Privacy Policy

Introduction

Wappi (“we,” “us,” or “our”) operates the Wappi mobile application and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

We are committed to protecting your privacy and handling your data in accordance with the Kenya Data Protection Act, 2019, and applicable data protection regulations.

By using Wappi, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

Information We Collect

Information You Provide

When you create an account and use Wappi, you may provide:

  • Account information: email address, username, and password
  • Profile information: full name, date of birth, gender (optional), and bio (optional)
  • Preferences: category preferences, neighbourhood preferences, and price range preferences
  • Content interactions: plans you save, like, or share

Information Collected Automatically

When you use the Service, we automatically collect:

  • Usage data: pages viewed, plans browsed, search queries, features used, and interaction patterns
  • Device information: device type, operating system, app version, and unique device identifiers
  • Log data: access times, session duration, and error reports

Information From Third-Party Services

We use third-party services that may collect information on our behalf:

  • Analytics providers collect usage and performance data to help us understand how the Service is used and to improve it

We do not purchase or acquire personal data from data brokers or other third-party sources.

How We Use Your Information

We use the information we collect to:

  • Provide the Service: display plans, enable search and filtering, and allow you to save and share plans
  • Personalise your experience: learn your preferences over time and surface plans that are relevant to your interests
  • Communicate with you: send transactional emails (account verification, password resets) via our email service provider
  • Improve the Service: analyse usage patterns to identify issues, improve features, and develop new functionality
  • Ensure security: detect and prevent fraud, abuse, and unauthorised access

We do not use your information for automated decision-making that produces legal or similarly significant effects.

How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

  • Service providers: we use third-party services to operate the Service, including authentication, email delivery, analytics, and venue data. These providers process data on our behalf and are contractually required to protect it.
  • Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: if Wappi is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With your consent: we may share information for purposes not described here, but only with your explicit consent.

Data Storage and Security

Your data is stored on secure servers hosted by our infrastructure provider. We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Hashed passwords (we never store passwords in plain text)
  • Session management with automatic expiry
  • Access controls limiting who can access personal data

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: retained while your account exists. If you deactivate your account, your data is retained for 30 days in case you wish to reactivate, then permanently deleted.
  • Usage data: retained in aggregated, anonymised form for analytics purposes. Individual usage records are retained for up to 12 months.
  • Session data: automatically expires based on session settings (24 hours for standard sessions, up to 30 days for “remember me” sessions).

Your Rights

Under the Kenya Data Protection Act, 2019, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete personal data
  • Deletion: request deletion of your personal data, subject to legal obligations
  • Object: object to the processing of your personal data in certain circumstances
  • Portability: request your data in a structured, commonly used format
  • Withdraw consent: withdraw your consent to data processing at any time, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, contact us at support@wappi.co.ke. We will respond to your request within 30 days.

Children’s Privacy

Wappi is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this document and, where appropriate, notify you through the app or by email.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@wappi.co.ke