Privacy

Privacy Policy

Privacy Policy

Privacy Policy

1. Legal Framework & Operational Roles

Compliance: Fully aligned with the Kenya Data Protection Act, 2019 and overseen by the Office of the Data Protection Commissioner (ODPC).

Dual Role:

Data Processor: For the vast majority of application data (e.g., patient records, employee payroll, loan balances) managed on behalf of your business clients.
Data Controller: Solely for your direct clients' administrative accounts, infrastructure analytics, and billing details.

2. Specialized Data Handling

Data collection is mapped directly to your specific SaaS products:

Financial & Credit: Processing bank details, credit histories, and M-Pesa transaction IDs (Loan Management, POS, ERP).
Sensitive Health Data: Managing medical histories and clinical logs (*Hospital Management*).
Employment & Payroll: Tracking KRA PINs, National IDs, and statutory contributions like NSSF, SHIF, and housing levy (*HCM*).

3. Third-Party Integrations & Transfers

Data is only shared with core infrastructural partners: telecom/payment gateways, automated communications (bulk sms provider, Meta WhatsApp API), and enterprise cloud hosts.
Any international cloud hosting follows strict cross-border Data Transfer Agreements (DTAs) required under Kenyan law.

4. Security, Retention, & Rights

Security: Enforces data encryption (at rest and in transit), role-based access, and automated system audit trails.
Retention: Core financial and tax records are held for a minimum of **7 years** to comply with KRA regulations.
Rights: Protects statutory data subject rights, including the right to access, rectify, or demand the erasure of personal data.

Need help? Chat on WhatsApp