Privacy Policy & Data Protection

Last updated: June 2026

1. Data We Collect

We collect and process the following personal data to provide property management services:

• Identity Data: Full name, national ID number, passport details
• Contact Data: Phone number, email address, physical address
• Financial Data: Rent payments, M-Pesa transaction codes, deposit records
• Property Data: Unit occupancy, lease agreements, maintenance requests
• Employment Data: Employer name and contact (for tenant verification)

2. Purpose of Data Processing

Your data is processed for the following lawful purposes:

• Tenant billing and rent collection via M-Pesa Paybill
• Landlord disbursement calculations and reporting
• Lease agreement management and renewal tracking
• Maintenance request coordination
• Regulatory compliance (KRA eTIMS / eRITS tax submissions)
• SMS and WhatsApp notification delivery

3. Legal Basis

We process your data under the following legal bases as defined by the Data Protection Act, 2019:

• Contractual Necessity: To fulfill our property management agreement with you
• Legal Obligation: Tax reporting to Kenya Revenue Authority (KRA)
• Legitimate Interest: Fraud prevention, arrears management, service improvement
• Consent: Where you have explicitly agreed (e.g., marketing communications)

4. Data Sharing

We share your data only with:

• Landlords / Property Owners: Rent payment records and tenancy details
• Safaricom PLC: M-Pesa transaction processing (Daraja API)
• Kenya Revenue Authority: Tax compliance reporting (eTIMS / eRITS)
• Service Providers: SMS gateway (Africa's Talking), cloud hosting

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. Data Retention

We retain your personal data for:

• Active tenancies: Duration of tenancy plus 7 years (statutory limitation)
• Financial records: 7 years (KRA requirement)
• Inactive accounts: Up to 2 years after last activity, then anonymized or deleted

6. Your Rights (DPA 2019, Part VI)

Under the Data Protection Act, you have the right to:

• Access: Request a copy of your personal data we hold
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion (subject to legal retention)
• Restriction: Limit processing in certain circumstances
• Objection: Object to processing based on legitimate interest
• Portability: Receive your data in a structured, machine-readable format
• Complaint: Lodge a complaint with the Office of the Data Protection Commissioner (ODPC)

7. Data Security

We implement appropriate technical and organizational measures:

• Encryption in transit (TLS 1.2+) and at rest
• Role-based access control with unique user credentials
• PIN and biometric authentication for mobile access
• Full audit trail of all data access and modifications
• Regular security assessments and updates

8. Contact Our Data Protection Officer

---

By using this system, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein, in accordance with the Data Protection Act, 2019 (Kenya).