Hisabi

Privacy Policy

Hisabi — Privacy Policy

How we collect, use, store, and protect your data under the Kenya Data Protection Act, 2019.

Last updated: December 8, 2025

1. Introduction
  • This Privacy Policy explains how Hisabi (“we”, “us”, “our”) collects, uses, stores, and protects your personal data in line with the Kenya Data Protection Act, 2019.
  • By using Hisabi, you agree to this policy.
2. Data We Collect
  • Information you provide: name, email, phone, business info, and financial records you enter (invoices, bills, payroll, etc.).
  • Automatically collected data: device/browser information, IP, timestamps, error logs, usage patterns for analytics.
  • Third-party integrations: data from services you connect (e.g., M-Pesa callbacks, email providers, accounting systems) limited to what is needed for automation.
3. How We Use Your Data
  • Provide the Hisabi service and calculate VAT, WHT, payroll, and other financial outputs.
  • Automate M-Pesa reconciliation and personalise dashboards.
  • Communicate with you (support, updates, alerts) and comply with Kenya Data Protection Act requirements.
  • Detect and prevent fraud or misuse. We do not sell your data.
4. Legal Basis for Processing (Kenya DPA 2019)
  • Consent: account creation and optional features.
  • Contract: providing the Hisabi service.
  • Legal obligation: KRA-related retention, AML, audit requirements.
  • Legitimate interest: platform improvement and fraud detection.
5. Data Sharing
  • Service providers for hosting, storage, email delivery under confidentiality and security commitments.
  • Payment processors or Safaricom (for M-Pesa callbacks) as triggered by your integrations.
  • Regulators or courts if required by Kenyan law. Never shared for advertising or resale.
6. Data Storage & Security
  • Encryption in transit and at rest, strict access controls, regular audits, and role-based permissions.
  • Backups and tested recovery procedures on secure cloud infrastructure.
7. Data Retention
  • Data is kept while your account is active and for legally required periods (e.g., 5–7 years for tax records in Kenya).
  • After retention periods, data is deleted or anonymised.
8. Your Rights (Kenya Data Protection Act)
  • Request access, correction, deletion (where lawful), restriction, withdrawal of consent, or data portability.
  • Send requests to support@hisabi.io.
9. Cookies
  • Used for session management, analytics, and preferences. Disabling cookies may limit functionality.
10. Third-Party Links
  • External sites have their own privacy practices; we are not responsible for them.
11. Changes to This Policy
  • We may update this policy. Significant changes will be notified via email or in-app.
12. Contact Us
  • For privacy questions or requests: support@hisabi.io.