Privacy Policy
Data Privacy Policy for ZenLipa
Effective Date: 1st August 2024 Last Updated: 26th January 2025
Welcome to the Data Privacy Policy for ZenLipa ("ZenLipa," "we," "us," "our"). We respect your privacy and are committed to protecting the information that is collected or disclosed to us (referred to as "personal data" below). This Privacy Policy explains how ZenLipa processes personal data from users of our platform, applications, and services.
1. Introduction
ZenLipa provides a Software as a Service (SaaS) platform designed to simplify financial management and enhance member engagement for churches, chamas, NGOs, and fundraisers. This Privacy Policy outlines how we collect, use, disclose, transfer, and store your personal data when you interact with us. It also informs you of your privacy rights under the Data Protection Act of Kenya, 2019 ("the Act").
This policy applies to:
- Users of ZenLipa’s applications, software, and web platforms.
- Third parties connected to the use of our services, such as donors, administrators, and members of organizations using ZenLipa.
- ZenLipa’s associated parties, including service providers, contractors, and partners.
- The general public who may interact with ZenLipa's services.
2. Who is Responsible for Your Personal Data?
ZenLipa acts as the data processor in relation to the personal data processed through its services, while the organization using our platform acts as the data controller.
Contact Information:
- Email: info@zenlipa.co.ke
- Telephone: +254752351716
For any questions about this Privacy Policy or to exercise your legal rights, please contact our Data Protection Officer (DPO) using the above details.
3. Collection of Personal Data
ZenLipa collects personal data to provide efficient, reliable, and secure services. We collect this data in the following ways:
a. Directly from Users:
- When you register for an account.
- When you make or manage contributions and donations.
- When you communicate with us via email, phone, or other channels.
b. Automatically:
- Through cookies and analytics tools when you use our website or app.
- When you interact with our SMS or in-app notifications.
c. From Third Parties:
- Partner organizations (e.g., churches, chamas, NGOs) that use ZenLipa.
- Publicly accessible databases or sources.
4. Types of Personal Data Collected
We may collect the following categories of personal data:
a. Basic Personal Information:
- First name, last name, email, and phone number
b. Financial Information:
- Payment details such as transaction amounts, payment methods (e.g., MPESA, card), and contribution history.
c. Device and Usage Data:
- IP address, device identifiers, and browsing activity on our platform.
d. Organizational Data:
- Member lists, department details, and event attendance information provided by churches or chamas.
5. Purpose of Processing Personal Data
ZenLipa processes personal data for the following purposes:
a. Service Delivery:
- To facilitate contributions, donations, and payments through MPESA, card transactions, and other methods.
- To provide notifications and reports to users.
- To manage member engagement and organizational activities efficiently.
b. Platform Improvement:
- To analyze how our platform is used and improve functionality.
- To personalize the user experience.
c. Legal and Regulatory Compliance:
- To comply with financial and data protection laws.
- To fulfill reporting obligations to regulatory authorities.
d. Communication:
- To send updates, transaction confirmations, and responses to inquiries.
- To provide marketing communications with user consent.
6. Sharing and Disclosure of Personal Data
We may share personal data with the following parties:
a. Partner Organizations:
- Churches, chamas, or fundraisers that use our platform.
b. Service Providers:
- Payment processors such as MPESA and Paystack for secure transaction handling.
- Hosting and cloud service providers to ensure reliable platform performance.
c. Regulatory Authorities:
- Government or regulatory bodies when required by law or to prevent fraud.
d. Other Third Parties:
- With user consent or as necessary to protect ZenLipa’s rights and interests.
7. Data Storage and Hosting
ZenLipa utilizes DigitalOcean as its hosting provider for storing and managing user data. DigitalOcean is a globally recognized cloud infrastructure provider that complies with international data protection standards, including the General Data Protection Regulation (GDPR). This ensures that your data is stored securely and handled in compliance with applicable data protection laws.
Key measures provided by DigitalOcean include:
- Data Encryption: All data is encrypted at rest and in transit using industry-standard protocols.
- Access Controls: Robust access management systems to ensure only authorized personnel can access stored data.
- Data Center Security: Physical security measures at data centers, including surveillance, biometric access, and redundancy systems.
For more information on DigitalOcean's data protection practices, visit their Data Protection Agreement.
8. Data Retention
ZenLipa retains personal data only for as long as necessary to:
- Fulfill the purposes outlined in this Privacy Policy.
- Comply with legal and regulatory requirements.
- Resolve disputes and enforce agreements.
9. Data Security
ZenLipa is committed to safeguarding personal data using:
- Encryption for sensitive information.
- Secure access controls for authorized personnel only.
- Regular security assessments and updates.
10. Your Rights
As a user, you have the following rights under the Data Protection Act of Kenya:
- Right to Access: Request access to the personal data we hold about you.
- Right to Rectification: Request corrections to inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data where legally permissible.
- Right to Restriction: Request limitations on how your data is processed.
- Right to Data Portability: Request a copy of your personal data in a portable format.
To exercise your rights, contact us at info@zenlipa.co.ke.
11. Payment-Specific Data
a. MPESA Transactions:
ZenLipa integrates with Safaricom’s Daraja API for fast, secure, and reliable mobile money payments.
b. Card Transactions:
ZenLipa partners with Paystack for secure card processing. Transaction details are securely transmitted to Paystack and not stored by ZenLipa.
By using our card services, you agree to Paystack terms of service including transaction fees: local card transactions incur a charge of 2.9%, and international card transactions incur a charge of 3.8%. Details for card transaction fees and data protection agreement can be found under Paystack’s terms of service.
c. Fee Transparency:
Users are informed of applicable transaction and platform fees before confirming payments.
12. Cross-Border Data Transfers
Where data is transferred outside Kenya, ZenLipa ensures compliance with the Data Protection Act and uses secure mechanisms for cross-border transfers.
13. Changes to This Policy
ZenLipa reserves the right to update this policy to reflect changes in our services or applicable laws. Users will be notified of significant updates through the platform or via email.
14. Contact Information
For questions, concerns, or to exercise your rights, please contact:
- Email: info@zenlipa.co.ke
- Phone: +254752351716