Privacy Policy
Last Updated: December 24, 2025
At EMMCloud, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our Point of Sale (POS) application and related services.
This Privacy Policy complies with the Kenya Data Protection Act, 2019 and applies to all users of the EMMCloud Service.
1. Information We Collect
1.1 Information You Provide Directly
- Full Name: To identify you and personalize your experience
- Email Address: For account verification, communications, and password recovery
- Password: Encrypted and stored securely for account authentication
1.2 Information Collected Automatically
- Device Information: Device type, operating system, and app version
- Usage Data: Features accessed, transaction history, and interaction patterns
- Log Data: Timestamps, error logs, and performance metrics
1.3 Business Transaction Data
- Sales transactions and amounts
- Inventory data and product information
- Payment records and receipts
- Business reports and analytics
1.4 Payment Information
For subscription payments, we collect payment transaction IDs, timestamps, amounts, and subscription tier information.
Note: We do not store your mobile money PIN or full payment account details. Payment processing is handled securely.
2. How We Use Your Information
| Purpose | Description |
|---|---|
| Account Management | Create, maintain, and secure your account; authenticate your identity; enable account recovery |
| Service Delivery | Provide POS functionality, process transactions, generate reports, and deliver requested features |
| Payment Processing | Process subscription payments, manage billing cycles, handle upgrades/downgrades |
| Communication | Send verification emails, transaction confirmations, service updates, and customer support responses |
| Security & Fraud | Detect and prevent unauthorized access, fraudulent transactions, and security breaches |
| Service Improvement | Analyze usage patterns, fix bugs, develop new features, and optimize performance |
| Legal Compliance | Comply with Kenyan laws, respond to legal requests, and enforce our Terms and Conditions |
3. Legal Basis for Processing
Under the Kenya Data Protection Act, 2019, we process your personal data based on:
- Consent: You have given explicit consent by accepting this Privacy Policy
- Contract Performance: Processing is necessary to provide the Service you subscribed to
- Legal Obligation: Processing is required to comply with Kenyan laws and regulations
- Legitimate Interests: Processing is necessary for fraud prevention, security, and service improvement
4. How We Share Your Information
We respect your privacy and do not sell or rent your personal information to third parties. We may share your information in the following circumstances:
4.1 Third-Party Service Providers
- M-Pesa: For subscription payment processing via STK Push
- Mailtrap: For sending verification emails, password resets, and notifications
- Cloud Hosting Providers: For secure data storage and application hosting
4.2 Legal Requirements
We may disclose your information when required by valid legal processes, requests from Kenyan law enforcement, or to protect our rights and safety.
4.3 Business Transfers
In the event of a merger or acquisition, your information may be transferred to the acquiring entity. You will be notified of any such change via email.
5. Data Storage and Security
5.1 Security Measures
- Encryption: All passwords are encrypted using industry-standard hashing algorithms
- Secure Transmission: Data is encrypted using HTTPS/TLS
- Access Controls: Strict internal access controls limit who can access your data
- Regular Security Audits: We conduct periodic security assessments and updates
5.2 Data Retention
After you delete your account, we will immediately revoke your access, anonymize or delete your personal data within 30 days, and retain transaction records as required by Kenyan law (typically 7 years).
6. Your Data Protection Rights
Under the Kenya Data Protection Act, 2019, you have the following rights:
To exercise any of these rights, please contact us. We will respond within 30 days.
7. Email Communications
7.1 Transactional Emails
We send necessary emails for account management including email verification codes, password reset instructions, payment confirmations, transaction limit notifications, and security alerts. You cannot opt out of transactional emails as they are essential for the Service.
7.2 Marketing Communications
If we send promotional or marketing emails in the future, you will have the option to unsubscribe at any time.
8. Children's Privacy
EMMCloud is a business application and is not intended for use by individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from children. If you believe your child has provided us with personal information, please contact us immediately.
9. Cookies and Tracking Technologies
Currently, the EMMCloud mobile application does not use cookies or similar tracking technologies for advertising purposes. We may use essential session management technologies to maintain your login session, remember your preferences, and analyze app performance.
10. Third-Party Links and Services
The Service may integrate with third-party services such as M-Pesa Daraja API. This Privacy Policy does not apply to those external sites or services. We encourage you to review their privacy policies.
11. International Data Transfers
Your data is primarily stored and processed within Kenya or on cloud servers that comply with Kenyan data protection standards. If we need to transfer data outside Kenya, we will ensure adequate safeguards are in place and obtain your explicit consent when required.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date and communicate significant changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Data Breach Notification
In the unlikely event of a data breach, we will notify you via email within 72 hours, inform the Office of the Data Protection Commissioner of Kenya, and provide details about the breach and steps we are taking to address it.
14. Contact Information & Data Protection Officer
If you have any questions or requests regarding this Privacy Policy, please contact us:
Office of the Data Protection Commissioner (Kenya):
www.odpc.go.keWe aim to respond to all privacy-related inquiries within 30 days.
15. Consent and Acknowledgment
By creating an account and using EMMCloud, you acknowledge that:
- You have read and understood this Privacy Policy
- You consent to the collection, use, and processing of your personal information as described
- You understand your rights under the Kenya Data Protection Act, 2019
- You agree to receive necessary transactional emails
Your privacy is important to us. We are committed to protecting your data and being transparent about our practices.