Privacy Policy

1. Data Controller

ShiduTek ("we", "us", "our") is the data controller responsible for your personal information. We are a technology company registered and operating in Nairobi, Kenya.

Contact: info@shidutek.com | Phone: +254 722 363 405

2. What Data We Collect

We may collect the following categories of personal data:

• Contact information: Name, email address, phone number, company name.
• Communication data: Messages you send via our contact form or email.
• Usage data: Pages visited, time on site, browser type, IP address, referrer URL.
• Technical data: Device type, operating system, approximate geolocation (country/city level).
• Cookies: Session identifiers and analytics cookies (see our Cookie Policy).

3. How We Use Your Data

We use your personal data to:

• Respond to enquiries and provide consultations you request.
• Deliver services we have agreed to provide.
• Improve our website and service offerings.
• Comply with legal obligations under Kenyan law.
• Send service-related communications (not marketing unless you opt in).

4. Legal Basis for Processing

We process your personal data under the following lawful bases as set out in Kenya's Data Protection Act 2019:

• Consent: Where you have given clear consent (e.g., submitting our contact form).
• Contract: Where processing is necessary to perform a contract with you.
• Legitimate interests: For website analytics and improving our services.
• Legal obligation: Where we are required to retain records by law.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share it with:

• Supabase: Our database and storage provider (EU-hosted infrastructure).
• Vercel: Our hosting provider (processing EU/US data centres).
• Google reCAPTCHA: Spam protection on our contact form.
• Analytics providers: Anonymised usage statistics only.

All third-party providers are bound by appropriate data processing agreements.

6. Data Retention

We retain personal data only as long as necessary for the purpose it was collected. Contact enquiries are retained for up to 2 years. Analytics data is retained for 12 months. You may request deletion at any time (see Section 7).

7. Your Rights Under the Data Protection Act 2019

You have the right to:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Request correction of inaccurate or incomplete data.
• Erasure — Request deletion of your personal data.
• Restriction — Request that we restrict processing in certain circumstances.
• Portability — Receive your data in a structured, machine-readable format.
• Object — Object to processing based on legitimate interests.
• Withdraw consent — Where processing is based on consent.

To exercise any of these rights, contact us at info@shidutek.com. We will respond within 21 days.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include encrypted connections (HTTPS), access controls, and regular security reviews.

9. International Transfers

Some of our service providers operate outside Kenya. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including contractual protections consistent with the Data Protection Act 2019.

10. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or contacting you directly. Continued use of our website after changes constitutes acceptance.

12. Contact Us

For any privacy-related queries or to exercise your rights, contact our data controller at: