Privacy Policy

1. Introduction

Nafasi AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services. This policy complies with the Data Protection Act, 2019 of the Republic of Kenya and international best practices.

By accessing or using Nafasi AI services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our services.

2. Information We Collect

2.1 Personal Information

We collect information that identifies, relates to, or could reasonably be linked with you, including:

• Name and contact information (email address, phone number)
• Company information (company name, size, industry)
• Account credentials (username, encrypted password)
• Payment information (processed through Stripe)
• Profile information and preferences

2.2 Business Information

When using our platform, you may provide:

• Workplace accessibility audit data
• Job descriptions and requirements
• Company policies and procedures
• Employee information (anonymized where possible)

2.3 Automatically Collected Information

We automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Location data (country, city - derived from IP address)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, operate, and maintain our AI-powered accessibility platform
• Account Management: To create and manage your account and subscription
• AI Analysis: To process your data through our AI models to generate recommendations and reports
• Communication: To send you service updates, security alerts, and support messages
• Improvement: To analyze usage patterns and improve our services
• Compliance: To comply with legal obligations under Kenyan law
• Security: To detect, prevent, and address technical issues and fraudulent activity

4. Data Storage and Security

4.1 Security Measures

We implement industry-standard security measures to protect your data:

• End-to-end encryption for data in transit (TLS/SSL)
• Encryption at rest for stored data
• Multi-tenant architecture with strict data isolation
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures

4.2 Data Storage Location

Your data is primarily stored on secure cloud servers. While our servers may be located outside Kenya, we ensure that all data processing complies with the Data Protection Act, 2019 and international data transfer regulations.

4.3 Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

5. Your Rights Under Kenyan Law

Under the Data Protection Act, 2019 of Kenya, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to our processing of your personal data
• Right to Withdraw Consent: Withdraw your consent at any time
• Right to Lodge a Complaint: File a complaint with the Office of the Data Protection Commissioner of Kenya

To exercise any of these rights, please contact us at privacy@nafasi.ai.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. Cookies are small data files stored on your device. We use:

• Essential Cookies: Required for the platform to function properly
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences

For more information, please read our Cookie Policy.

7. Third-Party Services

We use trusted third-party service providers to help us operate our platform:

• Stripe: Payment processing (PCI-DSS compliant)
• Firebase: Authentication and database services
• OpenAI: AI model processing
• Pinecone: Vector database for AI recommendations
• Google Cloud Platform: Cloud infrastructure and services

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

8. International Data Transfers

Your information may be transferred to and processed in countries outside Kenya. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the Data Protection Commissioner
• Ensuring recipients are in countries with adequate data protection laws
• Implementing additional security measures as required by Kenyan law

9. Children's Privacy

Nafasi AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification for material changes

You are advised to review this Privacy Policy periodically for any changes. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

Office of the Data Protection Commissioner (Kenya):
If you are not satisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner at www.odpc.go.ke