Privacy Policy

Last updated: June 2026

AON (“we”, “us”) is committed to protecting the privacy of every business and institution that uses this platform. This policy explains what data we collect, how we use it, who can access it, and the rights we extend to you over your data.

If you have questions or concerns, contact our data team at data@aon.africa.

1. What data we collect

Business users:

• Account information: email address, password (hashed), and authentication data
• Business profile: business name, sector, county, years of operation, contact name and role
• Documents you upload: your business registration, taxpayer (TIN) records, and other compliance, financial, and supporting documents you choose to provide
• Readiness data: your profile completeness score and document verification status
• Application history: which Offers you have applied to and the outcome
• Notification preferences

Institution users:

• Account information: email, organisation name, type, and contact details
• Programme data: Offers posted, application configurations, and shortlisting decisions
• Access logs: which applicant profiles were viewed and when

2. How we use your data

• To match your business to relevant Offers based on sector, location, and readiness
• To calculate and display your Readiness Score
• To notify you of new Offers, approaching deadlines, and profile gaps
• To review submitted documents and cross-check identifiers where possible (registration numbers, tax IDs, certificate details)
• To improve platform matching, scoring, and opportunity curation
• To comply with applicable legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising.

3. Document storage and access

Documents you upload are stored in encrypted, access-controlled cloud storage. Only you and authorised AON staff can view your documents by default.

Documents are only shared with an institution when you actively apply to their programme. Institutions receive a read-only view of the documents relevant to their application requirements. They do not receive bulk access to your documents outside of a specific application.

You can remove any document from your vault at any time. Removal will recalculate your Readiness Score and may affect your eligibility for active applications.

4. Institution data use obligations

Institutions registered on AON agree to the following when accessing applicant data:

• Applicant data is to be used solely for evaluating applications to the specific programme it was submitted for
• Institutions must not use applicant data for unsolicited marketing or outreach
• Institutions must not share applicant data with third parties without explicit consent
• Institutions must not retain copies of applicant documents after a programme has formally closed
• Access to applicant data is logged and subject to periodic review by AON

Institutions in breach of these obligations may have their access suspended. To report a concern, contact data@aon.africa.

5. Data retention

• Active accounts: data is retained while your account is active
• Closed accounts: profile and document data is deleted within 30 days of account closure, unless required for legal or compliance purposes
• Application records: anonymised application outcome data may be retained for up to 2 years for programme analytics
• Verification records: document verification outcomes (not the documents themselves) may be retained for up to 5 years for audit purposes

6. Your rights over your data

As a matter of platform policy, we extend the following rights to you:

• Access — request a copy of all personal data AON holds about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data (subject to legal retention requirements)
• Portability — request your profile data in a machine-readable format
• Withdraw consent — withdraw consent to data processing at any time
• Object — object to specific uses of your data

To exercise any of these rights, email data@aon.africa. We will respond within 14 working days.

7. Security

We use TLS encryption for all data in transit, AES-256 encryption for documents at rest, role-based access controls, and regular security reviews. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

8. Cookies

AON uses only essential session cookies required for authentication. We do not use tracking or advertising cookies. No third-party analytics tools have access to your personal data.

9. Changes to this policy

We will notify active users of material changes to this policy via email or in-platform notice at least 14 days before changes take effect.