PRIVACY POLICY 

(Kenya Data Protection Act, 2019 Compliance)

Nexvolve Limited (“we”, “us”, “our”) is committed to protecting personal data and complying with the Kenya Data Protection Act (DPA), 2019.
This Privacy Policy applies to all Nexvolve software systems, modules, and services (“the Services”).
It explains the types of data we process, how it is used, and your rights under the law.

1. Data We Collect

We may collect and process:

Account Data

• Name

• Email address

• Phone number
  
  

Organization & Entity Data

• Entities created within the system (e.g., tenants, clients, members, customers)

• Organization information
  
  

System & Workflow Data

• Automated notifications generated by the system

• Tasks, tickets, sales data, and workflows

• Automation settings

• Internal metadata required for system operation
  
  

Service Logs

• Login and access activity

• API requests

• Technical and performance logs

• Error logs
  
  

Notification Delivery Data

For sending automated messages through external communication channels, we process:

• Recipient contact details (e.g., phone number, email address)

• Message content generated by the system

• Delivery status where provided
  
  

We do NOT:

• Read private conversations on external messaging platforms

• Store chat history from external apps

• Monitor replies or inbound messages from third-party providers
  
  

2. How We Use Data

We process data to:

• Operate and deliver all Nexvolve systems and modules

• Send system-generated notifications

• Manage tasks, tickets, workflows, and sales tools

• Maintain system security and prevent abuse

• Improve features and performance

• Provide customer support
  
  

We do not use personal data for advertising or sell it to third parties.

3. Legal Basis for Processing

Our processing is based on:

✔ Performance of a contract

To provide the Services to the organization or user.

✔ Legitimate interest

Including security, fraud prevention, analytics, and service optimization.

✔ Consent 

Organizations using Nexvolve process data under their own lawful business purposes.
Individual end-user consent is not required for standard operational use.
Organizations are responsible for ensuring they have a lawful basis for the data they input into the system.

4. Data Storage & Location

All personal data is securely stored in Supabase, our managed cloud PostgreSQL provider, using modern industry-standard protections.

Data may be stored or processed in secure international data centers.

Frontend hosting platforms are not used to store personal data.

5. Data Sharing

We do not sell personal data.

We share only the minimum necessary data with trusted service providers required for delivering the Services, including:

• Communication gateway providers

• Cloud database hosting providers

• Payment processing providers
  
  

All third-party providers follow strict data protection obligations.

6. User Rights (Kenya DPA, 2019)

You have the right to:

• Access personal data

• Request correction or deletion

• Object to processing

• Withdraw consent (where applicable)

• Request data portability

• Lodge a complaint with the Office of the Data Protection Commissioner
  
  

You may submit requests to:
📧 privacy@nexvolve.app