Privacy Policy

1 Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, phone number, billing address and company name provided at registration.
• Payment data: M-Pesa transaction references, card last four digits (we do not store full card numbers).
• Technical data: IP address, browser type, operating system, pages visited and time of visits.
• Communications: support tickets, live chat logs and email correspondence.
• Domain & WHOIS data: domain registrant details required by ICANN and ccTLD registries.

2 How We Use Your Data

• Provision and management of hosting, domain and related services.
• Billing, invoice generation and payment processing.
• Customer support and account administration.
• Service notifications, renewal reminders and security alerts.
• Compliance with legal and regulatory obligations.
• Improving our website and services through aggregated analytics.

3 Legal Basis for Processing

• Contract performance: processing necessary to deliver the services you purchased.
• Legal obligation: compliance with Kenyan law, tax regulations and court orders.
• Legitimate interests: fraud prevention, network security and service improvement.
• Consent: marketing communications (you may withdraw consent at any time).

4 Data Sharing & Third Parties

We share data only where strictly necessary with:

• Payment processors: Safaricom (M-Pesa), Stripe — for transaction processing only.
• Domain registries: ICANN-mandated WHOIS data published to registries.
• Infrastructure providers: data centre and cloud partners operating under data processing agreements.
• Law enforcement: when required by valid Kenyan legal process.

5 Data Retention

We retain personal data for as long as your account is active or as needed to provide services. Account data is deleted or anonymised within 90 days of account closure. Financial records are retained for 7 years as required by Kenyan tax law. Support communications are retained for 3 years.

6 Security

We implement appropriate technical and organisational measures to protect your personal data including TLS encryption in transit, AES-256 encryption at rest, access controls, two-factor authentication for staff systems, and regular security audits. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

7 Your Rights

Under the Kenya Data Protection Act 2019 and GDPR, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data where no legal basis exists for retention.
• Portability: receive your data in a machine-readable format.
• Object: object to processing based on legitimate interests.
• Restrict: request that we restrict processing of your data.

To exercise any right, contact us at [email protected]. We will respond within 30 days.

8 Cookies

We use cookies and similar technologies to operate our website and portal. Please see our Cookie Policy for full details on what cookies we use, why, and how to control them.

9 Contact & Complaints

For privacy enquiries or to exercise your rights, contact our Data Protection Officer at [email protected]. If you believe we have not addressed your concern adequately, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya at odpc.go.ke.