Privacy Policy

Last updated: March 8, 2026

At DukaSale, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your information when you use the DukaSale mobile application ("App"). By using DukaSale, you agree to the practices described in this policy.

1. Information We Collect

Information You Provide

When you use DukaSale, you may enter the following types of information into the App:

  • Business information — business name, address, phone number, business type
  • Product data — product names, prices, stock quantities, categories
  • Sales records — transaction details, payment methods, amounts
  • Customer information — customer names and credit (deni) balances
  • Staff information — employee names, roles, and PINs
  • Financial data — expenses, revenue figures, profit calculations

This data is stored locally on your device. DukaSale is an offline-first application, which means your business data does not leave your phone during normal use.

Information Collected Automatically

We may collect limited technical information to improve the App, including:

  • Device type and operating system version
  • App version
  • Crash reports and error logs (anonymized)
  • General usage patterns (anonymized)

This technical data does not include your business data, customer information, or financial records.

2. How We Use Your Information

Local Data (On Your Device)

The business data you enter is used solely to provide the App's features to you:

  • Processing and recording sales
  • Managing inventory and stock levels
  • Tracking customer credit and payments
  • Generating business reports
  • Sending low stock notifications

We do not access, read, or process this data. It remains entirely on your device under your control.

Technical Data

Anonymized technical data may be used to:

  • Fix bugs and improve App stability
  • Understand which features are most used
  • Guide future development decisions

3. M-Pesa Integration

If you use the M-Pesa payment feature, the App communicates with Safaricom's M-Pesa API to process payment requests (STK push). During this process:

  • The customer's phone number and payment amount are sent to Safaricom to initiate the payment.
  • Payment confirmation details are received from Safaricom and stored locally on your device.
  • We do not store M-Pesa transaction data on our servers.

M-Pesa transactions are subject to Safaricom's privacy policy and terms of service.

4. Data Sharing

We do not sell, rent, or share your personal or business data with third parties. Your data may only be shared in the following circumstances:

  • With your consent — if you explicitly choose to share or export your data.
  • Legal requirements — if required by Kenyan law, court order, or government regulation.
  • Service providers — anonymized crash reports may be processed by third-party analytics services (such as Expo or Firebase) to help us improve the App.

5. Data Security

We take reasonable measures to protect your data:

  • Local storage — your business data is stored in a local database on your device, not on remote servers.
  • Staff PINs — access to the App can be restricted using PIN-based authentication.
  • No cloud dependency — because data is stored offline, it is not exposed to cloud-based security risks.

However, you are responsible for the physical security of your device. We recommend using a screen lock on your phone and keeping your staff PINs confidential.

6. Data Retention

Your data remains on your device for as long as you use the App. If you uninstall DukaSale, all locally stored data will be permanently deleted from your device. We recommend creating a backup before uninstalling.

We do not retain any of your business data on our servers, so there is nothing for us to delete on our end.

7. Your Rights

Under the Kenya Data Protection Act, 2019, you have the right to:

  • Access — all your data is on your device and accessible to you at any time through the App.
  • Correction — you can edit or update any information within the App.
  • Deletion — you can delete individual records within the App or uninstall the App to remove all data.
  • Portability — you can export your data through the App's backup feature.
  • Object — you can disable analytics or crash reporting through your device settings.

8. Children's Privacy

DukaSale is designed for business use and is not intended for children under 18. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of the App after any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us at: