Hisabi — Privacy Policy
How we collect, use, store, and protect your data under the Kenya Data Protection Act, 2019.
Last updated: December 8, 2025
1. Introduction
This Privacy Policy explains how Hisabi (“we”, “us”, “our”) collects, uses, stores, and protects your personal data in line with the Kenya Data Protection Act, 2019.
By using Hisabi, you agree to this policy.
2. Data We Collect
Information you provide: name, email, phone, business info, and financial records you enter (invoices, bills, payroll, etc.).
Automatically collected data: device/browser information, IP, timestamps, error logs, usage patterns for analytics.
Third-party integrations: data from services you connect (e.g., M-Pesa callbacks, email providers, accounting systems) limited to what is needed for automation.
3. How We Use Your Data
Provide the Hisabi service and calculate VAT, WHT, payroll, and other financial outputs.
Automate M-Pesa reconciliation and personalise dashboards.
Communicate with you (support, updates, alerts) and comply with Kenya Data Protection Act requirements.
Detect and prevent fraud or misuse. We do not sell your data.
4. Legal Basis for Processing (Kenya DPA 2019)
Consent: account creation and optional features.
Contract: providing the Hisabi service.
Legal obligation: KRA-related retention, AML, audit requirements.
Legitimate interest: platform improvement and fraud detection.
5. Data Sharing
Service providers for hosting, storage, email delivery under confidentiality and security commitments.
Payment processors or Safaricom (for M-Pesa callbacks) as triggered by your integrations.
Regulators or courts if required by Kenyan law. Never shared for advertising or resale.
6. Data Storage & Security
Encryption in transit and at rest, strict access controls, regular audits, and role-based permissions.
Backups and tested recovery procedures on secure cloud infrastructure.
7. Data Retention
Data is kept while your account is active and for legally required periods (e.g., 5–7 years for tax records in Kenya).
After retention periods, data is deleted or anonymised.
8. Your Rights (Kenya Data Protection Act)
Request access, correction, deletion (where lawful), restriction, withdrawal of consent, or data portability.
Send requests to support@hisabi.io.
9. Cookies
Used for session management, analytics, and preferences. Disabling cookies may limit functionality.
10. Third-Party Links
External sites have their own privacy practices; we are not responsible for them.
11. Changes to This Policy
We may update this policy. Significant changes will be notified via email or in-app.
12. Contact Us
For privacy questions or requests: support@hisabi.io.