Privacy Policy
Simple summary
We collect only the data needed to create an account, collect laundry, track orders, process payments, handle support and improve the service. Key data: name, phone, addresses, orders, weight, payments, support messages, proof photos and preferences. We do not expose personal data in plain text in QR codes. Photos are used to prove collection, delivery, bag condition or incidents. Access is restricted. You may request access, correction or deletion of your data under applicable law. This policy must be accepted before using features that require your data.
1. Who processes your data?
The data controller is ProstechSolutions, operating the Lavea brand, located at Ouagadougou, Burkina Faso. For any questions about your personal data, contact: privacy@staging.lavea.app or support@staging.lavea.app. If Lavea appoints a data protection officer or representative, their contact details will be added to this policy.
2. Who does this policy apply to?
This policy applies to customers, prospects, app users, website visitors, drivers, agents, campus partners and anyone who interacts with Lavea or whose data is processed as part of the service.
3. Data collected
Identity and contact: name, phone, optional email, optional profile photo — to create the account, contact the customer and secure access. Address and location: collection/delivery address, access instructions, neighbourhood, GPS coordinates if authorised — to organise collection, delivery and driver dispatch. Order: service type, options, time slot, instructions, status, non-sensitive QR code, history — to execute the order and provide tracking. Laundry and weighing: weight, bag count, bag photos, anomalies, textile instructions — to calculate the final price, trace the order and manage quality. Payment and wallet: amounts, transaction status, payment reference, wallet history, credits, refunds — to process payments, issue refunds and prevent fraud. Support and claims: messages, reason, photos, tickets, decisions, refunds — to respond to requests and resolve disputes. Technical data: device, app version, logs, approximate IP, errors, notifications — for security, maintenance, support and service improvement. Notifications and preferences: push, SMS, WhatsApp, email preferences, language — to send useful notifications and respect the customer's choices. Reviews and comments: ratings, satisfaction, authorised testimonials — to improve the service and display moderated reviews.
4. Sensitive data and data to avoid
Lavea does not seek to collect sensitive data such as religion, political opinions, health information, ethnic origin, trade union membership or similar information. Customers should avoid including such information in instructions or support messages. If sensitive information is inadvertently shared and is not needed for the service, Lavea may delete it, mask it or restrict access to it.
5. Why we use your data
Create and manage the account: registration, login, profile, address book. Execute orders: collection, weighing, washing, delivery, receipt, tracking. Calculate price and manage payments: weight, wallet, Mobile Money, receipts, refunds. Ensure quality and handle claims: photos, tickets, history, support decisions. Send necessary notifications: driver en route, price to confirm, payment, incident, delivery. Send commercial communications: promotions, loyalty, referrals, news (with consent or under applicable law). Secure the platform: logs, audit, fraud prevention, access control. Improve the service: delay analysis, quality, areas, performance (aggregated data).
6. Photos, proof and QR codes
Photos may be taken at collection, at workshop reception, during incidents or at delivery. Photos are used to prove bag condition, bag count, anomalies, delivery or a claim. Photos must not target people when not necessary. An order's QR code contains a non-sensitive technical identifier and does not expose the customer's name, phone, address or amount in plain text. Access to photos and proof is restricted to authorised roles: operations, support, quality control, finance when needed and authorised administrators.
7. Geolocation
Geolocation may be used to facilitate collection, delivery, operational tracking and security. When the app requests a location permission, the customer may accept or decline through their phone settings. If the customer declines geolocation, they may need to enter their address manually. Some real-time tracking features may be limited.
8. Notifications, SMS, WhatsApp and email
Lavea may send notifications necessary for the service: order confirmation, driver en route, price to confirm, payment, incident, delivery, claim or account security. Commercial communications, promotions, referrals or newsletters must comply with applicable rules and the customer's preferences. Customers must be able to unsubscribe or opt out of commercial communications where required by law.
9. Data sharing
Lavea does not sell users' personal data. Data may be shared only when necessary for the service, security or a legal obligation. Drivers: name or first name, masked/secured phone, address, instructions, order — to collect and deliver laundry. Workshop agents: QR code, weight, options, status, relevant photos, anomalies — to process laundry and ensure quality. Customer support: profile, orders, payments, tickets, claims — to assist the customer and resolve incidents. Payment providers: amount, reference, Mobile Money phone, transaction status — to process payments and refunds. Hosting and technical tools: data needed for storage, notifications, security, logs — to operate the app and secure data. Competent authorities: strictly necessary data — to comply with legal obligations or lawful requests. Campus partners, if active: limited statistics and site-specific data — to manage machines, incidents and site reporting.
10. Transfers outside Burkina Faso
Some technical tools may host or process data outside Burkina Faso. Before any transfer, Lavea verifies the applicable guarantees, provider conditions and any formalities required by the competent authority or applicable law. The relevant providers, countries and safeguards will be detailed in an update to this policy.
11. Retention periods
Data is retained for as long as necessary for the stated purposes, then deleted, anonymised or archived in accordance with applicable rules. Active customer account: as long as the account is active (deletion or anonymisation on request, subject to legal obligations). Orders and receipts: 5 ans (accounting, tax and contractual proof obligations). Wallet and payment transactions: 5 ans (reconciliation and legal obligations). Collection/delivery photos: 6 mois (claim and dispute timelines). Claims and tickets: 2 ans (proof, quality and disputes). Technical and security logs: 3 mois (security and audit). Commercial prospecting: until consent is withdrawn or as required by law. Anonymised/statistical data: indefinite (no direct or indirect identification).
12. Data security
Lavea implements reasonable technical and organisational measures to protect data against loss, unauthorised access, alteration, theft or unauthorised disclosure. — Access restricted by role and backend permissions. — Logging of sensitive actions: status, price, refund, role, cancellation, proof. — Communication encryption where technically available. — No payment secret keys stored in the mobile app. — Secure file storage and temporary access links where possible. — Backups and restoration procedures. — Staff training on confidentiality rules.
13. Your rights
Subject to the conditions set by applicable law, you may exercise the following rights: — Right to be informed about data processing. — Right of access to your data. — Right to rectification of inaccurate or incomplete data. — Right to erasure where conditions are met. — Right to object on legitimate grounds where permitted by law. — Right to withdraw consent where processing is based on consent. — Right to contact the competent authority. To exercise these rights, contact: privacy@staging.lavea.app. Lavea may request reasonable proof of identity before processing the request.
14. Minors' accounts
The service is intended for persons able to enter into a contract or using the service with their legal representative's authorisation. Specific rules for minors will be specified in accordance with applicable law, in particular for campus offerings.
15. Cookies, SDKs and analytics tools
The website and app may use cookies, SDKs or similar tools to maintain sessions, secure the service, measure audience, diagnose errors and improve the user experience. Strictly necessary tools allow the service to function. Measurement or marketing tools comply with applicable consent or information rules. For more information on our use of cookies, please see our Cookie Policy.
16. Data breach
In the event of a security incident affecting personal data, Lavea investigates the incident, takes the necessary measures, documents the facts and carries out the required notifications to affected persons or the competent authority where required by law.
17. Policy amendments
Lavea may amend this policy to reflect changes to the service, law, providers or internal practices. The update date will be indicated. Significant changes may be notified within the app or by any appropriate means.