection authority
To exercise any of these rights, write to nikesh@afrimintel.com with the subject line "Privacy rights request." We will respond within 30 days (extendable to 60 days for complex requests, with notice).
You will not be charged a fee for exercising these rights, except in cases of manifestly unfounded or excessive requests.
9. Security
We protect your data through:
- TLS encryption for all data in transit
- Encryption at rest for our primary database
- Multi-factor authentication available on all paid tier accounts
- Access controls limiting which Afrimintel personnel can access user data (for the foreseeable future, that is Nikesh Patel and any future named team members listed at afrimintel.com/team)
- Regular security review of our hosting and service-provider stack
- Incident response process: in the event of a data breach affecting your personal data, we will notify you and the relevant data protection authority within 72 hours of becoming aware of the breach, in line with GDPR Art. 33 / 34 obligations
No system is fully secure. If you suspect your account has been compromised, write to nikesh@afrimintel.com immediately.
10. Cookies and similar technologies
Afrimintel uses minimal cookies:
- Essential cookies: required for login session, payment processing, security. No consent required under GDPR / DPA — these are strictly necessary for the service to function.
- Analytics: Plausible. Plausible is privacy-respecting and does not use cookies, does not track users across sites, and does not collect personal data. See Section 3.5 for the full list of what Plausible does and does not measure.
- No third-party advertising cookies. We do not run advertising. We do not allow third-party advertising tracking on the platform.
Because Plausible operates without cookies, no cookie banner is required for analytics consent under most jurisdictions. If we ever introduce a tool that requires non-essential cookies, we will display a banner allowing you to accept or reject before any non-essential cookie is set, and we will update this section.
11. Children
Afrimintel is a B2B intelligence platform intended for professional use only. We do not knowingly collect data from anyone under 18. If you believe we have inadvertently collected data from a minor, write to nikesh@afrimintel.com and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be:
- Notified to all registered users by email at least 30 days before they take effect
- Posted on this page with an updated "Last updated" date
- Logged in the platform Audit Log
Continued use of the platform after a material change indicates acceptance of the updated policy.
13. Contact and complaints
For any privacy enquiry, exercise of your rights, or complaint:
Nikesh Patel
Editorial responsibility, Afrimintel
[ENTITY], Mauritius
nikesh@afrimintel.com
If you are not satisfied with our response, you have the right to lodge a complaint with:
- Mauritius: Data Protection Office of Mauritius (dpo.govmu.org)
- EU member states: your national data protection authority (full list at edpb.europa.eu)
- United Kingdom: Information Commissioner's Office (ico.org.uk)
- South Africa: Information Regulator (inforegulator.org.za)
- Other jurisdictions: your local data protection or privacy authority