Privacy Policy

Last Updated: February 2, 2026

Keeping It Real

At DukaNext, we keep it 100 with you. This Privacy Policy breaks down how we handle your data when you use our platform. We built this for the culture, and that means respecting your hustle and your privacy.

Who We Are

DukaNext is an eCommerce platform registered and operating in Kenya. We’re the digital muscle that powers your online shop, handling the tech so you can focus on your grind.
Contact Us:

• Email: [email protected]
• Address: USIU Road, Nairobi
• Phone: +254 710 664 418

What Data We Collect

When You Sign Up (Store Owners)

• Name and business details
• Email address and phone number
• Payment information (processed securely through our payment partners)
• M-Pesa and other mobile money details
• Business registration information (if applicable)
• ID verification details as required by Kenyan law

When You Run Your Shop

• Products you list
• Orders and transactions
• Customer interactions
• Analytics and performance data
• Store customization preferences

When Customers Shop on Your Store

• Customer names and contact info
• Delivery addresses
• Payment details (we don’t store full card numbers)
• Order history
• IP addresses and device information

Automatically Collected Data

• Cookies and similar tracking tech
• Usage patterns and analytics
• Device and browser information
• Location data (general, not GPS-level)

How We Use Your Data

We’re not out here selling your info to the highest bidder. Here’s what we actually do:

To Run the Platform

• Process payments and transactions
• Deliver orders and manage your shop
• Provide customer support
• Send important updates about your account
• Prevent fraud and keep things secure

To Make Things Better

• Improve platform features
• Analyze trends and user behavior
• Develop new tools for your hustle
• Fix bugs and optimize performance

To Communicate

• Service updates and announcements
• Marketing messages (you can opt out anytime)
• Promotional offers and features
• Community updates

Legal Compliance

• Meet Kenyan regulatory requirements
• Respond to legal requests
• Enforce our Terms of Service
• Protect rights and safety

How We Share Your Data

We Share When Necessary:

Payment Processors

• M-Pesa, card processors, and payment gateways
• Only what’s needed to complete transactions

Service Providers

• Hosting and infrastructure partners
• Email and SMS services
• Analytics tools
• Customer support platforms

Your Customers

• Store owners get customer data needed to fulfill orders
• This includes names, contacts, and delivery info

Legal Requirements

• When Kenyan law requires it
• To protect against fraud or illegal activity
• In response to valid legal processes

We Don’t:

• Sell your personal data to third parties
• Share your data for others’ marketing without permission
• Give competitors access to your business info

Your Rights Under Kenyan Law

Kenya’s Data Protection Act (2019) gives you rights. Here’s what you can do:

Access Your Data

Request a copy of what we have on you

Correct Your Data

Update or fix incorrect information

Delete Your Data

Request deletion (with some legal exceptions)

Object to Processing

Say no to certain uses of your data

Data Portability

Get your data in a format you can move elsewhere

Withdraw Consent

Change your mind on optional data uses

To exercise these rights: Email us at [[email protected]]

Data Security

We’re serious about keeping your data safe:

• Industry-standard encryption (SSL/TLS)
• Secure data centers in Kenya and trusted international locations
• Regular security audits
• Access controls and authentication
• Employee confidentiality agreements
• Incident response procedures

No system is 100% foolproof, but we stay on guard.

Data Retention

Active Accounts: We keep your data while your account is active

After Closure: We retain necessary data for:

• Legal compliance (typically 7 years for financial records under Kenyan law)
• Dispute resolution
• Fraud prevention

Backups: May exist in backups for up to 90 days after deletion

International Transfers

While we’re built in Kenya for Kenyans, some of our service providers operate internationally. When we transfer data outside Kenya:

• We use providers with strong privacy protections
• We ensure adequate safeguards are in place
• We comply with Kenyan data transfer requirements

Cookies and Tracking

We use cookies to keep things running smooth:

Essential Cookies: Can’t run the platform without these

Analytics Cookies: Help us understand what’s working

Marketing Cookies: For relevant ads and promotions

You can manage cookie preferences in your browser settings, but blocking some might affect platform functionality.

Children’s Privacy

DukaNext is for business owners and shoppers 18+. We don’t knowingly collect data from anyone under 18. If you’re a parent and think we have your child’s info, contact us immediately.

Third-Party Links

Your stores might link to other sites. We’re not responsible for their privacy practices. Check their policies before sharing your data.

Marketing Communications

We’ll send you updates about:

• Platform features and improvements
• Tips and best practices
• Promotional offers

You can opt out anytime by:

• Clicking “unsubscribe” in emails
• Adjusting notification settings in your dashboard
• Contacting support

We’ll still send essential service messages (like password resets and transaction confirmations).

Data Breaches

If something goes wrong and your data is compromised:

• We’ll notify you within 72 hours as required by Kenyan law
• We’ll report to the Office of the Data Protection Commissioner
• We’ll tell you what happened and what we’re doing about it

Changes to This Policy

The game changes, and so might this policy. When we update it:

• We’ll post the new version here
• We’ll update the “Last Updated” date
• For major changes, we’ll notify you directly

Your continued use after changes means you accept the updates.

Complaints and Disputes

Not Happy? Talk to us first:

• Email: [email protected]
• We’ll respond within 14 days

Still Not Satisfied? You can file a complaint with:

Office of the Data Protection Commissioner (ODPC)

• Website: www.odpc.go.ke
• Email: [email protected]
• Phone: +254 752896867

Your Responsibility as a Store Owner

If you’re running a shop on DukaNext:

• You’re a data controller for your customer data
• You must comply with Kenyan data protection laws
• You need your own privacy policy for your customers
• You must handle customer data securely
• You’re responsible for getting proper consent

We’re processors of that data, but you’re in control.

Legal Basis for Processing

Under Kenyan law, we process data based on:

• Contract: To provide our services
• Consent: When you agree to optional features
• Legal Obligation: To comply with Kenyan laws
• Legitimate Interests: To improve and secure our platform

Questions?

This is your platform, and we want you comfortable with how we handle data.

Hit us up:

• Email: [email protected]
• Website: www.dukanext.co.ke

---

Built in Kenya, for Kenya, by Kenyans.

Own Your Game. Protect Your Data.