Privacy Center

1. Information We Collect

1.1 Information You Provide: We collect information you provide directly when creating an account or using our services, including:

• Business name, contact information, and registration details
• User account credentials (email, phone number, password)
• Payment and billing information
• Business data (inventory, sales, customer records, transactions)
• Support communications and feedback

1.2 Automatically Collected Information: We automatically collect certain information when you use our services:

• Device information (IP address, browser type, operating system)
• Usage data (features accessed, time spent, actions performed)
• Log data (access times, error logs, system events)
• Location data (based on IP address, for service optimization)

2. How We Use Your Data

We use collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our POS and ERP services
• Transaction Processing: To process payments, generate invoices, and manage subscriptions
• Communication: To send service updates, security alerts, and support responses
• Analytics: To understand usage patterns and improve our platform
• Security: To detect, prevent, and respond to fraud, security incidents, and technical issues
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Marketing: To send promotional communications (with your consent, which you can withdraw anytime)

3. Data Sharing and Disclosure

We do not sell your personal or business data. We may share your data only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our platform (e.g., cloud hosting, payment processors), under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with advance notice to you)
• With Your Consent: When you explicitly authorize us to share your data

4. Data Storage and Retention

4.1 Storage Location: Your data is stored on secure cloud servers. While we primarily use servers located in Kenya and East Africa, some data may be processed in other jurisdictions to ensure service reliability.

4.2 Retention Period: We retain your data for as long as your account is active or as needed to provide services. After account termination, we retain data for thirty (30) days to allow for account recovery, after which it is permanently deleted.

4.3 Legal Retention: Some data may be retained longer to comply with legal obligations, resolve disputes, or enforce agreements.

5. Your Data Rights

Under the Kenya Data Protection Act, 2019, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restriction: Request limitation of data processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for marketing or other purposes
• Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at info@dukatrack.com

6. Security Measures

We implement comprehensive security measures to protect your data:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication (MFA) support
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Role-based access controls (RBAC)
• Regular data backups with encryption
• Employee security training and background checks

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for platform functionality and security
• Analytics Cookies: Help us understand usage patterns and improve services
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, though disabling certain cookies may affect platform functionality.

8. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it immediately.

9. International Data Transfers

If you access our services from outside Kenya, your data may be transferred to and processed in Kenya. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and data protection agreements.

10. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform at least thirty (30) days before they take effect.

Continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy.

11. Contact Information

For privacy-related questions, concerns, or to exercise your data rights: