Cookies Policy
Cookies Policy
1. Legal Compliance
Framework: Fully compliant with the Kenya Data Protection Act, 2019 and guidelines from the Office of the Data Protection Commissioner (ODPC).
Data Status: Treats unique tracking cookies as personal data, requiring explicit user control.
2. How Cookies are Used & Categorized
The policy breaks cookies down into four distinct functional tiers:
Strictly Necessary: Active by default. Crucial for secure user authentication, keeping users logged into the ERP/HCM, preventing CSRF security vulnerabilities, and managing local data states for offline-first POS synchronization.
Functional, Performance, & Marketing: Disabled by default. These require active user opt-in and handle things like currency preferences (KES vs. USD), platform error tracking, and analytics.
### 3. Integrated Third-Party Cookies
Because your systems connect directly to local financial and communications infrastructure, specific exceptions are carved out for:
Payment Gateways: Tracking tokens used during Safaricom M-Pesa transactions to prevent checkout fraud.
Messaging Platforms: Security and delivery verification metrics via bulk sms provider and the Meta WhatsApp Business API.
4. Consent Control & Freedom
No Opt-In Presumption: Non-essential cookies are turned OFF until the user explicitly accepts them.
No Cookie Walls: Users are not blocked from using the platforms or websites if they choose to decline tracking.
Granular Management: Users can update their preferences at any time via an on-screen widget or through standard browser settings.