Privacy Policy

Last updated: March 2026

1. Who We Are

Spacehubs Africa ("Spacehubs", "we", "us") is a company that operates the data platform at data.spacehubs.africa, a directory and analytics service for the African space ecosystem.

As the entity that determines the purposes and means of processing personal data, Spacehubs Africa is the data controller under the General Data Protection Regulation (GDPR).

For privacy-related enquiries, contact us at: privacy@spacehubs.africa

2. What Data We Collect

  • Account data: email address, full name, country, organisation, role, areas of interest, use cases, and profile picture (optional).
  • Authentication data: hashed password, email verification status, account creation timestamp, consent timestamp.
  • Subscription & payment data: subscription plan, billing interval, subscription status, and payment references (we do not store full card numbers — these are handled by Stripe/PayPal/NOWPayments).
  • Transaction records: payment amount, currency, provider, status, and timestamps — retained for accounting purposes.
  • Usage data (with consent): pages visited, approximate location, device type — collected via Google Analytics only after you accept cookies.
  • Contact form data: name, email, subject, and message you send us.
  • Technical data: IP address (used for rate-limiting and security; not stored long-term), browser type, and session identifiers.

3. Why We Process Your Data (Legal Bases)

Purpose Legal Basis (GDPR Art. 6)
Providing and managing your accountArt. 6(1)(b) — performance of contract
Processing payments and subscriptionsArt. 6(1)(b) — performance of contract; Art. 6(1)(c) — legal obligation (accounting)
Sending transactional emails (verification, password reset)Art. 6(1)(b) — performance of contract
Analytics and usage tracking" %}Art. 6(1)(a) — consent
Responding to contact form enquiriesArt. 6(1)(f) — legitimate interest
Security, fraud prevention, rate limiting" %}Art. 6(1)(f) — legitimate interest
Error monitoring and platform reliability (Sentry)Art. 6(1)(f) — legitimate interest
Retaining anonymised transaction records" %}Art. 6(1)(c) — legal obligation (Estonian Accounting Act, 7 years)

4. Data Retention

  • Account data: retained until you delete your account.
  • Transaction records: anonymised (email hash only) and retained for 7 years after the transaction date, as required by Estonian accounting law.
  • Contact messages: retained for up to 2 years.
  • Analytics data: as governed by Google Analytics retention settings (default 26 months).
  • Security tokens (email verification, password reset, account deletion): expired tokens are purged after 7 days; used tokens after 2 days.
  • Session data: purged upon logout or automatically after the session expiry period.

5. Who We Share Your Data With

We use the following sub-processors, each bound by a Data Processing Agreement:

  • Stripe — payment processing (US; Privacy Framework certified)
  • PayPal — payment processing (US; Privacy Framework certified)
  • NOWPayments — cryptocurrency payment processing
  • Neon — PostgreSQL database hosting
  • Render — application hosting
  • AWS S3 — media file storage (US; Privacy Framework certified)
  • Resend — transactional email delivery
  • Sentry — error monitoring (EU region where possible)
  • Google Analytics — usage analytics (consent-gated; US; Privacy Framework certified)
  • Google reCAPTCHA Enterprise — bot protection

We do not sell your personal data to third parties.

6. International Data Transfers

Several of our sub-processors are based in the United States. We rely on the EU–US Data Privacy Framework (DPF) adequacy decision for certified providers (Google, AWS, Stripe, PayPal) and on Standard Contractual Clauses (SCCs) for others where applicable.

7. Your Rights Under GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data (via your profile settings).
  • Erasure — delete your account and personal data (via your profile page).
  • Data portability — download a copy of your data in machine-readable format (via your profile page).
  • Restriction — ask us to restrict processing of your data in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — withdraw cookie consent at any time by clicking "Decline" in the cookie banner.
  • Lodge a complaint — with the Estonian Data Protection Inspectorate (AKI) at www.aki.ee.

To exercise any of these rights (other than those available via your profile), email us at privacy@spacehubs.africa.

8. Cookies

We use cookies for session management (essential) and analytics (consent-required). See our Cookie Policy for full details.

9. Security

We implement technical and organisational measures including: encrypted connections (TLS/HTTPS), hashed passwords (PBKDF2), rate limiting, reCAPTCHA bot protection, webhook signature verification, and error monitoring. No method of transmission over the internet is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy. We will notify you of material changes via email or a prominent notice on the platform. Continued use after changes constitutes acceptance.