PRIVACY
POLICY
Last Updated: April 2, 2026 · Effective Immediately
Summary: Gikundiro is the official fan platform of Rayon Sports FC. We use anonymous authentication — no email, phone number, or personal data is required to use the app. We collect only the minimum data needed to provide the service.
1. WHO WE ARE
Gikundiro ("The Favorites") is the official digital fan platform for Rayon Sports Football Club, based in Kigali, Rwanda. The application is developed and operated by Ikanisa Labs.
This Privacy Policy explains how the Gikundiro mobile application ("App") collects, uses, and protects information when you use our services.
2. INFORMATION WE COLLECT
2.1 Anonymous Authentication
Gikundiro uses anonymous authentication via Supabase. When you first open the app, a unique anonymous identifier is created automatically. No email address, phone number, password, or personal information is required to access the app.
2.2 Automatically Collected Information
- Anonymous User ID: A randomly generated identifier used to associate your preferences and activity within the app
- Device Information: Device type, operating system version, and app version for compatibility and crash reporting
- Usage Data: Interaction patterns within the app (screens visited, features used) to improve user experience
2.3 Voluntarily Provided Information
You may optionally choose to provide:
- Mobile Money Number: If you choose to link a MoMo number for transactions (stored securely, never shared)
- Display Preferences: Fan club affiliations, notification preferences
- Biometric Data (BioPay): If you opt into BioPay face enrollment, facial feature data is processed on-device and stored as encrypted mathematical representations — never as images
2.4 Camera Permission
The app requests camera access only for the BioPay face enrollment and verification feature. Camera access is:
- Requested only when you explicitly initiate BioPay enrollment
- Used solely for real-time face processing — no photos are captured or stored
- Fully optional — the app works without granting camera permission
3. HOW WE USE INFORMATION
We use the collected information to:
- Provide and maintain the Gikundiro fan experience
- Display personalized content (match updates, club news, fan leaderboards)
- Process transactions when you initiate purchases (tickets, merchandise, contributions)
- Improve app performance, fix bugs, and develop new features
- Generate anonymized, aggregated analytics to understand fan engagement
We do NOT: Sell your data to third parties · Send marketing emails · Track your location · Share data with advertisers · Use data for profiling beyond the app experience
4. DATA STORAGE & SECURITY
Your data is stored on secure servers managed by Supabase (hosted on AWS infrastructure). We implement industry-standard security measures including:
- Encrypted data transmission (TLS 1.3)
- Row-Level Security (RLS) policies on all database tables
- Encrypted storage of sensitive data (MoMo numbers, biometric templates)
- Regular security audits and dependency updates
5. DATA SHARING
We share data only in the following limited circumstances:
- Service Providers: Supabase (database hosting), Firebase (crash analytics) — under strict data processing agreements
- Legal Requirements: When required by Rwandan law or valid legal process
- Club Operations: Anonymized, aggregated statistics shared with Rayon Sports FC for fan engagement reporting
We never sell, rent, or trade your personal information.
6. YOUR RIGHTS
You have the right to:
- Access: Request a copy of data associated with your anonymous ID
- Delete: Request deletion of all your data (available in Settings → Delete Account)
- Withdraw Consent: Revoke camera or other permissions at any time via device settings
- Data Portability: Request your data in a machine-readable format
7. DATA RETENTION
We retain your data for as long as your anonymous account exists. If you delete your account:
- Profile and preference data is deleted immediately
- Transaction records are retained for 12 months (legal/tax requirements)
- Biometric templates are deleted immediately and irreversibly
- Anonymized analytics data may be retained indefinitely
8. CHILDREN'S PRIVACY
Gikundiro does not knowingly collect information from children under 13. The app is intended for general audiences. If we learn that we have collected data from a child under 13, we will delete it promptly.
9. THIRD-PARTY SERVICES
The app may contain links to external services (MTN MoMo, Revolut, social media). These services have their own privacy policies, and we are not responsible for their practices.
10. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.
11. CONTACT US