Privacy Policy
1. Introduction
KEEP ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal and business information in accordance with the Kenya Data Protection Act, 2019.
2. Information We Collect
We collect the following categories of information:
- Identity data: Your name, business name, KRA PIN, and authorized contact persons.
- Contact data: Phone number, WhatsApp number, email address, and business location.
- Transaction data: M-Pesa messages you forward to us, sales records, expense records, and invoice details.
- Communication data: Messages exchanged with our support team.
- Technical data: Limited analytics from this website (no personal identification unless you contact us).
3. How We Use Your Information
We use your information solely to:
- Generate your weekly cashflow reports and summaries.
- Create and submit KRA-compliant eTIMS invoices on your behalf.
- Track debtors and send payment reminders.
- Provide customer support and respond to queries.
- Comply with Kenyan tax law and other legal obligations.
4. Data Sharing
We do not sell, rent, or trade your data. We only share data with:
- Kenya Revenue Authority (KRA): For eTIMS compliance and tax filing purposes only.
- KRA-approved eTIMS solution providers: To process and issue compliant invoices.
- Legal authorities: Only when required by valid court order or Kenyan law.
5. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encrypted storage of all sensitive information.
- Restricted access to authorized personnel only.
- Regular security audits and updates.
- Secure communication channels.
We have never had a security incident. However, no method of electronic transmission or storage is 100% secure.
6. Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify you and the Office of the Data Protection Commissioner within seventy-two (72) hours of discovery, as required by the Kenya Data Protection Act.
7. Data Retention
We retain your business and transaction data for seven (7) years as required by the Kenya Revenue Authority and the Tax Procedures Act. After this period, your data will be securely deleted unless required for an ongoing legal matter.
8. Your Rights
Under the Kenya Data Protection Act, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data (subject to legal retention requirements).
- Object to processing of your data.
- Withdraw consent at any time.
- Lodge a complaint with the Office of the Data Protection Commissioner.
To exercise these rights, contact us via WhatsApp or email at hello@keep.co.ke.
9. Cookies
This website uses minimal cookies to remember your preferences (such as cookie consent). We do not use tracking cookies for advertising purposes.
10. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.
11. International Transfers
Your data is primarily stored within Kenya. If we use any service provider outside Kenya, we ensure equivalent data protection standards are in place, as required by Kenyan law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via WhatsApp or email at least thirty (30) days before they take effect.
13. Contact Us
For privacy-related questions or to exercise your data rights, contact our Data Protection Officer at hello@keep.co.ke or via WhatsApp.