Privacy Policy

At EMMCloud, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our Point of Sale (POS) application and related services (the "Service").

This Privacy Policy complies with the Kenya Data Protection Act, 2019 and applies to all users of the EMMCloud Service.

We collect different types of information to provide and improve our Service. The information we collect includes:

1.1 Information You Provide Directly

When you register for an account, you provide us with:

• Full Name: To identify you and personalize your experience
• Email Address: For account verification, communications, and password recovery
• Password: Encrypted and stored securely for account authentication

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Device Information: Device type, operating system, and app version
• Usage Data: Features accessed, transaction history, and interaction patterns
• Log Data: Timestamps, error logs, and performance metrics

1.3 Business Transaction Data

To provide POS functionality, we collect and store:

• Sales transactions and amounts
• Inventory data and product information
• Payment records and receipts
• Business reports and analytics

1.4 Payment Information

For subscription payments via mobile payment, we collect:

• Payment transaction IDs
• Payment timestamps and amounts
• Subscription tier information

Note: We do not store your mobile money PIN or full payment account details. Payment processing is handled securely by Equity Bank API.

We use the collected information for the following purposes:

Under the Kenya Data Protection Act, 2019, we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent by accepting this Privacy Policy
• Contract Performance: Processing is necessary to provide the Service you subscribed to
• Legal Obligation: Processing is required to comply with Kenyan laws and regulations
• Legitimate Interests: Processing is necessary for fraud prevention, security, and service improvement

We respect your privacy and do not sell or rent your personal information to third parties. However, we may share your information in the following circumstances:

4.1 Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating the Service:

• Equity Bank: For subscription payment processing via STK Push
• Mailtrap: For sending verification emails, password resets, and notifications
• Cloud Hosting Providers: For secure data storage and application hosting

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid legal processes (court orders, subpoenas)
• Requests from law enforcement or government authorities in Kenya
• Protection of our rights, property, or safety
• Enforcement of our Terms and Conditions

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change via email.

4.4 With Your Consent

We may share your information with other parties when you give us explicit permission to do so.

5.1 Where We Store Your Data

Your data is stored securely on cloud servers. We implement industry-standard security measures to protect your information from unauthorized access, alteration, or disclosure.

5.2 Security Measures

We employ multiple layers of security, including:

• Encryption: All passwords are encrypted using industry-standard hashing algorithms
• Secure Transmission: Data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Access Controls: Strict internal access controls limit who can access your data
• Regular Security Audits: We conduct periodic security assessments and updates
• Secure Authentication: Multi-factor authentication and session management

5.3 Data Retention

We retain your personal information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations (e.g., tax and accounting records)
• Resolve disputes and enforce our agreements

After you delete your account, we will:

• Immediately revoke your access to the Service
• Anonymize or delete your personal data within 30 days
• Retain transaction records as required by Kenyan law (typically 7 years)

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 30 days.

7.1 Transactional Emails

We send necessary emails for account management, including:

• Email verification codes
• Password reset instructions
• Payment confirmations
• Transaction limit notifications
• Security alerts

Note: You cannot opt out of transactional emails as they are essential for the Service to function.

7.2 Marketing Communications

If we send promotional or marketing emails in the future, you will have the option to unsubscribe at any time by clicking the "unsubscribe" link in the email.

EMMCloud is a business application and is not intended for use by individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information without consent, please contact us immediately, and we will delete such information.

Currently, the EMMCloud mobile application does not use cookies or similar tracking technologies for advertising purposes. However, we may use essential session management technologies to:

• Maintain your login session
• Remember your preferences
• Analyze app performance

If we implement additional tracking technologies in the future, we will update this Privacy Policy and notify you accordingly.

The Service may contain links to third-party websites or integrate with third-party services (e.g., Equity Bank API). This Privacy Policy does not apply to those external sites or services.

We encourage you to review the privacy policies of any third-party services you interact with. We are not responsible for the privacy practices of third parties.

Your data is primarily stored and processed within Kenya or on cloud servers that comply with Kenyan data protection standards. If we need to transfer data outside Kenya, we will:

• Ensure the receiving country has adequate data protection laws
• Implement appropriate safeguards (e.g., standard contractual clauses)
• Obtain your explicit consent when required

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• Significant changes will be communicated via email
• Continued use of the Service after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you via email within 72 hours of becoming aware of the breach
• Inform the Office of the Data Protection Commissioner of Kenya as required by law
• Provide details about the nature of the breach and steps we are taking to address it
• Offer guidance on how you can protect yourself

By creating an account and using EMMCloud, you acknowledge that:

• You have read and understood this Privacy Policy
• You consent to the collection, use, and processing of your personal information as described
• You understand your rights under the Kenya Data Protection Act, 2019
• You agree to receive necessary transactional emails

Your privacy is important to us. We are committed to protecting your data and being transparent about our practices.