Engineering
African
Excellence
ANED Dev Center
Effective Date: April 7, 2026
ANED Development Center ("ANED," "we," "our," or "us") is committed to protecting the privacy of our clients, partners, website visitors, and all individuals who interact with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or engage with our services. ANED operates engineering centers across Africa, serving clients across the continent and beyond. This policy complies with applicable data protection legislation including the EU General Data Protection Regulation (GDPR), the Kenya Data Protection Act 2019 (DPA), the Nigeria Data Protection Regulation (NDPR), and the South Africa Protection of Personal Information Act (POPIA).
We may collect the following categories of information:
Personal Information: When you contact us, request a quote, or engage our services, we may collect your name, email address, phone number, company name, job title, billing address, and other information you voluntarily provide.
Usage Data: We automatically collect certain information when you visit our website, including your IP address, browser type, operating system, referring URLs, pages visited, time spent on pages, and other diagnostic data.
Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to enhance your browsing experience, analyse website traffic, and understand how visitors interact with our site. Please see Section 10 for more details on our cookie practices.
We process personal data only where we have a lawful basis to do so. Depending on the context, our legal bases include:
Consent: Where you have given clear, informed consent for us to process your personal data for a specific purpose (e.g. subscribing to our newsletter).
Contractual Necessity: Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request (e.g. delivering services under a statement of work).
Legitimate Interest: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms (e.g. improving our services, fraud prevention, network security).
Legal Obligation: Where processing is necessary to comply with a legal or regulatory obligation to which we are subject (e.g. tax reporting, responding to lawful requests from authorities).
We use the information we collect for the following purposes:
Service Delivery: To provide, maintain, and improve our software development, cloud infrastructure, AI/ML, and digital transformation consulting services, including project management, communication, and support.
Communication: To respond to your enquiries, send project updates, provide technical support, and share relevant information about our services, events, or industry insights that may be of interest to you.
Improvement and Analytics: To analyse usage patterns, improve our website functionality, develop new features and services, and enhance the overall user experience.
We Do Not Sell Your Data: ANED does not sell, rent, or trade your personal information to third parties for marketing or any other purpose.
Service Providers: We may share your information with trusted third-party service providers who assist us in operating our business, such as cloud hosting providers, analytics platforms, and payment processors. These providers are contractually obligated to protect your data and may only use it for the purposes we specify.
Legal Obligations: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
We implement rigorous technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our security programme includes:
Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using AES-256 or equivalent standards.
Access Controls: Strict role-based access controls, multi-factor authentication, and the principle of least privilege are enforced across all systems.
Security Testing: We conduct regular penetration testing, vulnerability assessments, and code reviews aligned with SOC 2 Type II controls and OWASP standards.
Employee Training: All staff undergo mandatory security awareness training upon onboarding and annually thereafter, covering phishing, social engineering, data handling, and incident reporting.
Incident Response: We maintain a documented incident response plan that is tested regularly. In the event of a security incident, our response team is activated immediately to contain, investigate, and remediate the issue.
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
Notify Authorities: Report the breach to the relevant supervisory authority (the Office of the Data Protection Commissioner in Kenya, NITDA in Nigeria, or the Information Regulator in South Africa as applicable) within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33, the Kenya DPA, and the NDPR.
Notify Affected Individuals: Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, providing details of the breach, its likely consequences, and the measures taken or proposed to address it.
Documentation: We maintain a comprehensive record of all data breaches, including facts, effects, and remedial action taken, regardless of whether the breach is reportable to a supervisory authority.
We retain your personal information only for as long as is necessary to fulfil the purposes outlined in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. When your data is no longer required, we will securely delete or anonymise it. You may request the deletion of your personal data at any time by contacting us at the email address provided below, subject to any legal retention requirements.
Depending on your location, you have the following rights regarding your personal data under applicable data protection laws (GDPR, Kenya DPA, NDPR, and POPIA):
Right of Access: You have the right to request a copy of the personal information we hold about you.
Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information.
Right to Deletion: You have the right to request the deletion of your personal data, subject to certain legal exceptions.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request the transfer of that data to another controller.
Right to Object: You have the right to object to the processing of your personal data where we rely on legitimate interest as the legal basis, including profiling based on legitimate interest.
Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. For Kenya, this is the Office of the Data Protection Commissioner (ODPC). For Nigeria, this is the National Information Technology Development Agency (NITDA). For South Africa, this is the Information Regulator. For the EU/EEA, this is the data protection authority in your member state.
To exercise any of these rights, please contact us using the details provided in Section 16. We will respond to your request within 30 days in accordance with applicable law.
As ANED operates engineering centers across Africa, your personal information may be transferred between our regional offices as necessary for the provision of our services. We ensure that all international data transfers are conducted in compliance with applicable data protection laws and that appropriate safeguards are in place, including standard contractual clauses, binding corporate rules, and internal data handling policies, to protect your information regardless of where it is processed.
Our website uses the following types of cookies:
Essential Cookies: These cookies are necessary for the basic functioning of our website, such as navigation and access to secure areas. The website cannot function properly without these cookies.
Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting information about pages visited, time spent on the site, and any errors encountered. This data is aggregated and anonymised.
Functional Cookies: These cookies enable enhanced functionality and personalisation, such as remembering your preferences and settings.
Managing Cookies: You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of our website. For more information on how to manage cookies, consult your browser's help documentation.
ANED does not currently use automated decision-making or profiling that produces legal effects or similarly significantly affects you. If we implement such technologies in the future, we will update this policy, provide clear notice, and ensure you have the right to obtain human intervention, express your point of view, and contest the decision, as required under GDPR Article 22 and applicable local legislation.
Our website may contain links to third-party websites, services, or applications that are not operated or controlled by ANED. This Privacy Policy does not apply to third-party sites. We are not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.
Some web browsers transmit "Do Not Track" (DNT) signals to websites. At present, there is no universally accepted standard for how companies should respond to DNT signals. Our website does not currently alter its data collection and use practices in response to DNT signals. If a standard for responding to DNT signals is adopted in the future, we will update this policy accordingly.
Our services and website are not directed at individuals under the age of 16 (or 18 in jurisdictions where the age of digital consent is higher). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child, we will take prompt steps to delete that information. If you believe that a child has provided us with personal data, please contact us immediately.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised effective date. For significant changes that affect how we process your existing data, we will provide additional notice (such as email notification where feasible). We encourage you to review this Privacy Policy periodically.
The following additional privacy terms apply specifically to the ANED AI platform, including the ANED AI workspace, API, ANED Agents, and Canedo Security products. These terms supplement the general Privacy Policy above.
When you use the ANED AI Services, we may collect the following additional categories of information:
Account Information: Email address, phone number, name, and authentication provider details (Google, Apple, or GitHub) provided during account registration and verification.
AI Interaction Data: The content of your conversations with ANED AI, including your prompts ("Input"), the AI-generated responses ("Output"), selected model tier, language preferences, and conversation metadata (timestamps, session identifiers, token usage).
Document Data: Documents uploaded for processing through ANED Agents, including contracts, reports, and other business documents. Documents are processed in memory and are not permanently stored beyond the retention period specified in Section 20.
API Usage Data: API request logs, including endpoints called, request and response sizes, model tier used, token consumption, error codes, and latency metrics.
Billing Information: Payment method details, subscription plan, billing history, and invoices. Payment card details are processed by our third-party payment processor and are not stored on ANED's servers.
We use data collected through ANED AI Services for the following purposes:
Service Delivery: To process your requests, generate AI responses, execute agent tasks, and deliver the ANED AI Services as described in your subscription plan.
Safety and Abuse Prevention: To detect, prevent, and respond to fraud, abuse, security threats, and violations of our Terms of Service, including automated content filtering and abuse monitoring.
Usage Analytics: To generate aggregated, anonymised usage statistics (such as total token consumption across all users, model tier popularity, and language distribution) to improve platform performance and capacity planning. Individual conversations are never used for analytics purposes.
Billing and Account Management: To process payments, manage subscriptions, send billing notifications, and provide account support.
No Model Training: ANED does not use your Input, Output, conversation history, uploaded documents, or any data submitted through the ANED AI Services to train, fine-tune, retrain, or otherwise improve our AI models. This commitment applies to all subscription tiers, including the free Starter plan.
No Data Sharing for Training: We do not share your AI interaction data with any third party for the purpose of AI model training, machine learning research, or model improvement.
Voluntary Contribution: If ANED introduces a voluntary data contribution programme in the future, participation will be strictly opt-in, clearly disclosed, and subject to separate consent. You will never be enrolled automatically.
Conversation History: Your AI conversation history is retained for 90 days to support workspace functionality and abuse investigation. After 90 days, conversation data is automatically and permanently deleted from our systems, unless you have explicitly saved specific conversations within your workspace.
Uploaded Documents: Documents uploaded for AI processing are retained in encrypted storage for 30 days to allow you to access results, then automatically deleted. You may manually delete uploaded documents at any time through your workspace.
API Logs: API request metadata (excluding prompt content) is retained for 90 days for debugging, billing reconciliation, and abuse prevention. Prompt and response content in API logs is purged after 30 days.
Account Data: Your account information is retained for as long as your account remains active. If you delete your account, all associated data (including conversation history, documents, and API keys) will be permanently deleted within 30 days, subject to any legal retention requirements.
African Infrastructure: ANED is committed to African data sovereignty. ANED AI Services are hosted on infrastructure located within Africa. Your AI interaction data, uploaded documents, and account information are processed and stored on servers in African data centre regions.
Cross-Border Transfers: In exceptional circumstances where data must be transferred outside Africa for service delivery purposes (such as payment processing through international payment providers), ANED ensures that appropriate safeguards are in place, including standard contractual clauses and data processing agreements that comply with the Kenya DPA, NDPR, POPIA, and GDPR as applicable.
In addition to the general security measures described in Section 5, the ANED AI Services implement the following additional protections:
Prompt Isolation: Your AI conversations are logically isolated from those of other users. No user can access, view, or influence another user's conversations, prompts, or outputs.
API Key Security: API keys are hashed and stored securely. Full API key values are displayed only once at the time of creation and cannot be retrieved thereafter. Compromised keys can be revoked instantly through the dashboard.
Content Filtering: ANED AI implements safety filters and content moderation to prevent the generation of harmful, illegal, or abusive content. These filters operate in real-time and are regularly updated to address emerging threats and abuse patterns relevant to African markets.
When you use Canedo Security, threat analysis queries and security briefing requests are processed using ANED's Kilima model tier with extended thinking enabled. Canedo Security does not access your organisation's networks, systems, or infrastructure. It operates solely on the information you provide within the conversation. Threat intelligence output is generated based on ANED's training data and does not involve scanning, probing, or testing your systems. All Canedo Security interactions are subject to the same data handling, retention, and sovereignty commitments described in this section.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:
ANED Development Center — Data Protection Officer
East Africa Office: Westlands Business District, Nairobi, Kenya
Email: eastafrica@anedcenter.com
West Africa Office: Victoria Island, Lagos, Nigeria
Email: westafrica@anedcenter.com
General Privacy Enquiries: privacy@anedcenter.com
ANED AI Platform Privacy: ai@anedcenter.com