Privacy Policy

1. Who We Are

Offisi is a modular business management platform operated from Nairobi, Kenya. We provide cloud-based tools for businesses to manage operations, customers, finances, and teams.

In this policy, “Offisi,” “we,” “us,” and “our” refer to the company operating the Platform. “You” and “your” refer to any individual or organization that accesses or uses the Platform.

2. Scope of This Policy

This Privacy Policy applies to all data collected through the Offisi platform at offisi.com, our mobile interfaces, APIs, and any related services we operate.

This policy does not apply to third-party services that integrate with Offisi. Those services operate under their own privacy policies, and we encourage you to review them separately.

If you use Offisi as part of an organization, your organization’s administrator controls certain aspects of data collection and use within their workspace.

3. Information We Collect

Account information: When you register, we collect your name, email address, phone number, company name, and billing address. If you register on behalf of an organization, we also collect the organization’s name and business type.

Payment information: We collect payment details necessary to process transactions, including Mpesa numbers, Airtel Money numbers, credit/debit card details, and bank account information. Card details are processed by our payment partners and are not stored on our servers.

Platform usage data: We collect information about how you interact with the Platform, including features used, pages visited, actions taken, modules activated, and time spent. This helps us improve the product and provide support.

Content you create: Any data, documents, files, contacts, records, or other content you upload to or create within the Platform is stored on our servers to provide the service.

Device and technical data: We collect your IP address, browser type, operating system, device type, screen resolution, language preferences, and referring URL when you access the Platform.

Communication data: When you contact our support team or communicate through the Platform, we store the content of those communications to provide assistance and improve service quality.

Cookie data: We use cookies and similar technologies to collect data about your browsing behavior on the Platform. See Section 12 for details.

4. How We Collect Information

Directly from you: When you register, fill out forms, make payments, contact support, or upload content to the Platform.

Automatically: Through cookies, server logs, and analytics tools when you access and use the Platform.

From third parties: When you connect third-party services (such as Google, payment providers, or accounting tools), we may receive information from those services as authorized by you.

From your organization: If your employer or organization administrator sets up your account, they may provide your name and email address.

5. How We Use Your Information

To provide the service: We use your information to operate the Platform, process transactions, deliver modules you have activated, and maintain your account.

To improve the Platform: We analyze usage patterns to identify bugs, improve features, develop new modules, and optimize performance.

To communicate with you: We send transactional emails (invoices, confirmations, security alerts), product updates, and support responses. You can opt out of non-essential communications.

To provide support: We use your account information and communication history to troubleshoot issues and answer your questions.

To ensure security: We use technical data to detect fraud, prevent unauthorized access, monitor for abuse, and maintain the integrity of the Platform.

To comply with legal obligations: We may process your data as required by applicable laws, regulations, or lawful government requests.

To enforce our terms: We may use your information to investigate violations of our Terms and Conditions and take appropriate action.

6. Legal Basis for Processing

Contract performance: Processing necessary to provide the services you have signed up for, including account management, module delivery, and payment processing.

Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Platform, preventing fraud, and providing support. We balance these interests against your privacy rights.

Consent: Processing based on your explicit consent, such as receiving marketing communications or enabling optional analytics. You may withdraw consent at any time.

Legal obligation: Processing necessary to comply with applicable laws, such as tax reporting, anti-money laundering regulations, or responding to lawful government requests.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, these legal bases apply under the GDPR or equivalent legislation.

7. Data Sharing and Disclosure

We do not sell your data. Offisi does not sell, rent, or trade your personal information to third parties for their marketing purposes.

Service providers: We share data with trusted third-party service providers who help us operate the Platform, including hosting providers, payment processors, email delivery services, and analytics tools. These providers are contractually required to protect your data and use it only for the purposes we specify.

With your organization: If you use Offisi as part of an organization, your administrator may access data within your workspace, including usage logs and content you create.

Legal requirements: We may disclose your information if required by law, regulation, legal process, or enforceable government request.

Business protection: We may disclose information to protect the rights, property, or safety of Offisi, our users, or the public, including enforcing our terms and investigating potential violations.

With your consent: We may share your information with third parties when you explicitly authorize us to do so, such as when you activate third-party integrations.

8. International Data Transfers

Offisi operates from Kenya and uses hosting infrastructure that may be located in different countries. Your data may be transferred to and processed in countries other than your country of residence.

When we transfer data internationally, we implement appropriate safeguards to protect your information. These may include standard contractual clauses, data processing agreements, and encryption in transit.

For users in the EEA, UK, or other jurisdictions with data transfer restrictions, we ensure that transfers comply with applicable requirements. Contact us for details on the specific safeguards in place.

9. Data Retention

We retain your account information and content for as long as your account is active or as needed to provide services to you.

When you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required by law to retain certain records (such as financial transactions for tax purposes).

Usage logs and analytics data are retained in anonymized form for up to 24 months for product improvement purposes.

Backup copies of your data may persist in our backup systems for up to 30 days after deletion from production systems.

If you request data export before account deletion, we will provide your data in a common machine-readable format within 30 days of the request.

10. Data Security

We implement technical and organizational measures to protect your data. These include encryption of data in transit (TLS) and at rest, role-based access controls, regular security audits, and automated threat monitoring.

Access to your data within Offisi is restricted to authorized personnel who need it to perform their duties. All access is logged and auditable.

We conduct regular vulnerability assessments and penetration testing. Security patches are applied promptly when identified.

Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using industry best practices.

If we become aware of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law, typically within 72 hours of discovery.

11. Your Rights and Choices

Access: You have the right to request a copy of the personal data we hold about you. You can access most of your data directly through your account settings.

Correction: You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in your account.

Deletion: You have the right to request deletion of your personal data, subject to legal retention requirements. Account deletion can be initiated through settings or by contacting support.

Data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another service.

Restriction of processing: You have the right to request that we restrict processing of your data in certain circumstances, such as when you contest its accuracy.

Objection: You have the right to object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.

Withdraw consent: Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

Marketing opt-out: You can unsubscribe from marketing communications using the link in any marketing email or by updating your notification preferences in settings.

To exercise any of these rights, contact us at service@offisi.com. We will respond within 30 days. We may ask for identity verification before processing your request.

12. Cookies and Tracking Technologies

Essential cookies: Required for the Platform to function. These handle authentication, security, and session management. They cannot be disabled.

Analytics cookies: Help us understand how users interact with the Platform. We use this data to improve features and fix issues. You can opt out of analytics cookies in your account settings.

Preference cookies: Remember your settings, language, and display preferences so you do not have to set them each time you visit.

Offisi does not use advertising cookies or allow third-party advertising networks to place cookies on the Platform.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Platform functionality.

13. Third-Party Services and Integrations

When you connect third-party services to Offisi (such as Google Drive, Mpesa, QuickBooks, or email providers), data may flow between Offisi and those services as needed to provide the integration.

We only request the minimum permissions necessary for each integration to function. You can review and revoke third-party connections at any time in your account settings.

Third-party services operate under their own privacy policies. We are not responsible for the data practices of third-party services. We encourage you to review their policies before connecting.

Our API allows developers to build custom integrations. Data accessed through the API is subject to the same privacy protections as data accessed through the Platform interface.

14. Children’s Privacy

Offisi is a business platform designed for use by adults in professional and commercial contexts. We do not knowingly collect personal information from children under the age of 18.

If we become aware that we have collected personal data from a child under 18 without verified parental consent, we will take steps to delete that information promptly.

If you believe a child has provided personal information to Offisi, please contact us at service@offisi.com so we can take appropriate action.

15. Business Transfers

If Offisi is involved in a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction.

In such an event, we will notify you before your data is transferred and becomes subject to a different privacy policy. You will have the opportunity to delete your account before the transfer takes effect.

We will require any acquiring entity to honor the commitments made in this Privacy Policy for a reasonable transition period.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

For material changes, we will notify you by email and through a notice on the Platform at least 14 days before the changes take effect.

Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy. If you do not agree, you may delete your account before the effective date.

Previous versions of this policy are available upon request by contacting service@offisi.com.

17. Data Protection Officer

Offisi has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this policy and applicable data protection laws.

The DPO can be contacted at dpo@offisi.com for questions related to data protection, privacy impact assessments, or to escalate a privacy concern.

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority.

18. Contact Information

For any questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:

Email: service@offisi.com

Data Protection Officer: dpo@offisi.com

Web: offisi.com/contact-us

We aim to respond to all privacy-related inquiries within 30 days.