Legal

Privacy Policy

Your trust is essential to DukaBot. This policy explains what data we collect, why we collect it, and how we keep it safe.

Effective date: 1 January 2026 · Last updated: 18 March 2026

Information We Collect

We collect information you provide directly when you create an account, set up your shop, or interact with DukaBot. This includes:

  • Personal information — your full name, phone number, and email address used during registration
  • Business information — your shop name, shop code, product catalogue, delivery zones, and business type
  • Payment data — M-Pesa transaction references and payment amounts processed through IntaSend (we never store your M-Pesa PIN or full payment credentials)
  • Usage data — order history, WhatsApp conversation metadata, dashboard activity, and feature usage analytics
  • Device and access data — browser type, IP address, and approximate location inferred from your connection

How We Use Your Information

We use the information we collect to:

  • Process and fulfil customer orders placed through your DukaBot shop link on WhatsApp
  • Send automated order confirmations, payment receipts, and delivery status notifications to your customers via WhatsApp
  • Trigger M-Pesa STK push payments and reconcile transactions with your IntaSend merchant account
  • Provide you with sales analytics, growth metrics, and revenue reports on your dashboard
  • Improve our platform, fix issues, and develop new features based on anonymised usage patterns
  • Communicate important service updates, billing notifications, and security alerts to your registered phone or email

Data Sharing

We share your data only with trusted third-party services that are essential to operating DukaBot:

  • IntaSend — our payment processor handles all M-Pesa STK push transactions. IntaSend is PCI-DSS compliant and processes payments securely on our behalf
  • WhatsApp (Meta)— customer orders and notifications are delivered through WhatsApp's messaging infrastructure using DukaBot's shared business number
  • Hosting and infrastructure — we use industry-standard cloud providers to host and deliver the DukaBot platform securely

We neversell, rent, or trade your personal information or your customers' data to third-party advertisers or data brokers.

Data Security

Protecting your data is fundamental to DukaBot. We implement the following measures:

  • All payment processing is handled by IntaSend, which maintains PCI-DSS compliance — the highest security standard for payment processors
  • All data in transit is encrypted using TLS 1.2 or higher, and data at rest is encrypted using industry-standard encryption
  • Access to production systems is restricted to authorised personnel with appropriate security controls
  • We conduct regular security audits and vulnerability assessments to identify and address potential risks
  • Database backups are encrypted and stored in geographically separate locations for disaster recovery

Your Rights

As a DukaBot user, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you and your business
  • Correction — update or correct inaccurate information in your account at any time through your dashboard settings
  • Deletion — request deletion of your account and associated data. We will process your request within a reasonable timeframe, subject to any legal retention obligations
  • Portability — request an export of your order history, product catalogue, and business data in a standard format
  • Objection — opt out of non-essential communications or analytics tracking at any time

To exercise any of these rights, contact us at hello@dukabot.app.

Cookies and Tracking

DukaBot uses a minimal set of cookies and tracking technologies:

  • Essential cookies — required for authentication, session management, and security. These cannot be disabled
  • Analytics — we collect anonymised usage data to understand how shop owners interact with the dashboard and to improve platform performance
  • Preferences — we store your display preferences, language selection, and dashboard layout choices locally

We do not use third-party advertising trackers or retargeting pixels. Your browsing data is never shared with advertisers.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, features, or legal requirements. When we make significant changes:

  • We will notify you via WhatsApp or email in advance before the changes take effect
  • A summary of changes will be posted on this page with the updated effective date
  • Continued use of DukaBot after the effective date constitutes acceptance of the revised policy

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, reach out to us:

  • Email hello@dukabot.app
  • WhatsApp — message us through any active DukaBot shop link and ask for support

We aim to respond to all privacy-related inquiries as quickly as possible.