Privacy Policy

We collect information you provide directly, including: • Account information: name, email address, phone number, and password when you register. • Payment information: M-Pesa phone number or card details processed securely via Safaricom Daraja API and Stripe. We never store raw card numbers. • Learning data: course progress, quiz answers, assignment submissions, AI Tutor conversations, and certificate completions. • Device and usage data: IP address, browser type, device identifiers, pages visited, and time spent on the platform.

We use your information to: • Provide, operate, and improve the Datika platform. • Personalise your learning experience and AI Tutor responses. • Process payments and prevent fraud. • Send transactional emails (receipts, certificate issuance, session reminders). • Send marketing communications — only with your explicit consent, and you can unsubscribe at any time. • Comply with legal obligations under Kenyan law, including the Data Protection Act 2019.

We do not sell your personal data. We share data only with: • Service providers: AWS (hosting), Stripe (payments), Safaricom Daraja (M-Pesa), OpenAI (AI Tutor), Mailgun (email). All are bound by data processing agreements. • Academic partners: Anonymised, aggregated learning outcomes for curriculum review only. • Legal requirements: When required by Kenyan courts or regulatory authorities. We will always notify you of material changes to data sharing practices.

Your data is stored on AWS infrastructure with servers in the eu-west-1 and af-south-1 regions. We apply: • AES-256 encryption at rest for all personal data. • TLS 1.3 for all data in transit. • Role-based access controls — only authorised staff can access user data. • Regular third-party security audits. We retain your account data for as long as your account is active, plus 7 years for financial records as required by Kenyan law.

Under the Kenya Data Protection Act 2019 and GDPR (for EU residents), you have the right to: • Access: Request a copy of all personal data we hold about you. • Correction: Update inaccurate or incomplete data. • Deletion: Request deletion of your account and associated data. • Portability: Receive your learning data in a machine-readable format. • Objection: Opt out of marketing communications at any time. To exercise any of these rights, email privacy@datika.co.ke. We will respond within 30 days.

We use cookies and similar technologies. See our Cookie Policy for full details. Essential cookies cannot be disabled as they are required for the platform to function. You can manage analytics and marketing cookies in your account settings or via our cookie banner.

Datika is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact privacy@datika.co.ke immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes via email and a notice on the platform at least 14 days before the changes take effect. Continued use of Datika after that date constitutes acceptance of the updated policy.