Developer Documentation

Data Protection Notes

Data Protection Notes

SikaaHub should prepare for Ghana Data Protection Act obligations before live production.

Personal data categories:

• names, phone numbers, emails, device IDs, IP addresses
• KYC identifiers and uploaded documents
• merchant business profile data

Financial data categories:

• payments, withdrawals, balances, ledger entries, settlements, provider references

Recommendations:

• define retention windows for KYC, audit, request logs, and provider payloads
• support account closure without deleting immutable financial records
• keep KYC files outside public web root
• encrypt backups and sensitive storage
• prepare user data access and correction workflows
• document breach notification decision process
• ensure privacy policy matches actual backend data collection