Privacy Policy

Information We Collect

 

Personal Information

We collect information you provide directly to us, including:

• Business name, registration details, and contact information

• M-PESA business account details and transaction data

• Contact person details (names, phone numbers, email addresses)

• Business location and operational information

• Financial information related to transactions and commissions

Customer Data

Through our cashback service, we process:

• Customer phone numbers for M-PESA transactions

• Transaction amounts and timestamps

• Purchase patterns and frequency data

• Cashback amounts and payment confirmations

Technical Information

We automatically collect certain technical information:

• Device information and browser type

• IP addresses and location data

• Usage patterns and platform interactions

• System logs and error reports

 

 

How We Use Your Information

 

Service Provision

• Process cashback transactions and commission payments

• Maintain and improve our loyalty platform

• Provide customer support and technical assistance

• Monitor system performance and security

Business Operations

• Verify merchant identity and business legitimacy

• Calculate and distribute commission payments

• Generate analytics and business insights

• Comply with legal and regulatory requirements

Communication

• Send transaction confirmations and payment notifications

• Provide platform updates and service announcements

• Respond to inquiries and support requests

• Share marketing communications (with consent)

 

 

 

Data Protection & Security

 

Security Measures

We implement comprehensive security measures to protect your data:

• End-to-end encryption for all data transmission

• Secure data storage with regular backups

• Multi-factor authentication for system access

• Regular security audits and vulnerability assessments

• Compliance with international security standards

Access Controls

• Role-based access to sensitive information

• Regular access reviews and permission updates

• Secure authentication protocols

• Audit trails for all data access activities

Data Retention

We retain your data only as long as necessary for business purposes and legal compliance. Transaction data is kept for 7 years, while personal data is anonymized after 2 years of account inactivity.

​

 

 

Information Sharing & Disclosure

 

Third-Party Partners

We may share information with trusted partners for:

• Safaricom for M-PESA transaction processing

• Analytics providers for service improvement

• Cloud service providers for data storage and processing

• Legal and compliance advisors when required

Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to the same privacy protections.

​

 

 

Your Rights & Choices

 

Data Subject Rights

Under the Kenya Data Protection Act 2019, you have the right to:

• Access your personal data and obtain copies

• Correct inaccurate or incomplete information

• Request deletion of your data (subject to legal requirements)

• Object to processing for marketing purposes

• Request data portability to another service provider

• Withdraw consent where processing is based on consent

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer at privacy@edomx.co.ke. We will respond to your request within 30 days and may require verification of your identity.

Marketing Communications

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly. This will not affect transactional communications related to your service.