Updated October 1, 2025

Privacy policy

1) Purpose and scope of application

Payslak is a technology platform that allows sellers of digital products (ebooks, services, coaching, online courses, etc.) to create their online store and accept payments by Mobile Money in +13 African countries, as well as by credit card internationally. This platform is operated by CODONI LLC.

This Privacy Policy aims to inform you about how we collect, use, and protect your personal data when you use Payslak. In particular, we explain what types of data are collected, the purposes for which they are used, the third parties with whom they may be shared, the retention period, your rights as a user, and the security and confidentiality measures in place. This policy applies to all users of the platform, whether they are sellers (merchants offering digital products via Payslak) or buyers.

2) Data collected

Account and identification data : When creating a seller account on Payslak, we collect information such as the user's first and last name, email address, and phone number. For professional sellers, additional identification information may be required as part of the KYC (Know Your Customer) verification process, such as a copy of an ID document and information about the seller's business (such as the identity of their legal representative or beneficial owner).

Transaction and payment data: We record details of transactions made through the platform, including digital products sold or purchased, amounts and currencies, country of transaction, and date and time. We also store payment status (e.g., successful or failed), Mobile Money payment references, credit card transaction IDs (tokens provided by our payment providers), and withdrawal history for sellers.

Technical and safety data: When you use Payslak, we automatically collect certain technical data, such as your device's IP address, browser or application type and version, and information about your device (operating system, model, etc.). We also record event logs related to the use of the service. In addition, we may record information related to security and fraud prevention, such as login attempts, detected anti-fraud events, and your cookie preferences.

Contents and communications: As part of your use of Payslak, you may provide content and information. For example, when you create product listings or upload digital files for sale, this content and associated metadata (descriptions, images, pricing parameters, etc.) are stored on the platform. Similarly, communications you exchange with our customer support (by email or other means) are retained, including any messages and attachments you may send us.

Marketing data and preferences: If you have consented to receive our marketing communications (e.g., newsletter or informational email subscriptions), we will record your preference and contact address for this purpose. We may also measure engagement with these communications (email open rates, link clicks) to assess their performance, but only if you have previously given your consent.

Collection sources : Most of this data is provided directly by you (when creating an account, during transactions or when you fill out forms on the platform). Other data is collected automatically by our systems when you use Payslak (for example, technical data or cookies). Finally, some information may be transmitted to us by third parties: for example, our payment partners may provide us with transaction data to enable the processing of your payments (payment confirmation, status, references, etc.).

3) Purposes of data use
  • Provision of the service: We use your data to create and manage your account, enable payment collection, deliver purchased digital products, and process withdrawals from sellers. This processing is necessary to perform the contract you have with us, i.e., to provide you with the services of the Payslak platform.
  • Legal compliance and fraud prevention: We process certain data to verify users’ identity and to comply with our legal obligations regarding the fight against money laundering and terrorist financing (KYC/AML procedures), to comply with applicable economic sanctions, and to prevent fraud or abuse. These processing operations are based on our legal obligations and our legitimate interest in ensuring the security and integrity of the platform.
  • Security and continuity of service: Technical and log data are used to ensure the security of the site and continuity of service. This includes, for example, monitoring connections and access, activating enhanced security measures (such as 2FA authentication or 3-D Secure protocol for card payments where available) to protect accounts and transactions. This processing is based on our legitimate interest in protecting our platform and our users.
  • Customer support and dispute management: We use relevant information to assist you when you contact support, to handle any disputes or claims, and to manage refunds where applicable. These processes are necessary to fulfill our contractual obligations, to provide you with effective support, and to meet our commitments in the event of a problem.
  • Product Improvement and Statistics : Platform usage data may be aggregated and analyzed to improve our services, correct any technical issues, and develop new features. This processing is based on our legitimate interest in improving the quality of the service. Note that analytics tools (e.g., analytical cookies) are only deployed with your consent when required by law.
  • Marketing communications : If you choose to receive communications from us, we use your contact information (email address, telephone number if applicable) to send you newsletters, information about our products or promotional offers. These mailings are based either on your explicit consent or on our legitimate interest in keeping you informed of new developments (depending on the applicable regulations), and you can object or unsubscribe at any time.
4) Sharing data with third parties

We do not sell or rent your personal data to third parties. However, some data may be shared with trusted external partners in the following cases:

  • Payment partners: To process transactions and enable payments on the platform, we share the necessary information with our payment service providers such as PawaPay, Flutterwave, PayPal (as well as other local aggregators like Kkiapay, Paydunya, HUB2, etc.), as well as with the financial institutions involved (banks, Mobile Money operators). These partners will only use your data to facilitate payment, verify transactions and ensure the transfer of funds.
  • Technical subcontractors: We use specialized service providers to run Payslak, for example, hosting servers and databases (cloud), sending transactional emails or notifications, managing customer support (ticketing tools), or analyzing the site's audience. These subcontractors only have access to the data necessary for their mission and are contractually bound to the confidentiality and security of your information.
  • Legal and regulatory authorities: We may be required to disclose certain data to competent governmental, judicial or regulatory authorities if we are required to do so by law (for example, in the context of investigations, legal proceedings, or to comply with legal obligations) or if this proves necessary to exercise or defend our legal rights.

Note : Vos informations pourront également, le cas échéant, être partagées en interne entre les entités exploitant Payslak afin d’assurer la prestation du service en fonction de votre pays de résidence, dans le respect des mêmes engagements de confidentialité.

5) Data retention

We retain your personal data only for the period necessary for the purposes described above, and in accordance with applicable legal requirements. Retention periods may vary depending on the category of data:

  • Account data and transactions : kept for the entire duration of use of your account, then generally archived for up to 3 years after the closure of your account or the end of the contractual relationship (for proof and to meet any legal obligations).
  • Identity verification (KYC) and anti-money laundering data: retained for as long as required by applicable financial and anti-fraud laws. For example, this data may be retained for 5 years after the end of the relationship, or up to 10 years in certain specific countries or jurisdictions.
  • Transaction and billing data : kept for the period required by accounting and tax obligations. As a general rule, these documents and financial information are kept for between 5 and 10 years, depending on applicable legislation.
  • Technical logs and security data : retained for a maximum period of approximately 12 months, unless there is a specific legal requirement requiring longer retention (for example, certain connection logs may be required to be retained for 1 year).
  • Customer Support Data: Communications, tickets and information exchanged with you as part of support are kept for approximately 24 months after the resolution of your request, in order to allow us to find the history in the event of subsequent follow-up or persistent incident.
  • Marketing data : retained until you withdraw your consent or exercise your right to object. If you unsubscribe from our communications, we will delete or anonymize your contact details from our marketing mailing lists; however, we may retain minimal information indicating your unsubscription, so that we do not contact you again in the future.
6) Your rights

In accordance with applicable data protection regulations (including the GDPR where applicable), you have the following rights regarding your personal data:

  • Right of access : obtain confirmation that we hold information about you and receive a copy from us.
  • Right of rectification: request the correction of your data if it is inaccurate or incomplete.
  • Right to erasure: obtain the deletion of your personal data in certain cases, for example if it is no longer necessary in relation to the purposes for which it was collected, or if you withdraw your consent (and there is no other legal basis for the processing).
  • Right to limitation: request the temporary suspension of the processing of some of your data, for example while we verify a request for rectification or the accuracy of contested data.
  • Right to object: object at any time, for reasons relating to your particular situation, to our processing of your data when the legal basis for the processing is our legitimate interest. You can also object to the use of your data for commercial prospecting (marketing) purposes without having to provide a reason.
  • Right to portability: retrieve the personal data you have provided to us, in a structured, commonly used and machine-readable format, or request that we transmit it directly to another provider where technically feasible.
  • Withdrawal of consent: When the processing of your data is based on your consent, you can withdraw it at any time. (For example, you can unsubscribe from our information emails at any time.) Withdrawing consent does not retroactively affect the lawfulness of processing already carried out.

To exercise any of these rights, you can contact us at any time at support@payslak.com (or by any other means of contact indicated in this policy). We may ask you to provide proof of identity for security reasons, and we will endeavor to respond to your request within the time limits required by law. Furthermore, if you believe that your rights have not been respected, you may lodge a complaint with the competent supervisory authority in your country or region.

7) Data security and confidentiality

The security of your data is our top priority. We implement industry-standard technical and organizational measures to protect your personal information against loss, misuse, unauthorized access, or improper disclosure. For example, data exchanges between your browser and our platform are encrypted via SSL/TLS (HTTPS) to ensure the confidentiality of information in transit. Sensitive data (including payment information) benefits from enhanced protection mechanisms: credit card numbers are not stored on our servers and are managed through a tokenization process by our certified payment providers (card references are replaced by an encrypted identifier). We also support the 3-D Secure protocol for credit card transactions where available, adding additional verification to reduce the risk of fraud on online payments. Additionally, we offer two-factor authentication (2FA) to secure access to user accounts, and we enforce strict access controls so that only authorized individuals within our organization can view the necessary data.

We require our employees, contractors, and partners to respect the confidentiality of your data. Internally, access to personal information is restricted to team members who need it to operate the service, and each employee is contractually bound by an obligation of confidentiality. Similarly, our external subcontractors undertake to protect your data and only use it for the agreed purposes, via contractual confidentiality and data protection clauses. We conduct regular updates to our systems and security audits to identify and correct potential vulnerabilities. Despite all our precautions, it is important to note that no method of data transmission or storage is completely infallible. In the event of a data breach involving your personal information, we will notify you as soon as possible, in accordance with legal obligations, and we will take all necessary measures to mitigate its effects.

8) Contact

If you have any questions about this Privacy Policy, or if you would like to exercise your rights or obtain more information about how your data is processed, please do not hesitate to contact us. You can reach us by email: support@payslak.com.