1. Who We Are
Afrisyntech ("we", "us", "our") is an Artificial Intelligence and Software Development company incorporated and operating in Kenya. Our registered office is in Nairobi, Kenya.
We provide AI automation, system integration, business intelligence, and custom software development services primarily to Small and Medium Enterprises (SMEs) across Kenya and East Africa.
For the purposes of applicable data protection law — including Kenya's Data Protection Act, 2019 (Cap. 411C) — Afrisyntech is the Data Controller responsible for the personal information you provide to us.
Data Protection Contact: privacy@afrisyntech.com
2. Data We Collect
We collect personal data only when you actively provide it or when it is generated through your use of our services. We never collect more than is necessary.
2.1 Data You Provide Directly
- Identity data — your full name, job title, company name
- Contact data — email address, phone number (including WhatsApp), physical address
- Account credentials — username and password for client portal access
- Communication data — messages, enquiries, audit responses, and feedback you send to us
- Business data — workflow details, operational data, and business information you share during consultations or engagements
- Payment data — billing name and M-Pesa / bank transaction references (we do not store full payment card details)
2.2 Data Collected Automatically
- Technical data — IP address, browser type and version, operating system, device identifiers
- Usage data — pages visited, time on page, click paths, referral sources
- Cookie data — session cookies and analytics cookies (see Section 6)
2.3 Data from Third Parties
- Business contact details from LinkedIn or professional directories where you have made them publicly available
- Referral information when a partner or client refers you to us
- Publicly available information for KYC (Know Your Customer) verification purposes
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Examples | Legal Basis |
|---|---|---|
| Deliver our services | Implementing automations, deploying integrations, providing access to dashboards | Contract performance |
| Respond to enquiries | Replying to contact forms, WhatsApp messages, email support | Legitimate interest / consent |
| Account management | Creating and managing client portal accounts, invoicing | Contract performance |
| Marketing communications | Sending newsletters, AI insights, service updates (opt-in only) | Consent |
| Analytics & improvement | Understanding website traffic, improving user experience | Legitimate interest |
| Legal compliance | Meeting tax, audit, or regulatory obligations under Kenyan law | Legal obligation |
| Security | Detecting fraud, preventing unauthorised access, monitoring threats | Legitimate interest |
We will never use your data for automated decision-making that produces significant legal effects on you without your knowledge or consent.
4. Legal Basis for Processing
Under Kenya's Data Protection Act, 2019, we only process personal data where we have a valid lawful basis to do so. The grounds we rely on are:
- Consent — where you have freely given, specific, and informed agreement (e.g. subscribing to our newsletter). You may withdraw consent at any time.
- Performance of a contract — where processing is necessary to fulfil our service agreement with you.
- Legal obligation — where we must process data to comply with Kenyan law, tax regulations, or lawful government orders.
- Legitimate interests — where processing is necessary for our genuine business purposes, provided it does not override your fundamental rights.
5. Sharing & Disclosure
We do not sell, trade, or rent your personal data. We only share it in the circumstances below:
- Service providers & sub-processors — trusted vendors we use to deliver our services, such as cloud hosting providers (e.g. AWS, Google Cloud), payment processors, email delivery platforms, and analytics tools. All are contractually bound to data protection standards.
- Business partners — where you have engaged a joint project or referral, and you have been informed in advance.
- Legal authorities — where required by Kenyan law, court order, or lawful government request, or to protect the safety or rights of Afrisyntech, our clients, or the public.
- Business transfers — in the event of a merger, acquisition, or asset sale, personal data may be transferred to a successor entity under equivalent protections. You will be notified in advance.
6. Cookies & Tracking Technologies
Our website uses cookies and similar technologies to enhance your experience and help us improve our services. The types of cookies we use are:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Enable core website functions such as session management and security. Cannot be disabled. | Session |
| Analytics | Measure traffic and user behaviour (e.g. Google Analytics) to improve performance. Anonymised. | Up to 2 years |
| Functional | Remember your preferences (e.g. language, form inputs) to personalise your experience. | Up to 1 year |
| Marketing | Used only if you have opted in, to deliver relevant content across platforms. | Up to 1 year |
You may manage or disable cookies through your browser settings at any time. Note that disabling certain cookies may affect website functionality.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting obligations.
- Client account data — retained for the duration of the service relationship plus 7 years (in line with Kenyan financial record-keeping requirements)
- Marketing contact data — retained until you unsubscribe or withdraw consent
- Website analytics data — retained in anonymised form for up to 26 months
- Support communications — retained for 3 years from the date of last contact
- Transaction records — retained for 7 years as required by the Kenya Revenue Authority
After the applicable retention period, data is securely deleted, anonymised, or pseudonymised.
8. Security Measures
We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or disclosure.
- All data in transit is encrypted using TLS 1.2+ (HTTPS)
- Data at rest is encrypted using AES-256 encryption
- Access to personal data is role-based and limited to authorised personnel only
- We conduct regular internal security reviews and vulnerability assessments
- Our cloud infrastructure providers maintain ISO 27001 and SOC 2 certifications
- Staff who handle personal data receive regular data protection training
9. Your Rights
Under the Kenya Data Protection Act, 2019, you have the following rights regarding your personal data:
Access
Request a copy of the personal data we hold about you.
Rectification
Correct inaccurate or incomplete personal data.
Erasure
Request deletion of your data where there is no lawful reason to retain it.
Restriction
Request that we limit how we process your data in certain circumstances.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent
Withdraw consent at any time without affecting past processing.
Lodge a Complaint
Complain to Kenya's Office of the Data Protection Commissioner.
To exercise any of your rights, contact us at privacy@afrisyntech.com or via our contact page. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
You may also file a complaint with the Office of the Data Protection Commissioner of Kenya (ODPC) at www.odpc.go.ke.
10. Children's Privacy
Our services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18.
If you believe a minor has submitted personal data to us, please contact us immediately at privacy@afrisyntech.com and we will take prompt steps to delete such data.
11. Third-Party Links
Our website may contain links to third-party websites, tools, or platforms (for example, WhatsApp, LinkedIn, or partner sites). We are not responsible for the privacy practices of those external services.
We encourage you to review the privacy policies of any third-party site before submitting personal information to them.
12. International Data Transfers
Some of our third-party service providers may process your data outside of Kenya (for example, on servers in the European Union or the United States). Where this occurs, we ensure appropriate safeguards are in place:
- We only use providers that comply with recognised international data protection standards
- Appropriate contractual protections (standard contractual clauses or equivalent) are in place
- We assess the adequacy of protection in the recipient country before transferring data
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The "Last Updated" date at the top of this page will always reflect the most recent revision.
For material changes that significantly affect your rights, we will notify you via email or by placing a prominent notice on our website at least 14 days before the changes take effect.
Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Policy.
14. Contact Us
If you have any questions, concerns, or requests about this Privacy Policy or how we handle your data, please reach us through any of the following channels:
- Email: privacy@afrisyntech.com
- WhatsApp: +254 116 217 380
- Website: Contact Page
- Office: Nairobi, Kenya
We aim to acknowledge all data-related requests within 5 business days and resolve them within 30 days.
Questions about your data?
Our team is ready to help with any privacy concern or data request.