Legal

Privacy Policy

Last updated: May 2026

1. Who We Are

Kinyozi ("we", "us", "our") is a barbershop management platform built for shop owners across East Africa. We are the data controller for information collected through this platform. If you have questions about this policy, contact us at kinyozimanager@gmail.com.

2. What Data We Collect

We collect the following categories of data:

  • Account data — your name, email address, phone number, and password (stored as a secure hash).
  • Shop data — your shop name, address, subdomain, and branding preferences.
  • Transaction data — POS transactions, payment methods, amounts, and associated staff records.
  • Staff data — names, roles, commission configurations, and earnings records for staff you add to your shop.
  • Billing data — subscription plan, payment history, and Paystack transaction references. We do not store card numbers or M-Pesa PINs.
  • Usage data — IP addresses, browser type, and pages visited, collected automatically for security and analytics.

3. How We Use Your Data

  • To provide and operate the Kinyozi platform.
  • To process payments via Paystack.
  • To send transactional emails (subscription confirmations, password resets, email verification).
  • To enforce subscription access and feature gating.
  • To detect and prevent fraud or abuse.
  • To improve the platform based on usage patterns.

4. Data Sharing

We do not sell your data. We share data only with:

  • Paystack — to process subscription payments. Paystack's privacy policy applies to data they handle.
  • Neon (PostgreSQL) — our database provider, where your data is stored securely.
  • Law enforcement — only when required by applicable law.

5. Data Isolation

Each shop (tenant) on Kinyozi has fully isolated data. Your transactions, staff, and financial records are never visible to other shops on the platform. Access is enforced at the database level on every query.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data is permanently removed from our systems within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your transaction and financial data.

To exercise any of these rights, email us at kinyozimanager@gmail.com.

8. Security

We use industry-standard security practices including HTTPS encryption, hashed passwords (bcrypt), JWT-based authentication, and rate limiting on sensitive endpoints. Payment processing is handled entirely by Paystack — we never handle raw card or M-Pesa credentials.

9. Cookies

We use a single HTTP-only authentication cookie to keep you logged in. We do not use third-party tracking cookies or advertising cookies.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on the platform. Continued use of Kinyozi after changes constitutes acceptance.