Privacy Policy
Last updated:
1. Introduction
Welcome to AdvaPOS. We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This Privacy Policy ("Policy") outlines how AdvaTech Office Supplies Ltd("we," "us," or "our") collects, uses, processes, and protects personal data in connection with our cloud-enabled point-of-sale and business management platform ("AdvaPOS" or the "Service").
This Policy is designed to comply with the Data Protection Act, 2019 (Laws of Kenya) and other applicable data protection regulations. By accessing or using AdvaPOS, you acknowledge that you have read and understood this Policy.
2. Who We Are
AdvaPOS is a product of AdvaTech Office Supplies Ltd, a limited liability company incorporated in the Republic of Kenya. We provide business software solutions designed to streamline retail and wholesale operations.
Registered Office: Soin Arcade Building, Westlands Rd, Nairobi, Kenya.
3. What AdvaPOS Does
AdvaPOS is a comprehensive business operations platform used by businesses ("Business Customers") to manage:
- Sales transactions and digital receipts/invoices.
- Inventory and stock movements.
- Payments (M-Pesa, Cash, Card).
- Customer and supplier relationships.
- Employee roles and permissions.
- Regulatory compliance (e.g., KRA eTIMS/VSCU integration).
- Reporting and business analytics.
4. Data Processing Roles
As Data Controller: We are the controller for the personal data of our Business Customers (e.g., account owners) collected for registration, billing, and marketing purposes.
As Data Processor: We act as a processor for the data that Business Customers input into the Service (e.g., their own customers' names, staff details, transaction history). The Business Customer remains the Data Controller for this information and is responsible for ensuring they have a legal basis to process and share such data with us.
5. Information We Collect
A. Personal Data
Information that identifies you personally, including:
- Contact details (Name, Email, Phone Number).
- Business credentials (Tax PIN, Business Registration documents).
- Authentication credentials (Usernames, hashed passwords).
B. Business & Transaction Data
Data processed on behalf of Business Customers:
- Sales records, invoices, and payment methods.
- Inventory levels and supplier information.
- Customer profiles entered by the business (Name, Phone).
- Staff activity logs and performance metrics.
C. Technical & Usage Data
Automatically collected via cookies and logs:
- IP Address, device type, and browser version.
- Geolocation data (typically at the city level).
- App performance metrics and error logs.
6. Why We Use Your Data
We process data for the following purposes:
- Service Provision: To create and manage your account and provide full platform functionality.
- Compliance: To facilitate KRA eTIMS fiscalization and tax reporting mandatory under Kenyan law.
- Security: To monitor for fraudulent activity and protect the integrity of the Service.
- Support: To respond to inquiries and resolve technical issues.
- Innovation: To analyze usage trends and improve app performance/features.
7. Legal Basis for Processing
Our processing is based on:
- Contractual Necessity: To fulfill our agreement to provide the Service.
- Legal Obligation: To comply with tax and data protection laws in Kenya.
- Legitimate Interests: For platform security, analytics, and service improvement.
- Consent: Where you have explicitly opted in (e.g., marketing communications).
8. How We Store and Protect Data
We employ robust technical and organizational measures to safeguard your data. This includes:
- Encryption: Critical data is encrypted at rest using AES-256 and in transit via TLS.
- Access Control: Multi-factor authentication (MFA) and role-based access control (RBAC).
- Audit Logging: Comprehensive logging of system access and data modifications.
- Infrastructure: We use industry-leading cloud providers (e.g., Supabase/PostgreSQL) with strictly controlled data centers.
9. Data Sharing and Transfers
We do not sell your personal data. We may share information with:
- Service Providers: Cloud hosting, SMS gateways, and payment partners (e.g., M-Pesa).
- Legal Authorities: When required by law, such as sharing transaction data with the Kenya Revenue Authority (KRA).
- Business Transfers: In the event of a merger or acquisition, where data is an asset.
Data may be stored on servers located outside Kenya. In such cases, we ensure that the transfer complies with Section 48 of the Data Protection Act, requiring adequate protection in the recipient country.
10. Data Retention
We retain data as long as your subscription is active. Upon termination, we provide a thirty (30) day grace period for you to export your data. After this period, data may be deleted or anonymized unless we are legally required to retain it for tax or audit purposes.
11. Your Rights
Under the Data Protection Act 2019, you have the right to:
- Access your personal data held by us.
- Request correction of inaccurate or incomplete data.
- Request deletion (right to be forgotten) where applicable.
- Object to or restrict the processing of your data.
- Data portability (receiving your data in a structured format).
12. Business Customer Responsibilities
While AdvaPOS provides the infrastructure, Business Customers are responsible for ensuring that the data they enter (regarding their customers and employees) was collected lawfully. Business Customers must maintain their own privacy policies and respond to data subject requests from their customers.
13. Changes to This Policy
We may update this Policy from time to time. We will notify you of any significant changes via the Service or email. Your continued use of the Service after changes constitutes acceptance of the updated Policy.
14. Contact Us
If you have questions about this Policy or our data practices, please contact our Data Protection Office:
AdvaTech Office Supplies Ltd
Email: customercare@advatech.co.ke
Technical: developer@advatech.co.ke
Address: Soin Arcade, Westlands Rd, Nairobi