Privacy Policy
Last updated: 2026
Who we are
Kitabu Yetu provides digital bookkeeping for chamas, SACCOs, welfare groups and investment clubs. This policy explains how we handle personal data in line with the Kenya Data Protection Act, 2019.
Information we collect
Account and member details you provide (name, phone, national ID, email), group financial records you enter, and M-Pesa transaction metadata required to reconcile contributions and disbursements.
How we use it
To operate your group ledger, reconcile M-Pesa payments, send transactional SMS/email, generate reports and credit scores, and keep an auditable record. We do not sell your personal data.
Data storage & security
Data is encrypted in transit (TLS) and at rest, and isolated per group using database row-level security so one group can never see another’s data. Access is role-based and logged.
Sharing
We share data only with the processors needed to run the service (e.g. Safaricom Daraja for M-Pesa, our SMS/email providers) and where required by law. NGO coordinators see only the groups in their program.
Your rights
You may request access to, correction of, or deletion of your personal data, and withdraw consent. Deletions are soft-deletes with an audit trail where retention is legally required for financial records.
Retention
Financial transaction records are retained for the period required by Kenyan regulations. Other personal data is kept only as long as needed to provide the service.
Contact
For any privacy request, contact support@kitabuyetu.co.ke.