Mentions légales

Privacy Policy

Dernière mise à jour : May 23, 2026

This policy describes how Centeem (« we », « the Company ») collects, uses, protects and shares your personal data within the scope of the services offered via the Centeem mobile application and the centeem.com site.

⚠️ Draft v0.1 — technical version not reviewed by a lawyer. To be reviewed and validated by a firm specializing in Algerian digital law (DZ-GDPR + Law 18-07 on personal data protection) before publication.

1. Data controller

Centeem, an Algerian joint-stock company undergoing licensing as a Payment Service Provider (PSP) with the Bank of Algeria under Instruction No. 06-2025. For any question: dpo@centeem.com.

2. Data collected

2.1 Data provided by you

  • KYC identity: last name, first name, date of birth, place of birth, identity document number (national ID/passport), expiry date, NIN.
  • Contact details: email, phone number, postal address (for Business accounts).
  • Financial data: CCP account number, BaridiMob number, CCP cheque photos, deposit receipt photos.
  • Biometric data: selfie photo, liveness videos (identity verification), fingerprint or Face ID (stored locally on your device only).
  • Document data: front/back photos of your identity document, OCR-extracted data, secure chip reading.

2.2 Data collected automatically

  • Usage data: transactions, timestamps, amounts, counterparties.
  • Technical data: IP address, device type, OS, app version, device identifiers.
  • Geolocation: approximate city/wilaya for security and to connect you with the nearest partner agents (never in the background).
  • Security logs: login attempts, blocks, suspicious events (for fraud detection).

3. Processing purposes

  • Performance of the payment service contract.
  • Identity verification (KYC) — AML/CFT legal obligation.
  • Prevention of fraud and cybercrime.
  • Regulatory reporting to the Bank of Algeria and the CTRF.
  • Customer support.
  • Service improvement (with anonymized data only).

4. Retention period

In accordance with Algerian AML regulations, certain data is kept for 10 years after account closure (transactions, validated KYC). Intermediate KYC media (liveness video, challenge selfies) are purged 30 days after approval. Rejected KYC files are purged 90 days after rejection. Inactive sessions are revoked 30 days after last activity.

5. Data sharing

We share certain data with trusted providers, strictly governed by contract:

  • Supabase (Germany) — database hosting and file storage.
  • Railway (Germany) — backend application hosting.
  • Resend (EU) — sending transactional emails.
  • Sentry (EU) — error monitoring (scrubbed data: NIN, photos, tokens filtered).
  • Google (Gemini API) — OCR of KYC documents and CCP cheques, ephemeral processing with no retention.
  • Hugging Face (EU/US) — document analysis pipeline.
  • Bank of Algeria, CTRF, judicial authorities — upon legal request.

6. Your rights

In accordance with Law 18-07 and DZ-GDPR, you have the rights:

  • To access, rectification, erasure (subject to AML obligations).
  • To portability (export of your data).
  • To object to processing (excluding mandatory legal purposes).
  • To withdraw consent.

To exercise these rights: dpo@centeem.com. Response within 30 days.

7. Security

Data encrypted at rest (AES-256) and in transit (TLS 1.3). Multi-factor authentication (PIN + biometrics). Automated fraud detection. Regular security audits.

8. Cookies

The centeem.com site uses a minimum of technical cookies necessary for operation. No advertising tracking cookies. See our cookie policy.

9. Changes

This policy may be updated. You will be notified by email and/or via the application in the event of a significant change.

10. Complaint

You may file a complaint with the National Authority for the Protection of Personal Data (ANPDP).