N

Privacy Policy

Last updated: 2025

Nakalai (“we”, “us”, “our”) values the privacy of every customer, partner, user, and visitor who interacts with our digital platforms, including our website, tenant workspaces, email, chat channels, and implementation or support engagements. This policy explains how we collect, use, share, and safeguard your personal information in line with the Kenya Data Protection Act, 2019 and globally recognized privacy frameworks such as the EU General Data Protection Regulation (GDPR).

1. Scope & Data Controller

This policy applies to all products, services, and touchpoints operated by Nakalai. Nakalai is the data controller responsible for determining the purposes and means of processing your personal data.

2. Information We Collect

  • Identity & Contact: Names, phone numbers, email addresses, delivery addresses, alternate contacts.
  • Workspace & Account: Tenant profile data, user roles, configuration metadata, workspace preferences, and connected channel details.
  • Transactional & Billing: Orders, invoices, payment confirmations, subscriptions, and usage records needed to deliver services.
  • Communications: Chat transcripts, support tickets, onboarding notes, call summaries, and survey responses.
  • Usage & Device: Browser type, cookies, device identifiers, logs, and other service telemetry used to secure and improve the platform.
  • Marketing Preferences: Opt-in/opt-out status for newsletters, product updates, and service announcements.

3. How We Use Your Information

  • Responding to enquiries, onboarding workspaces, and delivering the platform or services you request.
  • Processing payments, managing subscriptions, and keeping records required by law.
  • Supporting conversations, quality review, AI safety controls, and service improvement.
  • Sending service updates, security notices, billing communications, and (with consent) marketing communications.
  • Complying with regulatory obligations, resolving disputes, detecting fraud, or enforcing agreements.

Our legal bases include contractual necessity, compliance with legal obligations, legitimate interests (such as customer support, analytics, and network security), and consent where required (e.g., marketing or data sharing).

4. Cookies & Tracking Technologies

We use cookies, local storage, and similar tools to remember chat sessions, keep users logged in, and measure website usage. Non-essential cookies are only activated after you provide explicit consent. You can adjust your browser settings to refuse cookies; however, some site features may then become unavailable.

5. Sharing of Personal Data

We do not sell customer data. We only share personal information with:

  • Service providers (e.g., payment processors, logistics partners, cloud hosts) bound by confidentiality agreements.
  • Professional advisors (legal, financial, compliance) where necessary.
  • Regulators and law enforcement when required by law.
  • Affiliated entities or successors in the event of a merger, acquisition, or asset transfer.

International transfers are protected through contractual clauses or other lawful safeguards to ensure your rights travel with your data.

6. Data Retention & Security

We retain personal data only for as long as necessary to fulfill the purposes outlined here, comply with legal obligations, resolve disputes, and enforce agreements. We implement administrative, technical, and physical safeguards (including encryption-at-rest, access controls, and audit logging) to protect your data from unauthorized access, alteration, disclosure, or destruction.

7. Your Rights

Under the Kenya Data Protection Act and international privacy laws, you have the right to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion or anonymization when data is no longer needed or consent is withdrawn.
  • Request restriction or object to certain processing activities.
  • Request data portability in a structured, commonly used format.
  • Withdraw consent at any time for processing based on consent (e.g., marketing).

To exercise these rights, please contact us using the details below. We aim to respond within the statutory timeframes.

8. Children

Our services are intended for individuals aged 18 and above. If we become aware that personal data has been collected from a child without proper guardian consent, we will delete it promptly.

9. Updates to this Policy

We may update this policy to reflect changes in technology, regulations, or our operations. Significant updates will be announced on our website or via email. The “last updated” date at the top indicates when the latest changes took effect.

10. Contact & Complaints

For privacy questions, data subject requests, or complaints, please contact:

Nakalai Privacy Team
Email: [email protected]

If you believe we have not handled your request satisfactorily, you may escalate the matter to the Office of the Data Protection Commissioner (Kenya) or your local supervisory authority.