DIREKT Phase 11 Pilot Participation Notice — Candidate

Status: DRAFT ONLY — NOT APPROVED FOR REAL PARTICIPANT USE
Policy key: pilot_participation_notice
Real participant version: Pending qualified Zambia review and DPC/external-entry clearance
Synthetic-only version: synthetic-demo-v1 — must never be used as the real participant notice

1. Who operates the pilot

DIREKT is operated for this bounded pilot under the current controller path of Shadreck Kudzanai Musarurwa as an Individual Data Controller, subject to final Zambia regulatory/legal confirmation.

Planned public contact aliases, once operational:

  • privacy: privacy@direkt.forum;
  • support: support@direkt.forum;
  • security: security@direkt.forum;
  • pilot coordination: pilot@direkt.forum.

A final real-participant notice must include the approved controller/contact/address details required by Zambia law and regulator direction. Private identity documents and personal addresses are not published in this repository.

2. What this pilot is

This is a controlled, invite-only test of DIREKT, not a public production launch.

Initial boundary:

  • Kabwata Ward and Chilenje Ward, Lusaka District;
  • adults only;
  • maximum 24 providers and 60 customers across three bounded waves;
  • four categories: plumbing/water repair, electrical repair/services, motor-vehicle mechanics and appliance/electronics repair.

The pilot may be paused, narrowed or stopped if safety, privacy, security, reliability, capacity or trust thresholds are crossed.

3. What DIREKT does and does not verify

DIREKT is designed to present specific, scoped checks, not a blanket statement that a provider is safe, competent or guaranteed to perform good work.

Depending on the provider and claim, DIREKT may separately record whether a particular item was checked, such as:

  • identity;
  • business registration;
  • qualification/trade credential;
  • category-specific licence/registration where applicable;
  • premises/location where separately authorized;
  • current/not checked/pending/expired status.

A check means only that the stated evidence/source was reviewed according to the applicable process. It does not automatically guarantee quality, safety, honesty, future performance or suitability for every job.

No field visited or equivalent claim is enabled in Wave 1 unless the separate field-operator gate has been satisfied.

4. Data collected from customers

Minimum data may include:

  • approved authentication/account identifier;
  • display name or pseudonymous display label;
  • selected pilot area/landmark;
  • service category and enquiry details;
  • interaction, review and complaint records created through DIREKT;
  • policy/consent/withdrawal records;
  • minimized device/security diagnostics needed for reliability and abuse prevention.

Not required by default:

  • national ID/passport;
  • exact home coordinates;
  • continuous/background location;
  • address-book contacts;
  • marketing profile;
  • payment credentials.

5. Data collected from providers

Depending on the provider pathway and specific claim requested, minimum data may include:

  • approved authentication/account identifier;
  • legal/display name;
  • provider pathway and operating model;
  • category and service area;
  • identity, business-registration, qualification, location or other claim-specific evidence where required;
  • private evidence references and audit history;
  • enquiries, interactions, reviews and complaints;
  • policy/consent/withdrawal records.

Only evidence necessary for the requested claim should be collected.

6. Private evidence and location

Original provider evidence is private and is not part of public discovery output.

Exact private home/base coordinates are not published by default.

For mobile/hybrid providers, public discovery should use a service area rather than an invented exact public pin.

A precise public premises location may be shown only where it is genuinely customer-facing, useful, separately authorized and safe to publish.

7. Authentication and Firebase disclosure

If Firebase phone authentication is activated for the approved real pilot, the participant's phone number is processed by Google/Firebase for authentication and abuse-prevention purposes according to the approved configuration and processor terms.

The approved real notice must disclose this before an OTP is requested.

Real Firebase authentication remains externally gated until the applicable DPC overseas storage/transfer requirements, qualified legal review, provider configuration and real canary have passed.

Synthetic/demo identities and fictional test numbers are not real participant consent or real SMS-delivery evidence.

8. Cloud and overseas processing

The intended real pilot architecture may use approved Supabase, Google Cloud and Firebase services outside Zambia.

Real participant data must not use that overseas topology until the applicable Zambia Data Protection Commission registration and separate overseas storage/transfer authorizations are evidenced and the final participant wording is approved.

Optional services are minimized out of the first-wave critical path:

  • Google Maps is not required; manual/list discovery remains authoritative;
  • Sentry real-participant telemetry is disabled unless separately approved and privacy-tested;
  • production WhatsApp/call automation is disabled unless separately approved;
  • real payments are disabled.

Consent is layered rather than one blanket checkbox.

Purpose Initial rule
Controlled pilot participation/account processing Required before real pilot participation
Firebase phone-auth disclosure Required before OTP if Firebase is activated
Device precise location Optional; manual area/landmark path remains available
Public precise provider premises Optional/separate authorization where applicable
Customer contact handoff Per interaction, time-limited and revocable
Research interview Optional and separate from product participation
Audio/video recording Optional, separate explicit consent
Marketing/promotions Not part of Phase 11 unless separately introduced and approved

Refusing optional location, interview or recording permission must not by itself block the core manual pilot path.

10. Enquiries and off-platform contact

DIREKT's initial accountability path is:

provider discovery
→ tracked enquiry
→ provider response
→ separately authorized contact handoff where enabled
→ interaction history
→ review/complaint eligibility

A separate contact handoff should be time-bounded and revocable. Full in-app chat is not assumed necessary unless real pilot evidence demonstrates a validated need.

11. Reviews and complaints

Reviews should be linked to an accountable DIREKT interaction rather than unrestricted anonymous posting.

Participants may raise complaints or concerns through the approved support/privacy channels. The final notice must include the approved Zambia complaint/redress route and any DPC complaint information required by qualified review.

12. Candidate retention schedule

These are maximum product/operations candidate periods and remain subject to qualified Zambia review and DPC direction before real participant use.

Data class Candidate maximum
Failed/uncompleted auth challenge metadata 7 days
Active account/contact identifier Participation period + 30 days after withdrawal/closure
Original provider evidence after final decision 30 days after final decision/appeal window unless approved hold applies
Minimized verification decision/claim/audit metadata 180 days after pilot close
Enquiry/interaction data 90 days after interaction closes
Active contact handoff grant 24 hours; minimized audit receipt up to 180 days
Review/complaint/appeal data 180 days after closure
Security/access/audit logs 180 days
Raw research audio/video Delete within 14 days after validated notes/transcript; absolute maximum 30 days
Pseudonymous research notes 180 days after pilot close
Consent/notice/withdrawal receipt 12 months after pilot close, minimized
Raw device diagnostics 30 days; non-identifying aggregates may be retained longer
Payment data None — real payments disabled

A maximum period is not permission to keep data longer than necessary. Approved legal, fraud, security, complaint or dispute holds may require limited retention.

13. Withdrawal and deletion

A participant may withdraw from the pilot subject to any lawful retention/hold obligations.

The approved process should:

  1. stop new non-required processing;
  2. revoke active contact-handoff grants;
  3. prevent new public/profile discovery where applicable;
  4. cancel unnecessary pending uploads;
  5. separate research lookup keys from analysis data;
  6. delete or anonymize eligible data according to the approved schedule;
  7. keep only minimized records required to prove the action or satisfy an approved hold;
  8. provide a minimized completion/receipt status.

Withdrawal must not require more personal information than reasonably necessary to identify the relevant account/research code.

14. Rights and requests

Subject to final Zambia legal wording, participants may have rights relating to access, correction, objection/restriction, deletion/erasure and complaints.

Initial operational targets are:

  • acknowledge a rights request within 2 support days;
  • resolve a simple correction/revocation within 5 support days;
  • escalate deletion/complex requests immediately to the privacy accountable owner where holds or processor propagation are involved.

These are internal service targets, not statements of statutory deadlines.

15. Security/privacy incidents

Suspected exposure of identity evidence, private coordinates, raw contact information, authentication tokens or cross-provider data triggers immediate containment and an affected-path freeze.

The accountable owner must preserve necessary evidence, assess required regulator/data-subject notifications under the approved legal process and document any restart decision.

16. Payments

No real payment is required or moved during Phase 11.

Subscription/payment status must remain independent from provider verification, publication, ranking and trust claims.

17. Research evidence

Participant research, interviews or recordings are separate from core product participation where applicable.

Repository/public artifacts use pseudonymous evidence IDs and sanitized aggregates only. Real identities, phone numbers, evidence documents, recordings and exact private coordinates remain in approved private systems.

18. Approval conditions before real use

This candidate is prohibited from real participant use until all applicable items are complete:

  • DPC controller registration evidence;
  • DPC overseas storage/transfer authorization for the actual topology;
  • Zambia-qualified privacy/data-protection/consumer review;
  • final controller/contact/complaint wording;
  • final retention/legal-hold treatment;
  • final processor disclosures;
  • final immutable notice version/hash/effective date;
  • approved Firebase/provider configuration where used;
  • protected real-pilot canaries.

Until then, this document is a drafting artifact only and synthetic-demo-v1 remains synthetic-only.