Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect the following personal information:

• Account Information: Name, email address, phone number, business name
• Business Data: Transaction records, financial information, employee details
• Device Information: Device type, operating system, unique device identifiers
• Usage Data: App usage patterns, features accessed, error logs
• M-Pesa Integration: SMS messages for transaction detection (with your consent)

1.2 Legal Basis for Collection

We collect personal information based on the following legal grounds under the Data Protection Act 2019:

• Consent: You have given clear consent for processing
• Contract Performance: Processing is necessary for service delivery
• Legitimate Interest: Processing is necessary for our legitimate business interests
• Legal Obligation: Processing is required by law

2. How We Use Your Information

We use your personal information for the following purposes:

• Providing and maintaining our business finance management services
• Processing transactions and generating financial reports
• Managing user accounts and authentication
• Providing customer support and technical assistance
• Improving our services and developing new features
• Complying with legal and regulatory requirements
• Sending important service updates and notifications

3. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

3.1 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Cloud hosting and data storage
• Payment processing and M-Pesa integration
• Analytics and performance monitoring
• Customer support services

3.2 Legal Requirements

We may disclose your information when required by law, including:

• Compliance with Kenyan tax laws and regulations
• Response to lawful requests from government authorities
• Protection of our rights, property, or safety
• Prevention of fraud or security threats

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: All data is encrypted in transit and at rest
• Access Controls: Strict access controls and authentication
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Regular data protection training for staff
• Incident Response: Procedures for handling data breaches

5. Your Rights Under Kenyan Law

Under the Data Protection Act 2019, you have the following rights:

5.1 Right to Information

You have the right to be informed about the collection and use of your personal data.

5.2 Right of Access

You can request access to your personal information and receive a copy of the data we hold about you.

5.3 Right to Rectification

You can request correction of inaccurate or incomplete personal information.

5.4 Right to Erasure

You can request deletion of your personal information in certain circumstances.

5.5 Right to Restrict Processing

You can request that we limit how we use your personal information.

5.6 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

5.7 Right to Object

You can object to the processing of your personal information in certain circumstances.

5.8 Right to Withdraw Consent

You can withdraw your consent for data processing at any time.

6. Data Retention

We retain your personal information only for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements
• Maintain business records as required by law

Retention Period: We typically retain business data for 7 years as required by Kenyan tax laws, and account information for the duration of your active account plus 2 years.

7. International Data Transfers

Your data may be processed in countries outside Kenya. When we transfer data internationally, we ensure:

• Adequate protection measures are in place
• Compliance with Kenyan data protection laws
• Appropriate safeguards as required by the Data Protection Act
• Transparency about cross-border transfers

8. Cookies and Tracking Technologies

Our website and app may use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze usage patterns and improve services
• Provide personalized content and features
• Ensure security and prevent fraud

You can control cookie settings through your browser or device settings.

9. Children's Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying in-app notifications

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

11. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws. You can contact our DPO for any privacy-related concerns.

12. Complaints and Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya:

• ODPC Website: https://www.odpc.go.ke/
• ODPC Email: complaints@odpc.go.ke
• ODPC Phone: +254 202 222 000