Privacy Policy

Last updated: 22 April 2026

Your privacy matters to us. This policy explains what data we collect, why we collect it, and how we protect it. We will never sell your personal data.

1. Overview

Faida360 ("we", "us", "our") is committed to protecting the privacy of our customers and their end users. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Faida360 platform ("Service").

This policy applies to all users of the Faida360 platform, including shop owners, administrators, cashiers, and customers whose data is processed through the platform.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

2.1 Account & Registration Data

When you register for Faida360, we collect:

  • Business name, trading name, and slug (URL code)
  • Contact information - phone number and email address
  • Physical address, town and county
  • KRA PIN and VAT registration number (if applicable)
  • Username and hashed password (we never store plain-text passwords)
  • Industry type

2.2 Business Operations Data

Data generated as you use the platform:

  • Sales data - receipt numbers, line items, amounts, payment methods, dates and times
  • Inventory data - product names, prices, stock levels, categories
  • Customer data - names, phone numbers, ID numbers, credit balances (only for customers you register)
  • Supplier data - business names, contact details, KRA PINs
  • Staff data - names, usernames, roles, login timestamps

2.3 Technical Data

  • IP addresses (logged in activity records for security)
  • Browser type and version
  • Device type (desktop, tablet, mobile)
  • Session data and cookies
  • Error logs and performance data

2.4 Payment Data

  • M-Pesa transaction codes and phone numbers (for subscription payments)
  • Subscription billing history

We do not store full M-Pesa PINs or bank card numbers. All payment processing happens through M-Pesa's own secure systems.

We collect only the minimum data necessary to provide the Service. You control what customer and product information you enter.

3. How We Use Your Data

We use the data we collect to:

  • Provide the Service - process sales, manage inventory, generate reports and receipts
  • KRA compliance - submit sales data to KRA eTIMS on your behalf
  • Billing - process subscription payments and send payment reminders
  • Support - respond to your support requests and troubleshoot issues
  • Security - detect and prevent fraud, abuse, and unauthorised access
  • Improvements - analyse usage patterns to improve features (using aggregated, anonymised data only)
  • Legal obligations - comply with applicable Kenyan law
  • Communication - send you important service updates, billing notices, and (with your consent) product news

We do not use your data for third-party advertising. We do not sell your data to data brokers or marketers.

4. Data Sharing

We do not sell or rent your personal data. We share your data only in the following limited circumstances:

4.1 KRA (Kenya Revenue Authority)

Sales and invoice data is transmitted to KRA's eTIMS system as required by Kenyan tax law. This is the core compliance function of Faida360 and is done on your explicit instruction when you configure eTIMS integration.

4.2 M-Pesa / Safaricom

When processing M-Pesa payments, transaction data is shared with Safaricom's Daraja API as necessary to complete the payment. This is subject to Safaricom's own privacy policy.

4.3 Hosting & Infrastructure

Our platform runs on shared hosting infrastructure. The hosting provider has access to server-level data but is bound by confidentiality agreements.

4.4 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority in Kenya, or to protect the rights, property, or safety of Faida360, our users, or the public.

We will never share your customers' personal data (names, phone numbers, ID numbers) with any third party other than as described above.

5. KRA eTIMS Data

When you connect Faida360 to KRA eTIMS, we transmit the following data to KRA on your behalf for each sale:

  • Invoice number and date
  • Line item descriptions, quantities, and amounts
  • VAT and excise duty breakdowns
  • Payment method code
  • Your KRA PIN and OSCU serial number
  • Customer KRA PIN (if the customer is a registered business and you enter their PIN)

This data is transmitted to KRA's servers which are subject to KRA's own data policies. By using the eTIMS integration, you acknowledge and consent to this transmission.

We log all API calls to KRA for debugging and compliance auditing. These logs are retained for 12 months.

6. M-Pesa Data

When cashiers record M-Pesa payments, we store the M-Pesa transaction code and the paying phone number as part of the sale record. This helps with reconciliation and dispute resolution.

For STK Push payments (where Faida360 sends a prompt to the customer's phone), we transmit the customer's phone number to Safaricom's Daraja API to initiate the payment request. We store the checkout request ID and final transaction result.

M-Pesa PINs are never transmitted to or stored by Faida360. PIN entry happens directly on the customer's device through Safaricom's own system.

7. Data Retention

We retain your data for the following periods:

  • Active accounts - data is retained for as long as your account is active
  • Suspended accounts - data is retained for 30 days after suspension, then deleted
  • Cancelled accounts - data is retained for 30 days after cancellation, then deleted
  • KRA eTIMS logs - retained for 7 years as required by Kenyan tax law
  • Activity logs - retained for 12 months
  • Backup copies - may persist for up to 30 additional days after deletion

You can request early deletion of your data by contacting us, subject to our legal retention obligations.

8. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction:

  • Passwords are hashed using bcrypt with a work factor of 12 - never stored in plain text
  • All data transmission uses HTTPS/TLS encryption
  • Database access is restricted to application-level queries only
  • eTIMS credentials (passwords and CMC keys) are stored encrypted
  • Admin access is protected by separate credentials and session management
  • Activity logs track all significant actions for accountability
  • Regular backups are maintained

While we take every reasonable precaution, no system is completely secure. If you suspect a security breach affecting your account, contact us immediately at info@faida360.co.ke.

9. Your Rights

As a user of Faida360, you have the right to:

Access

Request a copy of the personal data we hold about you and your business.

Correction

Request correction of inaccurate personal data through the Settings page or by contacting us.

Deletion

Request deletion of your account and data, subject to legal retention requirements.

Portability

Request an export of your data in CSV or PDF format within 5 business days.

Objection

Object to certain processing of your data, including marketing communications.

Unsubscribe

Opt out of marketing emails at any time using the unsubscribe link or by contacting us.

To exercise any of these rights, contact us at info@faida360.co.ke. We will respond within 5 business days.

10. Cookies

Faida360 uses cookies and similar technologies to operate the platform:

  • Session cookies - required for login and authentication. These are deleted when you close your browser.
  • Security cookies - used for CSRF protection to prevent cross-site request forgery attacks.

We do not use advertising cookies, third-party tracking cookies, or analytics platforms that share data with advertisers.

The landing pages (this website) do not use any tracking cookies. If you disable cookies in your browser, the Faida360 platform (dashboard, POS, etc.) will not function correctly as login requires session cookies.

11. Children's Privacy

The Faida360 platform is not directed at children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email or by displaying a notice in the platform at least 14 days before changes take effect.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when it was last revised.

13. Contact

If you have questions, concerns, or requests regarding your privacy or this policy, please reach us:

Majengo, Malindi, Kilifi County, Kenya
info@faida360.co.ke
+254 707 412 795
WhatsApp: +254 707 412 795
Chat with us