SokoSoko
Data protection

Privacy Policy

Last updated: 11 May 2026
01

Introduction

Soko is an agricultural price intelligence and B2B marketplace platform, operated by Coopérative Maraîchère et de Transformation de Yelessa, with registered office in Zibati, Sub-prefecture of Kakamoéka, Kouilou Department, Republic of Congo. This privacy policy describes how we collect, use, store and protect your personal data when you use our web platform and mobile application.

We apply the principles of Congolese law n° 29-2019 of 10 October 2019 on personal data protection and, for users residing in the European Union, those of the General Data Protection Regulation (GDPR).

02

Data collected

Registration data

  • Full name
  • Email address
  • Phone number
  • Organization name
  • Country and city
  • Profile type (producer, buyer, collector, institution)

Usage data

  • Price observations submitted
  • Marketplace offers published
  • Orders and transactions
  • Messages exchanged on the platform
  • Tracked products

Technical data

  • IP address
  • Browser and device type
  • Pages visited and session duration
  • Cookie preferences (see section 7)
03

Legal bases and purposes

Your data is processed on the following legal bases:

  • Contract performance account creation, subscription management, billing, delivery of subscribed plan features.
  • Legitimate interest service improvement, platform security, fraud prevention, production of aggregated anonymized data for institutional reports.
  • Consent newsletter sending, non-essential cookie placement, geolocation.
  • Legal obligations invoice retention, response to judicial requests.
04

Data sharing

We never sell your personal data. Your data may be shared in the following cases:

  • Between users : your name and organization are visible to other users in the context of commercial exchanges (offers, orders, messages).
  • Aggregated data : prices and market trends are published in aggregated, anonymized form.
  • Hosting : your data is hosted on Supabase (cloud infrastructure) and our Hetzner servers, located in Europe.
  • Subcontractors : Brevo (transactional email), n8n (automations), Resend (notifications). All bound by a Data Processing Agreement (DPA).
  • Legal obligations : we may disclose your data if legally required.
05

Storage and security

  • Data is stored on secure servers with in-transit encryption (HTTPS / TLS 1.3).
  • Passwords are hashed (bcrypt) and never stored in plain text.
  • Data access is restricted to authorized personnel via strong authentication.
  • Data is retained as long as your account is active. Upon cancellation, it is retained 30 days to allow reactivation, then deleted unless otherwise requested.
  • Invoices are retained ten (10) years per accounting obligations.
06

Your rights

You have the following rights regarding your data:

  • Access : consult the data we hold about you.
  • Rectification : correct your personal information.
  • Erasure : request deletion of your account and data.
  • Portability : export your data in a structured format (CSV, JSON).
  • Objection : object to processing for specific purposes.
  • Restriction : request restriction of processing.
  • Withdrawal of consent : at any time, without affecting the lawfulness of prior processing.

To exercise these rights, contact us at soko@yelessa.cg. We respond within a maximum of one (1) month.

07

Cookies and trackers

Soko uses several cookie categories, which you can manage via the consent banner on first visit or at any time via the "Cookies" link in the footer.

  • Essential cookies essential for operation (authentication, language and currency preferences, marketplace cart). Always active.
  • Analytics cookies enable understanding of platform usage (pages viewed, user journeys). Disabled by default, subject to your consent.
  • Marketing cookies not currently used. If used in the future, your consent will be requested.
08

Mobile application

The Soko mobile app is a wrapped web application (TWA — Trusted Web Activity). It accesses no additional data beyond the website. No special phone permissions are required (no camera, GPS, contacts access, etc.).

09

Transfers outside the EU

Your data may be processed by subcontractors located outside the EU (notably Supabase Inc. in Singapore). These transfers are governed by Standard Contractual Clauses adopted by the European Commission or adequacy decisions. For the Congolese territory, data remains processed in compliance with law 29-2019.

10

Amendments

This policy may be updated. In case of significant changes, we will notify you by email and via a platform notification at least thirty (30) days before entry into force. The last update date is shown at the top of this page.

11

Complaints

If you believe your rights are not respected, you may file a complaint with the competent supervisory authority: for the Republic of Congo, the data protection authority established by law 29-2019; for EU users, the CNIL (France) or the authority of your country of residence.

12

Contact

For any question regarding this privacy policy:

  • Controller : Coopérative Maraîchère et de Transformation de Yelessa
  • Email : soko@yelessa.cg
  • Phone : +242 06 112 40 40
  • Address : Zibati, Sub-prefecture of Kakamoéka, Kouilou Department, Republic of Congo