Privacy Policy
Last updated: 1 April 2026 · Compliant with the Kenya Data Protection Act, 2019.
NSE Insights Kenya Limited (we) respects your privacy. This policy explains what personal data we collect, why we collect it, and the choices you have. We are the data controller for personal data processed through the Service.
1. Data we collect
| Category | Examples | Purpose |
|---|---|---|
| Account | Name, email, encrypted password | Create and secure your account |
| Billing | Subscription tier, invoice metadata, last 4 digits of card (from Stripe), M-Pesa receipt numbers | Process payments, issue receipts |
| Usage | Pages visited, features used, device and browser info, IP address | Improve the Service, detect abuse |
| Support | Emails, chat transcripts | Respond to your questions |
2. Lawful basis for processing
- Contract: account, billing and core dashboard features;
- Legitimate interests: analytics, security, fraud prevention;
- Consent: marketing emails (opt-in; unsubscribe any time);
- Legal obligation: tax and accounting records, law-enforcement requests.
3. Who we share data with
We use trusted service providers strictly as data processors under written contracts:
- Supabase / PostgreSQL hosting — account and profile storage (data hosted in AWS EU-West-1).
- Stripe Inc. — card payments (PCI DSS Level 1). Stripe's privacy notice applies to card data.
- Safaricom PLC — M-Pesa payment processing under the Daraja API.
- Email delivery (e.g. Resend, Postmark) — transactional emails only.
We do not sell your personal data. We may disclose data if legally compelled, or to protect our rights, users and the public from fraud or harm.
4. International transfers
Some processors operate outside Kenya. Transfers rely on standard contractual clauses or equivalent safeguards as required by the Kenya Data Protection Act, 2019.
5. How long we keep data
Account data is retained while your account is active and for 24 months after closure. Billing records are retained for 7 years as required by Kenyan tax law. Usage logs are retained for 12 months.
6. Your rights
Under the Kenya Data Protection Act, 2019 you can:
- Access the data we hold about you;
- Correct inaccurate data;
- Delete your account (subject to our legal retention obligations);
- Export your data in machine-readable format;
- Object to processing for marketing or legitimate-interest purposes;
- Lodge a complaint with the Office of the Data Protection Commissioner (odpc.go.ke).
Email privacy@nseinsights.co.ke to exercise any of these rights. We respond within 30 days.
7. Cookies
We use essential cookies to keep you signed in and to remember preferences (e.g. light/dark mode). We also use anonymous analytics to understand aggregate usage. You can control cookies from your browser settings. We do not use cross-site advertising trackers.
8. Security
We use TLS encryption in transit, encryption at rest, role-based access controls, and regular backups. Despite our safeguards, no system is 100% secure — report any suspected incident to security@nseinsights.co.ke.
9. Children
The Service is not directed at persons under 18. We do not knowingly collect data from minors. If you believe we have, contact us and we'll delete it.
10. Contact
NSE Insights Kenya Limited · Nairobi, Kenya · Data Protection Officer: privacy@nseinsights.co.ke.