Privacy Policy

Introduction

At Kanitha Systems, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use our church management platform. We've written this in plain language because we believe you deserve to understand exactly what happens with your data.

Our platform is designed specifically for churches and religious organizations in Kenya and across East Africa. We understand that you're entrusting us with sensitive information about your congregation, and we don't take that responsibility lightly.

What Information We Collect

Information You Give Us Directly

When you register your church or create an account, we collect basic details like your name, email address, phone number, and church information. If you're setting up giving features, we'll also need payment details - though we want to be clear that we don't store full credit card numbers on our servers. That's handled by our payment partners who specialize in secure transactions.

For church members using the portal, we collect whatever information your church administrators choose to add. This might include contact details, family relationships, giving history, and ministry involvement. Your church controls what goes in here, not us.

Information We Collect Automatically

Like most websites, we collect some technical information when you use our platform. This includes your IP address, browser type, device information, and how you interact with our service. We use this to keep things running smoothly, fix bugs, and improve the user experience. For example, if we notice many users struggling with a particular feature, we know we need to make it better.

We also use cookies - small files stored on your device that help us remember your preferences and keep you logged in. You can disable cookies in your browser settings, though some features might not work as well if you do.

How We Use Your Information

Here's what we actually do with your data:

• Running the platform. Obviously, we need your information to provide the service you signed up for. This includes managing your church database, processing giving transactions, sending communications, and generating reports.
• Keeping things secure. We monitor for suspicious activity and unauthorized access. If something looks off, we'll investigate and may reach out to you.
• Improving our service. We analyze usage patterns (in aggregate, not individual behavior) to understand what features people use most and where we can do better.
• Customer support. When you contact us for help, we'll use your information to assist you and resolve any issues.
• Legal compliance. Sometimes we're required by Kenyan law to collect or retain certain information. We'll only do this when legally necessary.

We won't sell your data to advertisers or use it for purposes you haven't agreed to. That's not our business model, and frankly, it's not how we want to operate.

Sharing Your Information

We're pretty protective of your data, but there are a few situations where we share it:

Service Providers

We work with trusted third-party companies that help us run the platform. This includes cloud hosting providers (for storing your data), payment processors (for handling transactions), and email services (for sending notifications). These companies are contractually obligated to protect your information and can only use it for the specific services they provide to us.

Legal Requirements

If we receive a valid legal request from Kenyan authorities - like a court order or subpoena - we may need to disclose certain information. We'll always review such requests carefully and only provide what's legally required. Where possible, we'll notify you before disclosing your information, unless we're prohibited from doing so.

Business Transfers

If Kanitha Systems is acquired by or merges with another company, your information would be transferred to the new entity. We'd notify you before this happens and explain any changes to how your data is handled.

Data Security

We take security seriously. Your data is encrypted both when it's transmitted over the internet and when it's stored on our servers. We use industry-standard security measures including firewalls, secure data centers, and regular security audits.

That said, no system is 100% secure. While we do everything reasonably possible to protect your information, we can't guarantee absolute security. If we ever experience a data breach that affects your information, we'll notify you promptly and explain what happened and what we're doing about it.

On your end, please keep your password secure and don't share it with others. If you think your account has been compromised, change your password immediately and let us know.

Your Rights Under Kenyan Law

The Kenya Data Protection Act gives you several important rights regarding your personal information:

• Access: You can request a copy of the personal information we hold about you.
• Correction: If your information is inaccurate or incomplete, you can ask us to correct it.
• Deletion: You can request that we delete your personal information, subject to certain legal limitations.
• Objection: You can object to how we process your data in certain circumstances.
• Portability: You can request your data in a format that allows you to transfer it to another service.
• Withdraw consent: If we're processing your data based on your consent, you can withdraw that consent at any time.

To exercise any of these rights, just send us an email at privacy@kanitha.co.ke. We'll respond within 30 days.

Data Retention

We keep your information for as long as your account is active or as needed to provide you services. If you close your account, we'll give you 30 days to export your data before we start the deletion process. Some information may be retained longer if required by law (for example, financial records for tax purposes) or to resolve disputes.

Backup copies of your data may persist in our systems for up to 90 days after deletion, but these are isolated and not accessible for normal operations.

Children's Privacy

Our platform isn't designed for children under 13, and we don't knowingly collect information from them. If you're a church administrator entering information about children in your congregation (for Sunday School records, for example), you're responsible for obtaining appropriate consent from parents or guardians.

If we discover that we've inadvertently collected information from a child under 13 without proper consent, we'll delete it as quickly as possible.

International Data Transfers

Your data is primarily stored on servers located in Kenya or within East Africa. However, some of our service providers may process data outside Kenya. When this happens, we ensure appropriate safeguards are in place to protect your information in accordance with Kenyan data protection standards.

Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we'll notify you by email or through a prominent notice on our platform. We encourage you to review this policy periodically to stay informed about how we're protecting your information.

The "Last Updated" date at the top of this page shows when we last revised the policy. Your continued use of our platform after changes are posted means you accept the updated policy.

Contact Us

If you have questions, concerns, or complaints about this privacy policy or how we handle your data, we want to hear from you. You can reach us at:

If you're not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya.