Privacy Policy

1. Introduction

My Brother's Keeper Restoration United (MBKRU) ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. We comply with the Ghana Data Protection Act, 2012 (Act 843) and, where applicable, the General Data Protection Regulation (GDPR).

2. Information We Collect

We may collect the following types of information:

• Personal data you provide: Name, email address, and other contact details when you subscribe to our newsletter, register for early access, contact us, or (in Phase 2+) submit MBKRU Voice reports (including narrative text you choose to include and optional location fields).
• Usage data: Information about how you use our website (e.g., pages visited, time spent) via analytics tools.
• Technical data: IP address, browser type, device information.

3. How We Use Your Information

We use your information to:

• Send newsletters and updates (with your consent)
• Respond to your enquiries
• Operate MBKRU Voice, situational alerts, and related reporting workflows (including triage, moderation, and optional status updates)
• Improve our website and services
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we process your data based on: consent (e.g., newsletter signup), legitimate interests (e.g., website analytics), or legal obligation.

5. Data Retention

We retain your data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Reports and submissions (Phase 2+): MBKRU Voice, situational, and election-observation submissions (including narrative text, optional approximate map coordinates, region or constituency selections, and file attachments you upload) are retained to operate the programme, support follow-up with you where you provide contact details, and meet moderation, safeguarding, and legal duties. Retention periods may vary by case type; we may archive or pseudonymise data where appropriate. Operational detail is also described in our runbook and moderation practices as they evolve.

6. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to processing
• Withdraw consent
• Lodge a complaint with the Data Protection Commission (Ghana) or your local supervisory authority

7. Cookies

We use essential cookies for website functionality and analytics cookies to understand usage. You can manage cookie preferences in your browser.

8. MBKRU Voice assistant, AI providers, and telemetry

MBKRU Voice can use AI-assisted responses. When configured, user chat prompts and recent message context may be sent to our AI provider for response generation. We apply guardrails and escalation behavior for high-risk prompts (for example emergency or legal-strategy requests), and we may return a safer guidance response instead of model output.

We also collect limited operational telemetry for chatbot and accessibility features (for example launcher open, send, reply source, speech-input success/error, and read-aloud actions). Telemetry is used for reliability, abuse prevention, and service improvement, and does not include continuous background listening.

To reduce risk, event payloads are allowlisted, size-limited, and rate-limited. In production we may require a telemetry token for ingestion. Analytics may be processed by tools such as Google Analytics and Plausible when enabled by configuration.

9. Third-Party Services

We may use third-party services (e.g., analytics, email providers) that process data on our behalf. These providers are bound by appropriate data processing agreements.

10. Member accounts (Phase 2+)

If you create an MBKRU member account (separate from newsletter sign-ups and from staff admin access), we process your email address and a password stored only as a cryptographic hash. We may also store optional details you provide, such as display name, phone number, or region, to operate member-only features (for example MBKRU Voice as they launch).

Member sign-in uses an httpOnly session cookie. When our infrastructure includes Redis, we may store a short-lived server-side session identifier linked to that cookie so that sign-out can end the session immediately on the server. Without Redis, the cookie still expires automatically after a limited time.

Location in reports: If you choose to attach map coordinates or region data to a report, that information is processed to understand context, route cases internally, and produce aggregate statistics where we publish them. It is not used for continuous tracking of you outside the submission flow unless we say otherwise in a specific programme notice.

Attachments: Files you upload (e.g. photos, PDFs) are stored securely and used for moderation and case handling. Do not upload sensitive personal data about third parties unless you have a lawful basis; we may remove or restrict content that puts others at risk or breaches our policies.

MBKRU Voice reports: Submitting a report requires a member account. We process your account email and optional profile fields (for example phone or region) to operate the channel, send updates where enabled, and tie submissions to your member record. We issue a tracking code; checking status on the site also requires sign-in.

Moderation: Staff and authorised reviewers may access submissions to assess credibility, safety, and alignment with our mandate. We may document decisions internally. We do not sell report content to third parties for marketing.

We retain member account data until you ask us to delete your account or as required by law. When signed in, you can download a JSON export of your account data from Your account (portability). You may also request deletion there; if you created petitions on the platform, automated deletion is blocked to preserve authorship — use the contact details below for a manual review. For other corrections, contact us using the details below.

11. Contact

For privacy-related enquiries, contact us via the Contact page or email info@mbkruadvocates.org.