Sankorra

A modern operations platform for dignified care, compliance, and calm handoffs.

Honoring Legacies

Legal

Privacy Policy

Last updated: June 18, 2026

1. Introduction

Sankorra ("Sankorra," "we," "us," or "our") is a Ghana-based platform supporting funeral homes, mortuaries, and the families they serve. This Privacy Policy explains how we collect, use, disclose, and safeguard your information across our website, the Sankorra facility dashboard, and the Sankorra mobile app for families.

Sankorra is built for the Ghanaian market and operates under the Data Protection Act, 2012 (Act 843). Where you are reading this from another country, we apply the same protections regardless of where you live.

Death-care is one of the most sensitive contexts in which an app can hold personal data. We treat it accordingly.

2. Information We Collect

2.1 Information you give us directly

  • Account information — full name, email address, phone number, and a password (or one-time PIN) when you sign up.
  • Case details — when a facility creates a case or when you join an existing case as a family member, we store the deceased's name and the case milestones the facility records.
  • Booking and reservation information — venue or plot you book, the time slot, expected attendees, and a contact name + phone the facility can reach during the service.
  • Payments — when you pay an invoice through the app, the amount, currency, mobile-money network or bank, and the payment reference. Card or mobile-wallet credentials themselves are handled by our payment processor (Paystack) and never reach our servers.
  • Documents and photos — case attachments (death certificate, ID, permits) and an optional profile photo you choose to upload.
  • Messages — the body of any message you send to your facility through the in-app messages thread is stored so the facility can read and respond.

2.2 Information collected automatically by the mobile app

  • Approximate and precise location — only after you grant permission. Used to show funeral homes near you on the map and to get directions to a venue you've booked.
  • Device push-notification token — assigned by Apple (APNs) / Google (FCM) the first time you allow notifications. Lets us deliver alerts when the facility confirms a booking, sends a message, or issues an invoice.
  • Diagnostic data — crash logs and basic performance metrics (de-identified) so we can fix bugs.
  • User identifier — your Sankorra account ID (a randomly assigned UUID) tying your sessions to your account.

2.3 Information collected automatically by the website

  • Server logs — IP address, browser, operating system, request paths, and timestamps for security and abuse prevention.
  • Cookies — strictly necessary cookies for signed-in sessions and a small set of analytics cookies you can decline at the cookie banner.

3. How We Use Your Information

We use the information above to:

  • Operate the platform — create your account, show you the right cases, deliver messages, process payments, and keep services running.
  • Communicate with you — send email and push notifications about your bookings, invoices, and case updates.
  • Improve the product — fix crashes, debug slow screens, and decide which features to build next.
  • Comply with legal obligations under Ghanaian law and the laws of any jurisdiction we operate in.
  • Detect and prevent fraud, abuse, and unauthorized access.

4. Third Parties We Share Data With

We do not sell your personal information. We do not share your information with advertising networks. The third parties below are processors that operate the platform on our behalf, each under a data processing agreement:

  • Supabase (EU region) — hosts the application database. Receives all account, case, invoice, booking, and message data.
  • Paystack (Ghana, Nigeria) — processes mobile-money and card payments. Receives payment amount, customer name, contact, and the payment instrument you choose. Card and wallet details are tokenized inside Paystack and never touch our servers.
  • Cloudflare (global edge) — content delivery, DDoS protection, and email routing. Sees request metadata such as IP address and standard TLS handshake.
  • Expo / EAS (United States) — delivers push notifications to your device. Receives your push token and the title + short body of each notification.
  • NeraSika (Ghana) — alternative mobile-money payment route shown inside the app. Receives the same payment-time data as Paystack when you choose it.
  • Apple App Store / Google Play — when you download the app, the respective store handles account, age, and download metadata under their own privacy policies.
  • Law enforcement and courts — only when compelled by a valid legal order in Ghana or in a jurisdiction where we are required to comply.

Beyond these processors, we share information with another person only when you have explicitly asked us to (for example, when you add a relative as a case contact).

5. Data Security

We take reasonable technical and organizational measures to protect your information, including:

  • TLS 1.2+ encryption for all data in transit between your device and our servers.
  • Encryption at rest for the application database and storage buckets.
  • Row-level security policies inside the database so a customer can never read another customer's data.
  • Strict access controls for our team, with audit logging on administrative actions.
  • Regular dependency updates and security review of changes to the platform.

6. Data Retention

We keep your information for as long as your account is active. Some information, particularly case records and invoices, is retained for longer to comply with our obligations under Ghanaian funeral and tax law (typically up to seven years after case closure).

When you ask us to delete your account, we remove or anonymise the data we are not legally required to retain. Anything still held under law is restricted from active processing and is purged at the end of the legal retention window.

7. Your Rights Under Ghana's Data Protection Act (Act 843)

As a data subject, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of your personal information, subject to the retention rules above.
  • Object to or restrict specific processing activities.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time where our processing is based on consent.
  • Lodge a complaint with the Ghana Data Protection Commission (https://dataprotection.org.gh) if you believe your rights have been infringed.

To exercise any of these rights — including data deletion — email us at info@sankorra.com from the account email you registered with. We respond within 30 days as required by Act 843.

8. Children's Privacy

Sankorra is intended for adults arranging or following funeral matters and is not directed to children under 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it without delay.

9. International Data Transfers

Some of our processors are hosted outside Ghana — for example, Supabase is in the European Union and Expo is in the United States. When we transfer your information internationally, we rely on standard contractual clauses or equivalent safeguards to keep it protected to the standard required by Act 843.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Where the change is material, we will give you in-app notice or send an email to the address on your account. The "Last updated" date at the top of the page always reflects the current version.

11. Contact Us

If you have questions about this Privacy Policy or about how we handle your data, please contact us:

Sankorra

No. 7 Kpabi Tettey Lane, Adenta - Accra

Greater Accra Region

Email: info@sankorra.com

Book a Demo