DelphixitDelphixit Nova
Get Started
Trust & Transparency

Privacy Policy

Your data belongs to you. We only borrow it to build your software.

Effective Date: January 1, 2025

This Privacy Policy describes how Delphixit Nova ("we", "us") collects, uses, and discloses your personal information. We adhere strictly to the Data Protection Act, 2019 (Kenya) and international best practices for data privacy.

1. Information We Collect

Information You Provide

  • Account Data: Name, Email address, Phone number, and Business name required for account creation.
  • Project Specs: Technical requirements, branding assets, and configuration preferences submitted via the dashboard.
  • Billing Data: Transaction details necessary for M-Pesa or Card payments (processed securely via licensed gateways).

Automated Collection

  • Log Data: IP address, browser type, and timestamps for security auditing.
  • Usage Metrics: Anonymous data on how you interact with our dashboard to improve UX (e.g., page load speeds).
  • Cookies: Session cookies essential for authentication and security.

2. How We Use Your Data

We do not sell your data. We use your information solely for:

  • Service Delivery: To build, deploy, and maintain the software you purchased.
  • Communication: Sending invoices, project updates, and security alerts.
  • Security: Detecting and preventing fraud or unauthorized access to your projects.
  • Legal Compliance: Meeting tax obligations (KRA) and regulatory requirements.

3. Data Protection & Security

We implement "Privacy by Design" principles. Your data is secured using enterprise-grade measures:

Encryption
Data is encrypted in transit (TLS 1.2+) and at rest.
Access Control
Strict role-based access. Only assigned engineers see your project data.
Data Residency
We prioritize local hosting where possible to keep data within legal jurisdictions.

4. Sharing & Disclosure

We only share data with third parties when absolutely necessary for the service:

  • Payment Processors: M-Pesa (Safaricom) and Card Gateways to process transactions.
  • Cloud Infrastructure: AWS/Google Cloud for hosting your specific project (as agreed in your SOW).
  • Legal Authorities: If compelled by a valid court order or to report criminal activity (e.g., fraud) to Kenyan authorities.

5. Your Rights (Kenya DPA 2019)

Under Kenyan Law, you have the specific right to:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Correct any inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your account and data, subject to our legal tax retention obligations.
  • Object: Opt-out of any processing for direct marketing purposes.
To exercise these rights, email: privacy@delphixit.com

6. Data Retention

We retain your personal information only as long as necessary to provide the Services and comply with legal obligations (e.g., KRA requires us to keep transaction records for 7 years). Once the retention period expires, data is securely deleted or anonymized.

7. Contact Us

If you have questions about this policy or our data practices:

Contact Privacy Team

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya if you believe your rights have been violated.