Privacy Policy
Last Updated: March 2026
Version 2.1 (GDPR & KDPA Compliant)
At NetHub, we treat data security as a core engineering requirement, not an afterthought. This policy outlines how we handle data within the Kenyan digital ecosystem.
1. Data Collection & Processing
NetHub collects information necessary to provide enterprise-grade digital services, categorized under the following scopes:
- Identity Data: Name, professional email, and phone numbers voluntarily provided via our intake forms for consultation purposes.
- M-Pesa Transaction Metadata: For clients utilizing our Daraja API integrations, we process transaction IDs, amounts, and timestamps. We never see, store, or transmit customer PINs or private credentials.
- Technical Logs: IP addresses and browser types collected for security monitoring and prevention of DDoS attacks on our infrastructure.
Compliance with Kenyan Law
"In strict accordance with the Kenya Data Protection Act (2019), NetHub acts as both a Data Controller (for our direct clients) and a Data Processor (for M-Pesa integrations). We ensure all processing is localized where required and protected by enterprise-grade encryption."
2. Data Sharing & Retention
We do not monetize or sell user data. Sharing occurs only within these strict technical parameters:
- Service Providers: Secure transmission to Safaricom PLC (for M-Pesa processing) and AWS/Vercel (for cloud hosting).
- Retention Policy: Contact information is kept for the duration of our professional relationship. Transaction logs are retained only as long as necessary for financial reconciliation.
3. Technical Security Standards
Our engineering team implements the following safeguards:
Encryption
AES-256 at rest and TLS 1.3 in transit.
Access Control
Multi-factor authentication (MFA) for all internal systems.
4. Your Statutory Rights
Under the KDPA (2019), you have the right to access, rectify, or request the deletion of your personal data. To exercise these rights, please contact our Data Protection Officer at:
legal@nethub.co.ke