Privacy Policy

Data Protection Commitment

At Mlinzi Intelligence Limited, we're committed to protecting your privacy and data in accordance with international data protection standards including GDPR, Kenya's Data Protection Act, and other applicable laws. As a fraud detection platform serving African businesses, we understand the critical importance of data security.

Information We Collect

Business Data (Service Delivery)

• Transaction Data: Payment records, banking data, and financial transactions for fraud analysis
• HR Records: Employee information, payroll data, and organizational structures
• Operational Data: ERP systems, vendor information, and procurement records
• Case Data: Investigation files, audit trails, and fraud detection reports

Contact Information

• Name, email address, phone number for service communication
• Company details and role information
• Communication preferences and support tickets

Technical Data

• Website usage analytics and performance data
• System logs and error reports
• IP addresses and device information (anonymized)

How We Use Your Information

• Service Delivery: Processing fraud detection requests and generating insights
• Security: Protecting against threats and ensuring platform integrity
• Communication: Responding to inquiries and providing customer support
• Improvement: Enhancing our services and developing new features
• Compliance: Meeting legal obligations and regulatory requirements

Data Processing Legal Basis

We process personal data under the following legal bases:

• Contract Performance: Processing necessary to provide fraud detection services
• Legitimate Interests: Service improvement and security enhancement
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws and regulations

Data Security & Protection

• Encryption: End-to-end encryption in transit and AES-256 encryption at rest
• Access Controls: Role-based access with multi-factor authentication
• Infrastructure: ISO 27001-aligned security practices and regular audits
• Monitoring: Continuous security monitoring and threat detection
• Backup: Regular encrypted backups with secure retention policies
• Self-Hosting: Zero external dependencies when self-hosted

Data Sharing & Third Parties

We do not sell, rent, or share your personal data except in these limited circumstances:

• Service Providers: Trusted partners who assist in service delivery (under strict data protection agreements)
• Legal Requirements: When required by law enforcement or regulatory authorities
• Business Transfers: In case of merger, acquisition, or asset sale (with prior notice)
• Consent: When you explicitly consent to sharing

Data Retention

• Business Data: Retained for the duration of the service contract plus 7 years for audit purposes
• Contact Information: Retained until consent is withdrawn or account is closed
• Technical Data: Aggregated analytics data retained for up to 2 years
• Legal Obligations: Some data may be retained longer to meet legal requirements

Your Privacy Rights

Under applicable data protection laws, you have the following rights:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

International Data Transfers

We primarily store and process data within Africa. Any international transfers are conducted using appropriate safeguards such as Standard Contractual Clauses and adequacy decisions.

Cookies & Analytics

We use essential cookies for website functionality and analytics cookies (with consent) to improve user experience. You can manage cookie preferences through your browser settings.

Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from minors.

Changes to This Policy

We may update this privacy policy periodically. We will notify you of significant changes via email or website notice at least 30 days before changes take effect.