Last updated: 8 July 2026

SoftKeja Privacy Policy & Data Consent Statement

This Privacy Policy explains how SoftKeja collects, uses, shares, and protects the personal data of tenants, landlords, movers, and visitors who use our platform, in compliance with the Data Protection Act, No. 24 of 2019 ("DPA") and its accompanying regulations, enforced by the Office of the Data Protection Commissioner (ODPC), Kenya.

By creating an account, listing a property, booking a home, or using any SoftKeja service, you consent to the practices described in this Policy.

1. Who We Are

SoftKeja is a platform that connects tenants, landlords, and movers, operating [registered business name, e.g. "SoftKeja Limited"], a company registered in Kenya under [registration number, if applicable], with its principal place of business at [physical/registered address].

We are the data controller for personal data collected through our website and app. Where we use third-party processors (e.g. payment gateways, KYC verification providers), we remain accountable for how your data is handled.

Data Protection Officer / Privacy contact: [Name / role] Email: softkeja@gmail.com Phone: [phone number]

2. What Personal Data We Collect

We collect different categories of data depending on whether you use SoftKeja as a tenant, landlord, or mover.

2.1 All users

  • Full name
  • Phone number
  • Email address
  • Password (encrypted/hashed)
  • Device and usage data (IP address, browser type, app version, pages viewed, search filters used)
  • Location data (area/neighbourhood searches, and, where enabled, precise device location to show nearby listings or movers)

2.2 Tenants

  • Search preferences and shortlisted listings
  • Booking history and M-Pesa transaction reference numbers for booking fees paid (we do not collect or store your M-Pesa PIN or full financial account details — these are processed directly by Safaricom/M-Pesa)
  • Ratings and reviews you leave for landlords or movers
  • Communications with landlords or movers made through the platform

2.3 Landlords

  • KYC / identity verification data: National ID number, ID document images, and a selfie/photo for identity matching, used to verify you before your listing goes live
  • Property details, ownership or authority-to-let information
  • Listing content: photos, video tours, property address, pricing, amenities
  • Payout details for receiving booking-related payments (e.g. M-Pesa number)
  • Ratings and reviews received from tenants

2.4 Movers

  • Business/individual identification details
  • Service area, vehicle, and pricing information
  • Ratings and reviews received from tenants
  • Booking and job history on the platform

2.5 Sensitive personal data

Some of the data above, particularly national ID numbers, ID document images, and biometric-style verification data (e.g. selfie-to-ID matching), is classified as sensitive personal data under the DPA. We only collect this where strictly necessary and only with your explicit consent, obtained separately from other terms, as described in Section 9.

3. Why We Collect This Data (Purpose of Processing)

We use your personal data to:

  • Verify landlord identity and reduce fake listings and rental scams
  • Create and manage your account
  • Match tenants with relevant listings and movers
  • Process M-Pesa booking fees and release contact details once payment clears
  • Enable communication between tenants, landlords, and movers
  • Detect and prevent fraud, scam listings, and misuse of the platform
  • Send booking confirmations, service updates, and support communications
  • Improve our platform through aggregated, non-identifying usage analysis
  • Comply with legal obligations, including responding to lawful requests from the ODPC or law enforcement

We do not sell your personal data to third parties, and we do not use your sensitive KYC data for advertising or marketing purposes.

4. Legal Basis for Processing

We process your data on the following legal bases under the DPA:

  • Consent — for KYC verification, location tracking, and marketing communications
  • Performance of a contract — to provide the core service you sign up for (matching, bookings, payments)
  • Legitimate interest — for fraud prevention, platform security, and service improvement, balanced against your rights
  • Legal obligation — where we must retain or disclose data to comply with Kenyan law

5. How We Share Your Data

We share personal data only where necessary, with:

  • Landlords and tenants, with each other — but only after a booking fee clears, contact details (phone number) are released. Full details are never visible to unverified or non-paying users.
  • Movers, when you request a mover match — limited to the information needed to arrange the move.
  • Payment processors (e.g. Safaricom M-Pesa, or a licensed payment gateway) — to process booking fees. We do not receive or store your M-Pesa PIN.
  • KYC/identity verification providers, if we use a third-party service to validate landlord ID documents.
  • Cloud hosting and infrastructure providers, for storing and running the platform.
  • Regulators and law enforcement, where required by Kenyan law, court order, or to protect the rights, safety, or property of SoftKeja or its users.
  • Professional advisors (legal, audit), under confidentiality obligations, where necessary.

Every third party we share data with is required to protect it to a standard consistent with the DPA, through data processing agreements.

6. Where Your Data Is Stored

In line with the DPA's data localisation requirement, SoftKeja maintains at least one serving copy of personal data on a server or data centre located in Kenya.

Some services we use (e.g. hosting infrastructure) may process or back up data outside Kenya. Where this happens, we only transfer data internationally where:

  • Appropriate safeguards have been put in place and, where required, demonstrated to the Data Commissioner; or
  • You have given explicit, informed consent to the transfer; or
  • The transfer is necessary to perform our contract with you (e.g. hosting our app).

We do not transfer sensitive personal data (such as KYC/ID data) outside Kenya except where one of the above conditions is clearly met.

7. Data Security

We apply technical and organisational safeguards appropriate to the sensitivity of the data, including:

  • Encryption of data in transit (HTTPS/TLS) and, for sensitive fields, at rest
  • Access controls limiting who at SoftKeja can view ID/KYC data, restricted to staff who need it for verification
  • Secure authentication for user accounts
  • Regular review of third-party processors' security practices

No system is 100% secure, but we continuously work to protect your information against unauthorised access, loss, or misuse.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

  • Account data: retained while your account is active, and for [X months/years] after closure for legal/dispute purposes
  • KYC/ID verification data: retained for as long as required to keep a landlord's listing verified, and for [X months] after listing removal, in case of disputes or fraud investigation
  • Transaction records: retained per applicable financial/tax record-keeping requirements
  • Marketing consent data: retained until you withdraw consent

After these periods, data is securely deleted or anonymised.

9. Your Consent — What You're Agreeing To

Because SoftKeja processes sensitive personal data, we ask for your explicit, separate consent at the relevant point in the sign-up or verification flow. This consent is:

  • Freely given — you are not forced to agree as a condition of unrelated services
  • Specific — tied to a clearly stated purpose (e.g. "verify my identity as a landlord")
  • Informed — you're told what data is collected and why, before you agree
  • Revocable — you can withdraw it at any time (see Section 10), as easily as you gave it

10. Your Rights as a Data Subject

Under the DPA, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or outdated data
  • Delete your data, subject to legal/retention exceptions
  • Restrict or object to certain processing (e.g. opt out of location tracking or marketing)
  • Data portability — receive your data in a portable format
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, contact us at softkeja@gmail.com. We will respond within the timeframes required by the DPA.

You can also reach the ODPC directly: Office of the Data Protection Commissioner, Britam Towers, Hospital Road, Upperhill, Nairobi, Kenya.

11. Cookies and Tracking

SoftKeja's website and app may use cookies or similar technologies to keep you logged in, remember your search preferences, and understand platform usage. You can manage cookie preferences through your browser or device settings.

12. Children's Data

SoftKeja is not intended for use by individuals under 18. We do not knowingly collect personal data from minors. If we learn a minor has provided data to us, we will delete it promptly.

13. Data Breach Notification

In the event of a data breach likely to result in risk to your rights and freedoms, we will notify the ODPC and affected users without undue delay, in line with DPA requirements, and will describe the nature of the breach and steps being taken to address it.

14. Changes to This Policy

We may update this Policy as our services or legal obligations change. We will notify you of material changes via the app/website or email, and update the "Last updated" date above. Continued use of SoftKeja after changes take effect constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions about this Policy or how your data is handled:

SoftKeja Email: softkeja@gmail.com Phone: [phone number] Address: [registered address]