Privacy Policy

Last Updated: December 08, 2025

Effective Date: December 08, 2025

---

1. Introduction

Kitabu Swap ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform, including our website, mobile application, and related services.

By using Kitabu Swap, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Platform.

2. Information We Collect

2.1 Personal Information

When you register and use our Platform, we collect:

• Identity Data: Full name, username, date of birth
• Contact Data: Email address, phone number, physical address
• Account Data: Login credentials, password (encrypted)
• Profile Data: Profile photo, educational level, preferences
• Transaction Data: Book listings, exchanges, orders, payment information
• Financial Data: M-Pesa number, payment methods, transaction history

2.2 Technical Information

We automatically collect:

• Device Data: Device type, operating system, browser type
• Usage Data: Pages visited, features used, time spent on Platform
• Location Data: IP address, approximate location (with consent)
• Log Data: Error logs, performance data, crash reports
• Cookie Data: Session IDs, preferences, tracking identifiers

2.3 User-Generated Content

• Book listings and descriptions
• Photos and images of books
• Reviews and ratings
• Communications with other users (if applicable)
• Customer support messages

2.4 Information from Third Parties

We may receive information from:

• Payment processors (M-Pesa, card processors)
• Delivery/logistics partners
• Authentication services (Google, Facebook if used)
• Analytics providers
• Marketing partners

3. How We Use Your Information

3.1 Platform Operation

We use your information to:

• Create and manage your account
• Process book exchanges and orders
• Calculate and manage points
• Coordinate pickups and deliveries
• Process payments and refunds
• Verify your identity

3.2 Communication

• Send order confirmations and updates
• Notify you of Platform changes
• Respond to support requests
• Send promotional communications (with consent)
• Conduct surveys and gather feedback

3.3 Platform Improvement

• Analyze usage patterns and trends
• Improve user experience and features
• Debug and fix technical issues
• Conduct research and development
• Personalize content and recommendations

3.4 Security and Fraud Prevention

• Detect and prevent fraud
• Monitor for suspicious activity
• Enforce our Terms and Conditions
• Protect user safety
• Comply with legal obligations

3.5 Legal Compliance

• Comply with Kenyan data protection laws
• Respond to legal requests
• Establish, exercise, or defend legal claims
• Meet tax and accounting requirements

4. How We Share Your Information

4.1 With Other Users

When you list or order books, we share:

• Your name and general location (city/area)
• Contact information for coordination (phone number)
• Transaction-related communications

4.2 With Service Providers

We share data with trusted third parties who help us operate:

• Delivery Partners: Name, phone, address for book delivery
• Payment Processors: Payment details for transaction processing
• SMS/Email Services: Contact info for notifications
• Cloud Hosting: Data storage and platform hosting
• Analytics Providers: Anonymized usage data
• Customer Support Tools: Support request data

4.3 For Legal Reasons

We may disclose information when required to:

• Comply with legal obligations or court orders
• Enforce our Terms and Conditions
• Protect rights, property, or safety
• Investigate fraud or security issues
• Respond to government requests

4.4 Business Transfers

If Kitabu Swap is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.5 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Storage and Security

5.1 Data Storage

• Data is stored on secure servers in Kenya and internationally
• We use reputable cloud hosting providers
• Regular backups are maintained
• Data is retained as long as your account is active

5.2 Security Measures

We implement industry-standard security measures:

• End-to-end encryption for sensitive data
• Secure HTTPS connections
• Regular security audits
• Access controls and authentication
• Firewall and intrusion detection systems
• Staff training on data protection

5.3 Data Retention

We retain personal information:

• As long as your account is active
• For 7 years for transaction records (tax/legal requirements)
• For 3 years for inactive accounts before deletion
• Longer if required by law or for legal claims

6. Your Rights and Choices

6.1 Access and Correction

You have the right to:

• Access your personal information
• Update or correct inaccurate data
• Download your data (data portability)
• Request a copy of your information

6.2 Deletion

You can request deletion of your account and data. Note that:

• Some information may be retained for legal/accounting purposes
• Deletion is permanent and cannot be undone
• Completed transactions remain in our records
• Processing may take up to 30 days

6.3 Communication Preferences

• Opt-out of marketing emails (unsubscribe link provided)
• Manage SMS notification preferences
• Control WhatsApp communications
• Note: Transaction emails cannot be disabled

6.4 Cookie Management

• Adjust cookie settings in your browser
• Opt-out of analytics tracking
• Note: Disabling cookies may affect functionality

6.5 Objection and Restriction

You can:

• Object to certain data processing activities
• Request restriction of processing
• Withdraw consent for optional processing

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

• Essential Cookies: Required for Platform functionality
• Performance Cookies: Analyze usage and performance
• Functional Cookies: Remember preferences
• Marketing Cookies: Track advertising effectiveness

7.2 Third-Party Cookies

We use cookies from:

• Google Analytics (usage tracking)
• Facebook Pixel (advertising)
• Payment processors

8. Children's Privacy

Our Platform is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately, and we will delete it.

Users aged 13-18 must have parental or guardian consent to use the Platform.

9. International Data Transfers

Your information may be transferred to and processed in countries outside Kenya. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

10. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

• Email notification
• Platform announcement
• SMS or WhatsApp message

Your continued use after changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us:

• Email: privacy@kitabuswap.com or info@kitabuswap.com
• Phone: +254 100 384 876
• Mail: Kitabu Swap, Nairobi, Kenya

12. Data Protection Officer

For data protection inquiries, you can contact our Data Protection Officer at: dpo@kitabuswap.com

13. Complaints

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with:

• Our Data Protection Officer (first point of contact)
• The Office of the Data Protection Commissioner of Kenya

---