958Innovations ("we," "our," or "us"), a software solutions company based in Nairobi, Kenya, is committed to protecting the privacy of our clients and their end-users. This Privacy Policy explains how we collect, use, process, and safeguard information across our platforms, including SautiCloud, custom websites, and payment integrations.

We operate in compliance with the Kenya Data Protection Act, 2019 and applicable global data protection standards. Where we process data on behalf of our clients, we act as a data processor, and our clients act as the data controllers.

Some responses and interactions on our platforms are generated automatically using AI systems to improve response time and service efficiency.

1. Information We Collect

We collect only the data necessary to provide and improve our services.

• Client Information: Names, email addresses, phone numbers, and business details required to create and manage accounts.
• Conversational Data: Messages processed through SautiCloud (e.g., customer inquiries, product requests, and transaction-related communication via WhatsApp).
• Payment Data: Transaction references, payment confirmations, and metadata from M-Pesa integrations. We do not store sensitive financial credentials.
• Operational Data: Business data such as inventory, bookings, appointments, and order details required to run automated workflows.
• Technical Logs: System logs, analytics, and performance data used to maintain reliability and improve services.

2. How We Use Your Information

We use collected data strictly for legitimate business and operational purposes.

• Service Delivery: To operate SautiCloud and automate customer interactions and workflows.
• Payment Processing: To verify transactions and generate invoices or receipts.
• Order & Appointment Management: To manage bookings, orders, and service fulfillment.
• Analytics & Improvement: To monitor system performance and improve user experience.
• Security & Compliance: To detect abuse, enforce policies, and comply with legal obligations.

Our lawful basis for processing includes contractual necessity, legitimate interests, and user consent where applicable.

3. Sharing and Third-Party Integration

We do not sell or rent personal data. Data is only shared where necessary to provide our services.

• WhatsApp (Meta Platforms): Messages are processed via the WhatsApp Business Platform.
• Payment Providers: Transaction data is shared with Safaricom (M-Pesa) for payment processing and verification.
• Cloud Infrastructure: Data may be processed and stored on secure cloud servers to ensure system reliability and scalability.

All third-party integrations are selected based on strong security and compliance standards.

Data may be processed or stored outside Kenya where our infrastructure providers operate. In such cases, we ensure appropriate safeguards are in place.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect data.

• Encryption: Data is transmitted and stored using secure encryption protocols.
• Access Control: Access to data is restricted to authorized personnel only.
• System Integrity: We maintain secure, monitored systems designed to prevent unauthorized access, loss, or misuse.

5. Data Retention

• Active Subscriptions Only: We retain data strictly for the duration of an active subscription or service agreement.
• Deletion on Request: Clients may request deletion of their data at any time, and we will securely delete it unless legally required to retain it.
• Deletion Timeline: Verified deletion requests are processed within 7–30 days.
• Minimal Retention Principle: We do not retain data longer than necessary for operational purposes.

6. Your Rights

In accordance with the Kenya Data Protection Act, users have the right to:

• Access the personal data we hold about them
• Request correction of inaccurate data
• Request deletion of their data
• Object to or restrict certain processing activities
• Withdraw consent where processing is based on consent

Requests can be made by contacting us using the details below. You may also contact our data protection team for any privacy-related concerns.

7. WhatsApp Business Compliance

Our services integrate with the WhatsApp Business Platform. We adhere to Meta’s requirements, including:

• User Consent: End-users must explicitly opt in to receive messages from businesses using our platform. We do not initiate unsolicited communication.
• No Unsolicited Messaging: We do not send messages without prior user interaction, consent, or a permitted business-initiated context.
• Limited Use: We use WhatsApp data strictly to provide requested services and do not use it for advertising, resale, or profiling.
• Opt-Out: Users may opt out at any time by replying with commands such as "STOP" or by contacting the business directly.
• Data Role Clarity: Businesses using our platform act as data controllers, while we act as a data processor handling WhatsApp data on their behalf.
• Compliance Enforcement: Businesses are responsible for ensuring lawful collection of user consent before initiating communication.