Privacy Policy

As the data controller, we determine the purposes and means of processing your personal data. We are registered with the Office of the Data Protection Commissioner in Kenya and comply with all relevant data protection regulations.

We process the following categories of personal data to provide and improve our services:

We collect this information directly from you when you register, use our services, or communicate with us. Some data may be collected automatically through cookies and similar technologies when you use our platform.

We process your personal data based on the following legal grounds:

We implement comprehensive technical and organizational measures to protect your data:

Our security protocols are regularly reviewed and updated to address emerging threats. All employees receive data protection training and are bound by confidentiality agreements.

We share data with trusted third parties only when necessary for service delivery:

• PesaPal: Payment processing (PCI-DSS compliant)
• Brevo: Transactional email delivery (SMTP services)
• Secure Location: Cloud hosting provider

All third-party providers undergo rigorous security assessments and sign data processing agreements that require them to protect your information and comply with Kenyan data protection laws.

Under the Data Protection Act, you have the following rights:

• Request Access to your personal data
• Demand Correction of inaccurate information
• Delete your account (hard deletion via support request)
• Object to data processing activities

Submit requests to: info@teamkazi.com
We respond to all valid requests within 30 days. Note: Soft-deleted data may persist in backups.

We retain personal data only as long as necessary for the purposes outlined:

• Active accounts: Retained until deletion request
• Financial records: 7 years per Kenyan tax laws

All data is primarily stored in Secure Location.

Any secondary transfers comply with:

• Kenya's Data Protection Act 2019
• Cross-border data transfer regulations

In the unlikely event of a data breach affecting your personal information:

• Notify Kenya's Office of the Data Protection Commissioner (ODPC) within 72 hours
• Alert affected users via email within 96 hours

We may update this policy periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through:

• Email alerts to registered users
• Updated timestamp on this policy page

For questions about this policy or to exercise your data rights:

We provide the following additional disclosures for transparency and compliance: