M

Privacy Policy

Your privacy is important to us. This policy explains how Mashughuli collects, uses, and protects your personal information in compliance with Kenyan law.

Last updated: January 6, 2025

This Privacy Policy complies with the Data Protection Act, 2019 of Kenya and international best practices.

1. Introduction

Mashughuli Limited ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our errand services platform.

By using Mashughuli, you agree to the collection and use of information in accordance with this policy and Kenya's Data Protection Act, 2019.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly when creating an account and using our services:

  • Identity Information: Full name, email address, phone number, date of birth
  • Contact Information: Physical address, postal address
  • Financial Information: M-Pesa number, bank account details (for payouts)
  • Identity Verification: National ID, passport, or other government-issued documents
  • Profile Information: Bio, profile picture, preferences, skills

2.2 Usage Information

  • Errand posts, bids, messages, and reviews
  • Transaction history and payment records
  • Location data (when you enable location services)
  • Device information and IP address
  • Usage patterns and service interactions

2.3 Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience. You can control cookie preferences through our cookie banner or browser settings.

3. How We Use Your Information

3.1 Service Provision

  • Create and maintain user accounts
  • Facilitate connections between requesters and runners
  • Process payments and financial transactions
  • Provide customer support and resolve disputes
  • Verify user identity for safety and security

3.2 Communication

  • Send service-related notifications and updates
  • Respond to inquiries and provide support
  • Send marketing communications (with your consent)
  • Notify you of policy changes or security issues

3.3 Legal Basis (Kenya Data Protection Act)

We process your data based on:

  • Consent: Marketing communications, optional features
  • Contract Performance: Providing errand services, processing payments
  • Legal Obligation: Tax records, identity verification, fraud prevention
  • Legitimate Interests: Service improvement, security, analytics

4. How We Share Your Information

4.1 Within the Platform

  • Profile information visible to other users (name, ratings, reviews)
  • Contact information shared with matched users for specific errands
  • Public reviews and ratings (with privacy controls)

4.2 Service Providers

  • Payment Processors: Safaricom (M-Pesa), banks for transaction processing
  • Identity Verification: Third-party KYC providers
  • Communication: SMS and email service providers
  • Analytics: Anonymous usage data for service improvement

4.3 Legal Requirements

We may disclose information when required by Kenyan law or government authorities:

  • Compliance with legal processes or court orders
  • Cooperation with law enforcement investigations
  • Protection of rights, property, or safety
  • Tax reporting obligations to Kenya Revenue Authority

5. Your Rights Under Kenya's Data Protection Act

Data Subject Rights

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Delete your personal data
  • Portability: Export your data
  • Object: Opt out of certain processing
  • Restrict: Limit how we use your data

How to Exercise Rights

Email: privacy@mashughuli.com

Phone: +254-XXX-XXXXXX

Response Time: Within 30 days

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training
  • Secure data centers within Kenya or approved jurisdictions
  • Two-factor authentication for sensitive operations

Data Breach Notification: In case of a security breach affecting your personal data, we will notify you and the Data Protection Commissioner within 72 hours as required by law.

7. Data Retention

Retention Periods

  • Account Information: Until account deletion + 7 years (tax purposes)
  • Transaction Records: 7 years (legal requirement)
  • Communication Records: 2 years
  • Usage Analytics: 3 years (anonymized)
  • Marketing Data: Until consent withdrawal

8. Cookies and Tracking

We use cookies to enhance your experience and analyze site usage. Our cookie banner allows you to control which types of cookies you accept:

Cookie Types

  • Necessary: Essential functionality
  • Functional: Enhanced features
  • Analytics: Usage statistics
  • Marketing: Personalized ads

Your Control

You can update your cookie preferences anytime through:

  • Cookie settings panel
  • Browser preferences
  • Account privacy settings

9. International Data Transfers

Your personal data is primarily stored and processed within Kenya. When we use international service providers, we ensure:

  • Adequate protection levels (GDPR adequacy or equivalent)
  • Standard contractual clauses for data protection
  • Regular compliance audits
  • Data localization where required by law

10. Children's Privacy

Mashughuli is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us immediately for removal.

11. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via:

  • Email notification to your registered email
  • In-app notifications
  • Website banner announcements
  • SMS for critical changes affecting your rights

12. Contact Information

Data Protection Officer

Email: dpo@mashughuli.com

Phone: +254-XXX-XXXXXX

Address: [Company Address]
Nairobi, Kenya

Regulatory Authority

Office of the Data Protection Commissioner

P.O. Box 200-00200

Nairobi, Kenya

Website: www.odpc.go.ke

Your Consent

By using Mashughuli, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with our practices, please do not use our services.