Gephra Sustaina – Privacy & Vendor Protection Policy
Purpose of This Policy
At Gephra Sustaina, we are committed to protecting the privacy, commercial confidentiality, and digital rights of all producers, vendors, and partners who use our platform. This policy explains how we handle, store, and safeguard vendor information, especially sensitive business, sustainability, and compliance data.What Information We Collect
We collect only the information needed to support responsible trade, marketplace operations, and sustainability verification, including:
• Business registration details
• Product information and sustainability data
• Evidence or documentation for claims (certificates, audits, supplier information)
• Usage, activity, and performance analytics
• Contact and communication details
We do not collect unnecessary personal data.How Vendor Data Is Used
Vendor data is used strictly for:
• Product listing and marketplace visibility
• Sustainability verification and compliance workflows
• Enabling informed buyer decisions
• Improving platform quality, security, and performance
• Legal or regulatory obligations
We never use vendor data for resale, third-party marketing, or unauthorized analytics.What Information Is Public vs Private
Publicly Displayed
Only the information required for transparent trade and aligned with international Digital Product Passport (DPP) standards:
• Product sustainability claims (after vendor approval)
• Basic material and impact information
• Certifications that vendors agree to make public
Kept Private
• Supplier identities (unless explicitly permitted)
• Internal operations or sourcing documents
• Audit reports and certificates uploaded for verification
• Pricing strategies and business-sensitive details
• Contact information beyond what is essential for platform use
We provide granular controls so vendors choose what becomes public.Data Storage, Security & Encryption
We protect vendor data through:
• Encrypted storage and transmission (TLS, AES-256)
• Row-Level Security (RLS) to isolate vendor data
• Access controls for staff and suppliers
• Continuous monitoring and logging
• Secure cloud infrastructure hosted in compliance with African and global data laws
Unauthorized access is strictly prohibited and monitored.Vendor Ownership of Data
Vendors retain full ownership of:
• Product content
• Sustainability documentation
• Certificates and evidence
• Operational data shared with Gephra
Gephra does not claim rights over vendor intellectual property.Transparency & Consent
No sustainability data, evidence, or supplier information is made public without:
• Vendor review
• Vendor approval
• Clear visibility of what will be displayed on the public product page
We are committed to transparency and informed consent.Third-Party Access
Third-party access occurs only when:
• Required for payments, logistics, or verification processes
• Authorized by vendors
• Required by law
Gephra does not share vendor data with external parties for commercial gain.Breach Response & Reporting
In the rare event of a data breach:
• Affected vendors are notified immediately
• Investigation begins within 24 hours
• Remediation steps are implemented promptly
• Regulatory obligations are followedVendor Rights
Vendors can:
• Request access to their data
• Update or correct information
• Request deletion of non-essential data
• Control what is made public
• Withdraw consent
We support privacy and data autonomy at every stage.Contact & Support
For questions or privacy concerns:
📧 privacy@gephra.com
📞 +250 (739) 927 950Revision & Updates
This policy may be updated as our platform grows. All changes will be communicated transparently, and major updates will require vendor acknowledgment.