Privacy Policy

1. Information We Collect

When you use WAFFTI, we may collect the following types of information:

• Account Data: Name, email address, phone number, profile photo, account preferences, and password (encrypted).
• Booking Data: Dates, times, space details, special requests, number of guests, and booking history.
• Payment Information: M-Pesa transaction IDs, payment method, and billing details (WAFFTI does not store full card numbers).
• Usage Data: IP address, device type, browser type, pages visited, search queries, and time spent on the platform.
• Location Data: Approximate location (city/neighborhood) for space recommendations and search results.
• Communications: Messages with hosts, support tickets, chat history, and reviews you submit.
• Verification Documents: For hosts: KRA PIN, certificate of incorporation, director ID, and business documents.

2. How We Use Your Information

• Process and confirm your bookings instantly.
• Facilitate secure payments via M-Pesa, Visa, and Mastercard.
• Communicate booking confirmations, reminders, and updates.
• Improve our platform (analytics, search relevance, fraud detection).
• Send marketing communications (only with your consent).
• Verify host identity and comply with legal requirements.
• Protect the security and integrity of WAFFTI.
• Provide customer support and resolve disputes.

3. Legal Basis for Processing (Kenya & Global)

We process your personal data based on:

• Contract performance: to provide booking services you request.
• Legitimate interests: to improve our platform, prevent fraud, and ensure security.
• Legal obligations: tax, anti-money laundering, and court orders.
• Consent: for marketing emails (you can withdraw anytime).

4. When We Share Your Information

• With hosts: your name, booking details, and contact information so they can prepare the space.
• With payment processors: Safaricom (M-Pesa) and other providers to complete transactions.
• With service providers: cloud hosting (Vercel, Render), analytics (PostHog, Vercel Analytics), customer support tools.
• For legal reasons: if required by law, court order, or to protect WAFFTI's rights.
• Business transfers: if WAFFTI is acquired or merges, your data may be transferred.

We never sell your personal data to third parties.

5. Cookies & Similar Technologies

WAFFTI uses cookies and similar tracking technologies to:

• Keep you logged in and remember your preferences.
• Remember your search filters and favorite spaces.
• Analyze site traffic and improve performance.
• Serve relevant ads (if you consent to marketing cookies).

You can manage cookie preferences in your browser settings. Disabling essential cookies may affect functionality.

6. How Long We Keep Your Data

• Account data: until you delete your account.
• Booking records: retained for 7 years for tax and legal purposes.
• Messages and reviews: retained as long as your account exists.
• Verification documents: deleted 1 year after account closure.
• Usage analytics: anonymized after 90 days.

7. Your Privacy Rights

Depending on your location, you may have the right to:

• Access your personal data – request a copy of all data we hold about you.
• Correct inaccurate information – update your profile anytime.
• Delete your account and associated data – request permanent deletion.
• Object to processing – opt out of marketing communications.
• Data portability – receive a machine-readable copy of your data.
• Lodge a complaint with the Office of the Data Protection Commissioner (Kenya).

To exercise your rights, contact hello@waffti.com

8. Children's Privacy

WAFFTI is not intended for children under 16. We do not knowingly collect data from minors. If you believe a child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries with different data protection laws. We use standard contractual clauses and other safeguards to protect your data when it is transferred outside Kenya.

10. Security Measures

We use industry-standard security measures including:

• End-to-end encryption for sensitive data
• Regular security audits and penetration testing
• Secure JWT-based authentication
• HTTPS/TLS encryption for all data transmission
• Access controls and role-based permissions

However, no system is 100% secure. Please keep your account credentials confidential.

11. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of material changes via email or a prominent notice on our website. The "Last updated" date at the top will change accordingly. Continued use of WAFFTI after changes means you accept the updated policy.

12. Contact Information