Privacy Policy

Hisabi — Privacy Policy

How we collect, use, store, and protect your data under the Kenya Data Protection Act, 2019.

Last updated: December 8, 2025

1. Introduction

This Privacy Policy explains how Hisabi (“we”, “us”, “our”) collects, uses, stores, and protects your personal data in line with the Kenya Data Protection Act, 2019.

By using Hisabi, you agree to this policy.

2. Data We Collect

Information you provide: name, email, phone, business info, and financial records you enter (invoices, bills, payroll, etc.).

Automatically collected data: device/browser information, IP, timestamps, error logs, usage patterns for analytics.

Third-party integrations: data from services you connect (e.g., M-Pesa callbacks, email providers, accounting systems) limited to what is needed for automation.

3. How We Use Your Data

Provide the Hisabi service and calculate VAT, WHT, payroll, and other financial outputs.

Automate M-Pesa reconciliation and personalise dashboards.

Communicate with you (support, updates, alerts) and comply with Kenya Data Protection Act requirements.

Detect and prevent fraud or misuse. We do not sell your data.

4. Legal Basis for Processing (Kenya DPA 2019)

Consent: account creation and optional features.

Contract: providing the Hisabi service.

Legal obligation: KRA-related retention, AML, audit requirements.

Legitimate interest: platform improvement and fraud detection.

5. Data Sharing

Service providers for hosting, storage, email delivery under confidentiality and security commitments.

Payment processors or Safaricom (for M-Pesa callbacks) as triggered by your integrations.

Regulators or courts if required by Kenyan law. Never shared for advertising or resale.

6. Data Storage & Security

Encryption in transit and at rest, strict access controls, regular audits, and role-based permissions.

Backups and tested recovery procedures on secure cloud infrastructure.

7. Data Retention

Data is kept while your account is active and for legally required periods (e.g., 5–7 years for tax records in Kenya).

After retention periods, data is deleted or anonymised.

8. Your Rights (Kenya Data Protection Act)

Request access, correction, deletion (where lawful), restriction, withdrawal of consent, or data portability.

Send requests to support@hisabi.io.

9. Cookies

Used for session management, analytics, and preferences. Disabling cookies may limit functionality.

10. Third-Party Links

External sites have their own privacy practices; we are not responsible for them.

11. Changes to This Policy

We may update this policy. Significant changes will be notified via email or in-app.

12. Contact Us

For privacy questions or requests: support@hisabi.io.