What we stand for

The ChatSasa App is built on the idea that we can help individuals and teams achieve more together through better organization of their communication as well as features and tools that help focus the team on their goals, reduce distraction and improve team dynamics.

Within this framework, we endeavor to ensure that your data privacy is protected and that we strive to abide by the letter and spirit of data privacy and protection laws across the jurisdictions in which our users are found.

Data Collected

User Generated Data

When creating a user account:

When creating an account, you will provide your Email or your mobile phone number, name and a password (when signing up through the web). We may also use your IP address to detect your country for the purpose of making inputting a phone number easier for users.

When creating an organization you provide information about the organization:

Organization name, avatar, cover photos, description of the organization, goals and rules of the organization. Some of this information is used to set privacy settings for your organization. The rest of the information can be changed within the organization settings by the creator or admin of the organization.

When inviting users to an organization:

During the invite process, we may access your phone’s phonebook while you select users that you would like to invite to the organization. This will typically have information about the name and phone numbers of the contacts you have.

When joining an organization:

You provide information that is visible by other organization members. The information provided is decided upon by the creator of the organization. We have enhanced your data privacy when joining organizations by not sharing your phone number with other organization members by default. This is unlike current messaging apps which expose your phone number to other organization members by default.

When creating topics:

You provide information about the topic name and description and also may choose to have a privacy status for the topic as well as invite members to a topic. This information will be visible to the topic’s subscribers.

When posting content to the organization:

All the content you post to an organization may be seen by other members of the organization who are subscribers to the topic that you are posting the content to. These members may have the ability to share, copy or screenshot the information posted on these topics. That means that anything you post on an organization may be viewed by third parties if shared by another member of the organization either directly or indirectly.

While we will implement reasonable security measures to protect the data of our users at all times, you are advised to exercise caution in uploading potentially sensitive text or images as the user-generated content will be viewable by other users on the platform. User-generated content will also be subject to the guidelines outlined in our community interaction policy.

Data Automatically Generated during Usage

We do not intrude through unwanted tracking and profiling
We may collect in-App user activity as outlined under the non-sensitive data we collect. We will only use this data to improve the user experience and derive usage metrics of the app in a non-personal way. We will not track or profile personal user activity on the App except for the purpose of improving the user experience. The metrics we collect in such exercises are only used to inform our internal product usage analytics and are never shared with third-parties.

Network and related session information

This includes telecommunications network information such as your IP address, the browser and/or device you are using to access our server. The information is automatically available during normal usage of the App and we may utilize it to improve the user experience and observe usage patterns of the App.

In-App activity metrics and crash analytics

To enable continuous improvement and observability of the user experience in the ChatSasa App, we may collect additional information regarding user activity and interaction within the App. We collect this data in a non-personalized manner such that it is not used to build user profiles based on their activity; we only utilize this data in aggregated formats for purposes of understanding general usage patterns and with the goal of continuous product improvement. This data is not shared with third parties and currently includes:

App page views

This enables us to track the services and sections of the App that users interact with and assists us to keep improving and customizing the App towards a better user experience.

App page interaction duration

This is for purposes of continuously adapting our services and the user experience of the App to changes in traffic based on user access patterns.

Application crash analytics

We may collect information about application crashes and other App malfunctions for purposes of diagnosing possible causes of such malfunctions and as part of our goal to constantly improve the user experience. The crash analytics information is not personally identifiable, is only used for diagnostic purposes and is never shared with third parties.

Notice on our usage of cookie files

To improve the user experience of our products and services, we sometimes make use of small and usually temporary files (commonly referred to as cookies) stored on your computer. Please see our full cookie notice here.

How we handle user data

For all data that our users provide to us, we ensure full disclosure of our access to such data. As required, we request for explicit authority by the user to grant us the permission to collect the data, such as through in-app prompts. We will not obtain data without the users permission and we will always fully inform the user and require their explicit permission, even in cases where data collection may happen in the background.

Under such circumstances where data needs to be transferred to our servers to provide the necessary services to our users, we will always ensure that such data transfer is encrypted using secure network protocols, such as TLSv2. Additionally, we will ensure the necessary safeguards are in place for the data stored within our servers, including encryption of the data during transfer within our infrastructure as well as during long-term storage within our databases.

Sharing of user data

We never sell or share your data with third parties outside the provisions of this privacy policy and our terms and conditions, however, we may share user data with third parties that are necessary for the purpose of providing services to users.

For what purpose

We may share user data with third parties that are necessary for the purpose of providing services to users.

Data shared with third parties

We may share some of your data with third parties for the purpose of providing you with the application services. Here are the third parties that we may share necessary user data with

  1. We share your phone number with third party SMS delivery platforms for the purpose of verifying your phone number during account creation and password reset.
  2. We store your data with hosting providers such as Amazon Web Services.
  3. We encrypt your data during transit between various communication channels such as the internet

Under such circumstances where the data of our users may need to be handled by a third-party provider, we will ensure we restrict the sharing of data to only that which is strictly necessary for the provision of the service and work with service providers who observe similar or stricter levels of user data privacy and related practices.

Location of user data

ChatSasa is a product of ICTLife which is a company incorporated and existing under the laws of Kenya. However we primarily engage Amazon web services Inc(AWS) as a hosting service provider, with the primary data processing and storage centres located within the European Economic Area(EEA). Your personal data stored with us may also be transferred to countries outside of the EU should we internally find the business need to change our cloud hosting providers, and only for purposes of providing the services required for the App to work. All such transfers of personal data will be made in accordance with applicable laws and we will do our best to maintain the privacy of all the data that we hold.

How we protect your data

Technological measures

Multi-Factor Authentication

We deploy two-factor authentication during the account set-up process to give you added security. We require QR Code login to protect your account information from the mobile to the web. This ensures that someone must have your phone and PIN number when logging into the web to view your transactions.

Encryption of your data in transit

We protect your data while in transit to our servers by deploying the same grade of encryption used by sensitive industries such as banking.

Encryption of your data in storage

We encrypt the data we need to store within our infrastructure to ensure that such data cannot be viewed in the unfortunate event that it ended up in the hands of rogue actors.

Secure software development

We emphasize information security in our software development process, including counter-checking of our code by several developers other than those who originally wrote the application.

Organizational measures

We believe in and uphold your right to get notified

We will notify you of changes and updates to our policies through our website and relevant channels (such as in-App notifications) for your feedback and response. Whenever we make such updates, we will be guided by the principle that users have a fundamental right to privacy and control of their data.

Access restriction

Access to our internal systems is restricted to authorized staff and on a legitimate need to know basis. We limit such access and it is only granted for the purpose of providing the relevant ICTLife (ChatSasa) services.

Strict internal protocols

We maintain strict internal information security procedures and controls to ensure your data remains safe and secure

Third party access agreements

We do not grant third party access to our systems, except for the purpose of providing the relevant ICTLife (ChatSasa) service or product. Any access we grant to third parties requires that they sign a data processing agreement which contains the relevant provisions to uphold our data security and privacy protocols.

Strict internal protocols

We maintain strict internal information security procedures and controls to ensure your data remains safe and secure

We comply with data privacy laws and regulations

We are based in Kenya, and we maintain compliance with the Kenya Data Privacy Act 2019 as closely as possible. We also remain committed to serving, with confidence, our clients who are based in jurisdictions that may have different or stricter compliance requirements, including the European GDPR and any other localised or regional laws. As an example, we do the following to ensure we put your privacy rights first:

The legal basis for processing your data

We process your personal information to operate, provide, and improve the services that we offer our users and customers. We may process your personal data in order to:

Allow you to use ICTLife (ChatSasa) services and to provide you with related services.

This may include further customization and/or personalization of your experience with our services on an on-going basis and also depending on your choices and interaction patterns as you use the services over time;

Provide, troubleshoot, develop and improve ICTLife (ChatSasa) Services.

We use your personal information to provide functionality, analyse performance, fix errors, and improve the usability and effectiveness of our services.

Communicate with you and meet your requests.

We use your personal information to communicate with you in relation to our services through different communication channels (e.g. by phone, email, sms, chat). Where such communication is channeled through a third party service provider, we will endeavor to work with providers who uphold data privacy regulations to best protect the privacy of your data.

Comply with the current laws and regulations and our Terms and Conditions of Service.

In certain cases, we have a legal obligation to collect and process your personal information. For instance, we collect from merchants information regarding their place of establishment and confirm receiving account and billing information for identity verification and possibly other purposes such as fraud prevention.

Fulfill other purposes, for which we seek your consent.

We may also seek your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing of your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing of your data for that purpose.

Your rights with respect to your data

You can choose not to provide certain information but then you might not be able to take advantage of many ICTLife (ChatSasa) Services where they require such unavailed information.

Access to your information

You can access your information including your name, address and profile information in the “Account settings” section, and relevant account transaction history in the “My account” section of the Service or application.

Amendment and update of your information

You can add or update certain information on the “My Account” and “Account settings” and/or related subsections of the Service or applications. When you update such information, we may keep a copy of the previous version for our records

Optional data processing

You can opt out of certain other types of data processing by updating your account settings on the applicable ChatSasa application.

For example, if you do not want to receive notifications, emails or other communications from us, please adjust your preferences under the account settings. If you do not want to receive in-app notifications from us, please adjust your notification settings within the application or on your device.

Please note that we may mark some options as required to meet and maintain the required minimum service level, such as important notifications.

Consent to data processing

When you consent to our processing of your personal information for a specified purpose, you may withdraw your consent at any time and we will stop any further processing of your data for that purpose.

Additionally, subject to applicable law, you have the right to:
Request for information we hold about you

You may request information about the purpose of the processing; the categories of personal data we process; what third parties may receive the data from us; what the source of the information was (if you didn’t provide it directly to us); and how long we may retain such information.

Access and update your information

We provide mechanisms within the service or platform to enable you to update and make corrections to your information as necessary. You may also contact us should you need to make amendments on your information where a provision for you to do this is not available or enabled on the platform.

Request for access & rectification of your information

Subject to certain exceptions, and as provided in the terms and conditions.

- We may stop processing your data upon your request, for example if such data was submitted to us through an act of impersonation or identity theft.

- In some cases, such as for statistical analyses purposes, we may anonymize the data that you instruct us to erase, such that it can no longer be used to personally identify you.

Request a copy of your personal information

Whenever technically feasible, we will — upon your request — provide your personal data to you or transmit it directly to another controller of your choice within 30 days.

If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided.

If for some reason your access to such information is denied, ChatSasa will provide an explanation as to why access has been denied.

Opt out of data processing

You can opt out of certain types of data processing by updating your preferences under the relevant settings on the service or platform.

For example, you may opt out of specific communication categories where applicable, such as only receiving specific newsletter categories.

Please note that we may require certain categories of data processing to remain enabled to maintain the minimum level of service for the platform, for example important communications about your account status cannot be disabled.

To exercise these rights, you can send us an email at the address noted in the Contact Information section below, attaching a copy of an identity document and the address to which our response should be sent.

Retention periods

We will retain your personal data, for as long as it is needed to fulfill the purposes specified in this Privacy Policy, as may be required by applicable law (such as for tax and accounting purposes), or as otherwise communicated to you.

When we no longer have ongoing legal, regulatory or legitimate business need to process your personal data, we will either delete or anonymize it as soon as technically feasible.

Data Deletion

A ChatSasa user can request for deleting of their data by sending us an email addressed to dpo-at-chatsasa.com

How to contact us

You can freely reach us to address any concerns/questions
For any queries related to our privacy policy, please send us an email addressed to dpo-at-chatsasa.com, or contact us by postal mail sent to the ChatSasa address:

  • The Data Protection Officer,
  • Ideas Come To Life Ltd,
  • Block A-7, Rehema Place, Junction of Ngong Rd and Ring Road Kilimani,
  • Nairobi, Kenya
  • P.O. BOX 13908-00800 Westlands, Nairobi, Kenya

Last Modified: 11th April, 2022
Effective: 1st May, 2022