Privacy Policy - Nzoka AI
Legal

Privacy Policy

Effective Date: 14th July 2025  ยท  Last Updated: March 2026

Nzoka AI is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights as a user of our hospitality automation platform.

1 What We Collect

  • Business information: your name, email address, business name, and country
  • Access credentials for Meta Business Manager and TikTok (temporary, changed after setup)
  • Your WhatsApp Business number for integration purposes
  • Non-personalised interaction logs used to improve AI response quality
  • Payment information processed securely through IntaSend (we do not store card details)
  • Guest messages relayed through your connected platforms, used only to generate responses

2 How We Use Your Data

  • Setting up and operating your AI guest communication assistant
  • Personalising guest replies based on your property information and preferences
  • Improving system performance and training AI response models
  • Billing, account verification, and subscription management
  • Sending you operational notifications and product updates

3 Your Rights

Under the Kenya Data Protection Act (2019) and applicable international standards, you have the right to:

  • Request access to, correction of, or deletion of your personal data
  • Request a downloadable copy of the data we hold about you
  • Restrict or object to how your data is processed
  • Withdraw consent at any time without affecting previous lawful processing
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC), Kenya

To exercise any of these rights, contact us at kakitukenya@gmail.com.

4 How We Protect Your Data

  • All data is stored on encrypted servers with secure daily backups
  • Access is limited to authorised personnel under strict confidentiality obligations
  • Supabase (our database provider) is SOC 2 Type II compliant
  • We comply with the Kenya Data Protection Act (2019) and applicable GDPR principles
  • Platform credentials (Meta, TikTok) are used for setup only and are not retained beyond that

5 Data Sharing

We do not sell your data. We may share information only with:

  • Official platforms required to run your integration (Meta, TikTok, Telegram, WhatsApp Business API)
  • Payment processors (IntaSend) solely for billing purposes
  • Legal authorities where required by Kenyan law or valid court order

6 Data Retention

  • Account data is retained while your subscription is active
  • Upon account deletion, data is removed within 30 days
  • Anonymised performance data may be retained for model improvement
  • Payment records are retained as required by Kenyan tax law (7 years)

7 EU/EEA Residents

If you are located in the EU or EEA, you may file a complaint with your local Data Protection Authority. We honour all GDPR rights and provide 30-day data deletion windows upon request.

Questions about this policy? Contact us at kakitukenya@gmail.com or via WhatsApp at +254 789 875740.

Terms of Service Data Use & AI Statement