Back to Home

Privacy Policy

Last updated: December 26, 2024

1. Introduction

LipaFlow Technologies ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our M-PESA to WhatsApp automation service, in compliance with the Kenya Data Protection Act, 2019.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Business name and registration details
  • Contact information (email, phone number)
  • M-PESA business account details
  • WhatsApp Business API credentials
  • Customer phone numbers (for message delivery)

2.2 Transaction Data

We process:

  • M-PESA transaction confirmations
  • Payment amounts and timestamps
  • Transaction reference numbers
  • Message delivery status

3. How We Use Your Information

We use your information to:

  • Process M-PESA payment notifications
  • Send automated WhatsApp messages to your customers
  • Provide customer support and technical assistance
  • Improve our service and develop new features
  • Comply with legal obligations and prevent fraud
  • Send service updates and important notifications

4. Data Sharing and Disclosure

We may share your information with:

  • Safaricom M-PESA: For payment processing and verification
  • Meta (WhatsApp): For message delivery through WhatsApp Business API
  • Cloud Service Providers: For secure data storage and processing
  • Legal Authorities: When required by law or to protect our rights

We do not sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures including:

  • End-to-end encryption for data transmission
  • Secure cloud infrastructure with regular backups
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Employee training on data protection practices

6. Your Rights (Kenya Data Protection Act, 2019)

Under Kenyan law, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured format
  • Object: Object to processing of your data
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@lipaflow.com

7. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations. Transaction data is retained for 7 years as required by Kenyan tax law. You may request deletion of your account and associated data at any time.

8. International Data Transfers

Your data may be transferred to and processed in countries outside Kenya, including for cloud storage and API services. We ensure adequate safeguards are in place through standard contractual clauses and compliance with international data protection standards.

9. Children's Privacy

Our service is intended for businesses and individuals over 18 years old. We do not knowingly collect data from children under 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service. Continued use of our service after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact:

LipaFlow Technologies

Email: privacy@lipaflow.com

Phone: +254 700 000 000

Address: Nairobi, Kenya

Data Protection Officer: dpo@lipaflow.com

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya.