Privacy Policy

ShopSwift is operated by ShopSwift Kenya Ltd. Our platform is available at shopswift.co.ke and serves buyers and sellers across East Africa.

Contact: solutionsswiftmart@gmail.com

WhatsApp: +254 792 660 915

Operating countries: Kenya, Tanzania, Rwanda, Uganda, Somalia, South Sudan, and Ethiopia.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform. By using ShopSwift, you agree to the practices described in this policy.

a) Account data: Name, email address, phone number, and password (stored as a secure hash, never in plain text).

b) Profile data: Profile photo, delivery addresses, country, language, and shopping preferences.

c) Transaction data: Order history, payment records, M-Pesa transaction references, and delivery confirmations.

d) KYC data: For sellers, we collect identity documents and selfie photos. These are stored with encryption and access restrictions.

e) Device data: IP address, browser type and version, operating system, and device type.

f) Behavioral data: Pages viewed, search queries, products clicked, and time spent on the platform.

g) Location data: Country and city, determined from your IP address or information you provide directly.

h) Communications: Messages exchanged between buyers and sellers, chat logs, and support tickets.

i) Cookies and tracking: See our Cookie Policy section and the dedicated Cookie Policy page for details.

We collect and process your data based on the following legal grounds:

• Contractual necessity: To provide and improve our marketplace services, process orders, and send receipts.
• Legitimate interest: To process payments, prevent fraud, and maintain platform security.
• Legal obligation: To verify seller identity via KYC procedures and comply with tax laws in each operating country.
• Consent (opt-in only): To send marketing emails and promotional notifications. You can withdraw consent at any time.

• Processing your orders and facilitating payments between buyers and sellers.
• Sending order confirmations, delivery updates, and receipts.
• Verifying seller identity and business registration through our KYC process.
• Detecting and preventing fraud, abuse, and unauthorized access.
• Improving search results, product recommendations, and platform features.
• Sending promotional emails and deal notifications (only with your explicit consent).
• Complying with legal requests from authorities in our operating countries.
• Maintaining escrow records and financial audit trails as required by law.

a) Payment providers: M-Pesa/Safaricom, Azam Pay, MTN MoMo, Flutterwave, Telebirr, and other payment processors. We share only the minimum data required to process your payment.

b) Delivery partners: We share your name and delivery address only with logistics providers handling your order.

c) Sellers: When you place an order, the seller receives your name and delivery address. We do not share your phone number or email with sellers.

d) Cloud providers: Supabase (database hosting, EU West region), Vercel (platform hosting), and Cloudinary (image storage).

e) Email provider: Gmail SMTP for transactional and support emails.

f) Legal authorities: When required by law in any of our operating countries, we may disclose data to law enforcement or regulatory bodies.

We NEVER sell your data to third parties. We NEVER share your data with advertisers.

• Database: Supabase PostgreSQL hosted in the EU West region.
• KYC documents: Stored with encryption and strict access controls. Only authorized compliance staff can access these records.
• Passwords: Bcrypt hashed. We never store passwords in plain text.
• Payment data: Not stored on our servers. Payment processing is handled entirely by licensed payment providers.
• Chat messages: Retained in our database for fraud investigation and dispute resolution purposes.
• Deleted content: Removed from our active database within 30 days. Audit logs are retained for 7 years as required by financial regulations.
• Encryption: All connections use SSL/TLS encryption.

We use cookies and similar technologies to operate our platform, remember your preferences, and improve your experience. For full details on the types of cookies we use and how to manage them, please see our Cookie Policy.

ShopSwift is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If we discover that a minor has registered an account, we will delete their account and associated data immediately.

Buyer-seller chat messages are retained in our database even if a user clears their chat view. This retention is necessary for:

• Fraud investigation and dispute resolution
• Legal compliance in all operating countries
• Protecting buyers and sellers from scams

Admin access to chat history is logged and audited to prevent misuse.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by:

• Sending an email to your registered address
• Displaying a banner notification on the platform
• Requiring re-acceptance of updated terms where legally required

A version history of this policy is maintained and available on request.

ShopSwift Kenya

Email: solutionsswiftmart@gmail.com

WhatsApp: +254 792 660 915

Website: shopswift.co.ke

For complaints that we are unable to resolve, please contact the data protection authority in your country.