242Hub Data & Privacy Policy

1. Who We Are

242Hub is a professional and business network platform. For the purposes of data protection law, 242Hub is the data controller in respect of personal data collected through the platform.

Contact for data protection matters: please write to us via the contact details published on the platform website.

2. Data We Collect

2.1 Information You Provide — When you register and use 242Hub, we collect the following personal data:

Identity data: your full name, title, profile photo (if uploaded);

Contact data: your email address, phone number;

Account data: password (stored in hashed form — never readable by staff), account status, membership tier;

Profile data: date of birth, gender, city, country, nationality, marital status, branch affiliation, church group memberships, year of membership;

Professional data: job title, employer name, industry, years of experience, career status, qualifications, skills;

Business data: business name, type, industry, description, website, address, city, country, year established, employee range, services offered;

Network preferences: open to mentoring, seeking mentorship, open to peer networking, open to partnerships, open to referrals;

Payment data: transaction references and payment status (payment card details are handled entirely by Paystack and are not stored by 242Hub);

Consent records: timestamp and version of privacy policy accepted at registration.

2.2 Information We Collect Automatically — When you use the platform, we may automatically collect log data (IP address, browser type, pages visited, time and date of access), session data (authentication tokens, session identifiers), and usage data (features used, searches conducted, pages viewed).

2.3 Information from Third Parties — If you make a payment through Paystack, we receive confirmation of payment status and associated transaction references. We do not receive your full card details.

3. How We Use Your Data

We use personal data for the following purposes:

3.1 Platform Operations — To create and manage your account; display your profile in the member directory (in accordance with your visibility settings); enable other members to find and connect with you; operate search, filtering, and matching features on the platform; process membership fees and subscription payments.

3.2 Communication — To send account-related notifications (email verification, password reset, payment confirmation); send platform updates and announcements where you have not opted out; respond to your enquiries and support requests.

3.3 Platform Safety & Integrity — To enforce the Terms of Use and Code of Conduct; investigate reports of misuse or harmful conduct; detect and prevent fraud, spam, and security threats.

3.4 Compliance — To comply with applicable legal obligations, including data protection law; maintain records required for legal, regulatory, or audit purposes.

3.5 Improvement — To analyse platform usage and improve features, performance, and user experience; generate aggregated, anonymised statistical reports for internal purposes.

4. Legal Basis for Processing

Where the GDPR applies, we process personal data on the following legal bases:

Contract: processing necessary to perform the membership agreement (account creation, access, payment);

Legitimate interests: operating and improving the platform, enforcing rules, maintaining security;

Legal obligation: compliance with applicable laws;

Consent: where you have given specific consent, including acceptance of the privacy policy at registration and directory opt-in.

Under the Ghana Data Protection Act 2012, we are required to process personal data lawfully, fairly, and for a legitimate purpose, with your knowledge, and not in a way that adversely affects your rights.

5. Directory Visibility & Your Controls

Your profile may appear in the 242Hub member directory. You have two layers of control:

Directory master switch: you can opt out of the directory entirely from Account Settings. If you opt out, your profile will not appear in any directory search;

Field-level visibility: even if you are in the directory, you can choose which specific fields are visible to other members. Fields you hide are not shown to other members.

Administrators of the platform can view your complete profile data regardless of your visibility settings, for platform management purposes. This is limited to authorised staff and is subject to the confidentiality obligations in Section 9.

6. Data Sharing

We do not sell your personal data. We share it only in the following circumstances:

6.1 With Other Members — Your profile data is visible to other authenticated members, subject to your visibility settings as described in Section 5.

6.2 With Service Providers — We share data with trusted third-party service providers who process it on our behalf, including: Paystack (for payment processing); email delivery providers such as Mailgun or AWS SES (for transactional emails); cloud storage providers (for file and image storage); and hosting infrastructure providers (for platform hosting). All service providers are contractually required to process data only for the purposes we specify and to maintain appropriate security standards.

6.3 Legal Requirements — We may disclose personal data if required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect the rights, property, or safety of 242Hub, its members, or the public.

6.4 Business Transfers — If 242Hub undergoes a merger, acquisition, or transfer of assets, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

7. Data Retention

We retain personal data for as long as your account is active and for a reasonable period thereafter, to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

Account and profile data: retained for the duration of your membership and for a period of up to 3 years after account closure, unless a shorter period is required by law or requested by you (subject to legal retention obligations);

Payment records: retained for the period required under Ghanaian tax and financial record-keeping laws;

Log and usage data: retained for up to 12 months;

Consent records: retained for the full period during which you are a member and for the applicable statutory limitation period thereafter.

When data is no longer required, it is securely deleted or anonymised.

8. Your Rights

You have the following rights in relation to your personal data:

Access: the right to request a copy of the personal data we hold about you;

Correction: the right to request correction of inaccurate or incomplete data;

Deletion: the right to request deletion of your data, subject to our legal retention obligations;

Restriction: the right to request that we restrict processing of your data in certain circumstances;

Portability: the right to receive your data in a structured, machine-readable format where technically feasible;

Objection: the right to object to processing based on legitimate interests;

Withdrawal of consent: where processing is based on consent, you may withdraw consent at any time (this does not affect the lawfulness of processing before withdrawal).

To exercise any of these rights, please contact us through the platform or using the contact details published on the platform website. We will respond within 30 days.

You also have the right to lodge a complaint with the Ghana Data Protection Authority if you believe we have processed your data unlawfully.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

Encrypted storage of passwords (bcrypt hashing);

HTTPS encryption for all data in transit;

Access controls limiting staff access to personal data on a need-to-know basis;

Regular review of security practices;

Audit logging of administrative actions on member records.

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and the Ghana Data Protection Authority as required by applicable law.

10. Cookies & Tracking

The 242Hub platform uses cookies and similar technologies to maintain your session when you are logged in; store your preferences (such as appearance settings); and analyse usage patterns for platform improvement.

Session cookies are deleted when you close your browser. Persistent cookies remain until they expire or you delete them. You can control cookies through your browser settings; however, disabling certain cookies may affect the functionality of the platform.

11. Children

The platform is intended for use by professionals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

12. International Transfers

Some service providers (such as email delivery services) may process data in other jurisdictions. Where data is transferred outside Ghana, we take steps to ensure appropriate safeguards are in place, consistent with the Ghana Data Protection Act 2012.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by notice within the platform, at least 30 days before the changes take effect. Your continued use of the platform after the effective date constitutes acceptance of the updated Policy. If you do not agree, you may request account deletion.

14. Contact & Data Protection Enquiries

For any questions about this Privacy Policy or how we handle your data, or to exercise your data rights, please contact us through the platform or at the contact address published on the platform website.

We take data protection seriously and will respond to all reasonable enquiries promptly.

Version 1.0 — Effective 1 May 2026