Legal
Privacy Policy
Effective date: 1 June 2025 · Last updated: 1 June 2025
1. Who we are
KEMOBI TECHNOLOGIES LIMITED(“KEMOBI”, “we”, “our”) is a company registered in Kenya (Reg. No. PVT-KAUD2M7D), with its principal place of business in Nairobi, Kenya. We provide Value Added Services, digital marketing, mobile applications, websites, and related technology services.
Contact for data matters: privacy@kemobitech.com | +254 733 309 590
2. Legal basis and applicable law
This policy is written in compliance with the Kenya Data Protection Act 2019 (DPA 2019) and, where applicable, the EU General Data Protection Regulation (GDPR) for visitors from the European Economic Area. Our lawful bases for processing are:
- Consent — analytics cookies and visit tracking (you must explicitly accept our cookie banner).
- Legitimate interest — server logs retained for security and fraud prevention.
- Contractual necessity — processing contact-form submissions to respond to enquiries.
3. What we collect and why
3a. Contact form (Leads)
When you submit the contact form we collect your name, email address, phone number (optional), and message. This information is used solely to respond to your enquiry. It is stored in our database and optionally forwarded by email to our team.
3b. Analytics visits (consent-gated)
If you accept our cookie banner, each page visit records:
- A one-way hash of your IP address (first 16 hex characters of a SHA-256 digest) — the raw IP is never stored.
- Approximate geographic location (city, region, country) derived from the IP.
- Network operator / carrier derived from the IP’s ASN, geographic coordinates (lat/lng), timezone.
- Device type, operating system, and browser name from the User-Agent string.
- Referrer URL and the path visited.
This data is used exclusively for aggregate site analytics (traffic volumes, geographic distribution, device breakdown). We do not build individual profiles and do not share this data with third parties except our analytics infrastructure provider (IPinfo, Inc. — IP-to-location look-ups, subject to their privacy policy).
3c. Cookies
| Name | Purpose | Duration |
|---|---|---|
| kmb_consent | Stores your cookie preference (accept / decline) | 1 year |
| kmb_v | Anonymous visitor identifier (set only if consent given) | 1 year |
| authjs.session-token | Admin authentication session (admin users only) | Session |
4. Data retention
- Visit records — deleted automatically after 365 days via a scheduled cleanup job.
- Contact form submissions (Leads) — retained for 2 years or until you request deletion.
- Admin accounts — retained for the duration of the employment/engagement.
5. Your rights
Under the DPA 2019 (and the GDPR for EEA visitors) you have the right to:
- Access a copy of your personal data
- Correct inaccurate data
- Request deletion (“right to erasure”)
- Restrict or object to processing
- Withdraw consent at any time (by declining cookies via our banner)
- Lodge a complaint with the Office of the Data Protection Commissioner (Kenya)
To exercise any right, email privacy@kemobitech.com. We will respond within 21 days as required by the DPA 2019.
6. Data security
All data is stored on Neon PostgreSQL (TLS in transit, AES-256 at rest). IP addresses are hashed before storage and the raw IP is never persisted. Admin access is authenticated via bcrypt-hashed credentials and JWT sessions.
7. Changes to this policy
We may update this policy to reflect changes in the law or our practices. Material changes will be announced via a notice on this page with an updated effective date.