FlexiDuka
Start Free

Legal

Privacy Policy

Last updated: June 12, 2026

1. Introduction

FlexiDuka ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it. By using the FlexiDuka platform you agree to the practices described here.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: Name, email address, and password when you register.
  • Store information: Store name, business name, phone number, and store configuration details you provide.
  • Payment information: M-Pesa shortcode and related settings. We do not store card numbers or M-Pesa PINs.
  • Order data: Customer names, phone numbers, and order details submitted through your storefront.
  • Usage data: IP addresses, browser type, pages visited, and interaction data collected automatically.

3. How We Use Your Information

We use your information to:

  • Create and manage your merchant account and storefront.
  • Process subscription payments via M-Pesa.
  • Send transactional emails (order alerts, account notifications).
  • Provide customer support.
  • Improve the platform through aggregated, anonymised analytics.
  • Comply with legal obligations.

We do not sell your personal data to third parties.

4. Customer Data on Your Storefront

When customers place orders on your storefront, their personal details (name, phone number, email, delivery address) are stored in your merchant account. As a merchant you are the data controller for your customers' information and are responsible for handling it in accordance with applicable data protection laws.

5. Sharing of Information

We may share your information with:

  • Safaricom: To process M-Pesa payments via the Daraja API.
  • Email service providers: To deliver transactional and account emails.
  • Hosting providers: To operate and maintain the platform infrastructure.
  • Law enforcement: When required by law or to protect the rights and safety of users.

6. Data Retention

We retain your account data for as long as your account is active. If you close your account, we may retain certain data for up to 12 months for legal, tax, and fraud-prevention purposes, after which it is deleted or anonymised.

7. Security

We use industry-standard security practices including encrypted data transmission (HTTPS), hashed passwords, and access controls to protect your information. No system is completely secure; we encourage you to use a strong, unique password for your account.

8. Cookies

We use essential cookies to keep you logged in and to maintain your session. We do not use advertising or tracking cookies. You can disable cookies in your browser, but some features of the platform may not work correctly as a result.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Object to or restrict our processing of your data.
  • Receive your data in a portable format.

To exercise any of these rights, contact us at support@flexiduka.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice in your dashboard. Continued use of the platform after changes take effect constitutes your acceptance of the revised policy.

11. Contact

For privacy-related questions or requests, contact us at support@flexiduka.com.