Giyaent Logo

Privacy Policy

Last updated: February 26, 2026

1. INTRODUCTION

This Privacy Policy describes how Gi Yamo Enterprise ("Giyaent", "Company", "we", "us", or "our") collects, uses, statutes, and protects your personal information when you use our website https://www.giyaent.com and our products, including the ma'kuu collaborative research platform (collectively, the "Services").

We are committed to protecting your privacy and ensuring you have control over your data. As a company registered in Kenya, we adhere to the following:

  • Kenya Data Protection Act
  • African Union Convention on Cyber Security and Personal Data Protection
  • African Union Data Policy Framework
  • General Data Protection Regulation (GDPR)
  • NIST AI Risk Management Framework

We maintain a security posture built on global industry standards. Our internal security management system is fully aligned with the ISO 27001 framework and SOC 2 Trust Services Criteria. While we do not currently pursue external third-party certifications, we actively apply these rigorous policies and controls to ensure the highest level of data integrity and protection for our users and organisations.

By using our Services, you agree to the collection and use of information in accordance with this policy.

2. INFORMATION WE COLLECT

We collect information to provide better services to all our users. The types of information we collect include:

2.1 Information You Provide to Us

  • Account Information: When you register for an account, we collect your name, email address, username, and password.
  • Profile Information: You may choose to provide additional information such as your job title, profile picture, or organisation name.
  • Payment Information: If you make a purchase, our third-party payment processors collect your payment details (e.g., credit card number). We do not store your full credit card information.
  • User Content: We process the content you generate, upload, or transmit on the ma'kuu platform, such as research data, files, comments, and project metadata ("User Content").
  • Communications: If you contact us directly, we may receive additional information like the contents of the message and/or attachments you may send us.
  • Payment Metadata: When you process a payment, we and our payment processors collect non-sensitive metadata about your payment method, such as the country of issuance and the card type (BIN data). This is used for fraud prevention, regional pricing verification, and regulatory compliance.

2.2 Information We Collect Automatically

  • Usage Data: We collect information about your interactions with our Services, such as the pages or content you view, your searches, and other actions on the ma'kuu platform.
  • Device Information: We collect information about the device and connection you use, such as your IP address, browser type, operating system, and device identifiers.
  • Location Information: We use your IP address to determine your approximate geographic location (country and region). This information is used to facilitate localised pricing, comply with regional tax requirements, and provide a relevant user experience.
  • Cookies and Similar Technologies: We use cookies to store your preferences and settings, help you sign in, provide targeted ads, and analyse site operations. You can control cookies through your browser settings.

2.3 Information from Third Parties

  • Social Logins: If you choose to register or log in using a third-party account (like Google or GitHub), we will receive information such as your name and email address from that service, as permitted by your profile settings.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  1. To Provide and Maintain our Services: Ensuring the ma'kuu platform functions correctly, including account management and authentication.
  2. To Improve our Services: Analyzing usage patterns (via tools like PostHog) to understand how our products are used and to develop new features.
  3. To Communicate with You: Sending you service-related emails (e.g., account verification, password resets) and updates about our products.
  4. To Ensure Security: Detecting and preventing fraud, abuse, and security incidents.
  5. To Process Payments: Facilitating transactions for our paid services.
  6. To Comply with Legal Obligations: Satisfying regulatory requirements, such as tax laws or valid legal processes.
  7. To Implement Regional Pricing: We use geographic data to apply Purchasing Power Parity (PPP) adjustments, ensuring our Services are priced fairly and accessible in different economic regions.

4. LEGAL BASES FOR PROCESSING

We rely on the following legal bases to process your personal information:

  • Contractual Necessity: To fulfill our obligations under our Terms of Service (e.g., providing the ma'kuu platform).
  • Consent: When you have given us specific permission to use your information (e.g., subscribing to a newsletter).
  • Legitimate Interests: For our business interests in improving our Services, marketing, and ensuring security, provided these do not override your rights.
  • Legal Obligation: When we are required by law to process your data.

5. SHARING YOUR INFORMATION

We do not sell your personal information. We maintain a strict "Zero Trust" architecture and only share your data in the following circumstances:

5.1 Service Providers (Subprocessors)

We share data with trusted third-party service providers who help us operate our Services. These include:

  • Supabase: For database hosting, authentication, and file storage.
  • PostHog: For product analytics and usage tracking.
  • Sentry: For error tracking and performance monitoring.
  • Resend: For sending transactional emails.
  • Netlify: For frontend hosting and edge compute services.
  • Paystack: For processing payments and subscriptions securely.
  • Cloudflare: For content delivery, security, and DDoS protection.

All service providers are bound by Data Processing Agreements (DPAs) to ensure they protect your data.

5.2 AI Service Providers

Our Services may include features powered by Artificial Intelligence (AI). If you use these features, your input and relevant context may be processed by AI providers such as Anthropic, OpenAI, or Google Cloud AI to generate responses. We do not use your private research data to train public AI models without your explicit consent.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal obligations (e.g., a court order from the Kenyan ODPC) or protect the rights and safety of Giyaent, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

6. INTERNATIONAL DATA TRANSFERS

Giyaent is based in Kenya. By using our Services, you acknowledge that your information will be transferred to, stored, and processed in Kenya and other countries where our service providers (like Supabase, Netlify, and Cloudflare) maintain facilities (such as the EU or US).

We ensure that all international transfers comply with applicable laws, including the Kenya Data Protection Act and GDPR, by using mechanisms such as Standard Contractual Clauses (SCCs) where necessary.

7. DATA SECURITY

We implement enterprise-grade security measures to protect your data, including:

  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Access Controls: Strict Role-Based Access Control (RBAC) and Row-Level Security (RLS) to ensure only authorised users can access specific data.
  • Regular Audits: We conduct internal security reviews and vulnerability assessments.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet is 100% secure.

8. DATA RETENTION

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy.

  • Account Information: Retained as long as your account is active. We may retain it for up to six (6) months after account deletion for audit and fraud prevention purposes.
  • Usage Data: Retained for a limited period for internal analysis purposes.
  • Legal Compliance: We may retain certain data for longer periods if required to comply with legal obligations (e.g., tax records).

9. YOUR PRIVACY RIGHTS

You have specific rights regarding your personal information under the Kenya Data Protection Act and GDPR. These include:

  1. Right to Access: You can request a copy of the personal data we hold about you.
  2. Right to Rectification: You can request that we correct inaccurate or incomplete data.
  3. Right to Erasure: You can request that we delete your personal data (the "right to be forgotten").
  4. Right to Restrict Processing: You can ask us to suspend the processing of your data in certain scenarios.
  5. Right to Data Portability: You can request to receive your data in a structured, commonly used format.
  6. Right to Object: You can object to our processing of your data for direct marketing or legitimate interests.
  7. Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

To exercise these rights, please contact our Data Protection Officer at privacy@giyaent.com.

10. CHILDREN'S PRIVACY

Our Services are not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.

11. CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or a prominent notice on our Services.

12. CONTACT US

If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@giyaent.com