Legal
Privacy Policy
Effective date: 1 July 2026 · Last updated: 29 June 2026
Complybase360 is committed to protecting your personal data in accordance with the Kenya Data Protection Act, 2019 and the regulations made thereunder. This policy explains what we collect, why, and your rights over that data.
1. Who We Are
Complybase Technologies Limited ("Complybase360", "we", "our", "us") is a company incorporated in Kenya, operating the compliance automation platform at complybase360.com. For data protection queries, contact our Data Protection Officer at privacy@complybase360.com.
2. Information We Collect
2.1 Information you give us
- Account information — name, business email address, company name, phone number, and password when you register.
- Business details — KRA PIN, business registration number, payroll data, and other compliance-related information you upload to the platform.
- Waitlist sign-ups — email address submitted through our early-access form.
- Communications — messages you send us via email or contact forms.
2.2 Information we collect automatically
- Usage data — pages visited, features used, session duration, and actions taken within the platform.
- Device and browser data — IP address, browser type, operating system, and referring URL.
- Cookies and similar technologies — see Section 7 for details.
2.3 Information from third parties
We may receive limited data from integration partners (e.g., KRA eTIMS, NSSF, NHIF APIs) strictly as required to provide the compliance service you have authorised.
3. How We Use Your Information
We use personal data only for the following lawful purposes under the Data Protection Act, 2019:
- Service delivery — to operate the platform, automate your compliance filings, and send you deadline reminders.
- Account management — to create and maintain your account, authenticate you, and respond to support requests.
- Communications — to send product updates, compliance alerts, and (where you have opted in) marketing materials. You may unsubscribe at any time.
- Security and fraud prevention — to detect, investigate, and prevent unauthorised access or abuse.
- Legal compliance — to meet our obligations under applicable Kenyan law, including the Data Protection Act, the Income Tax Act, the Employment Act, and any applicable sector regulations.
- Analytics and improvement — to understand how the platform is used and to improve features. Where possible, this is done on aggregated, anonymised data.
4. Data Sharing
We do not sell your personal data. We share it only in the following limited circumstances:
- Regulatory bodies — KRA, NSSF, NHIF, ODPC, and other government bodies, strictly as required to file returns or meet legal obligations on your behalf.
- Service providers — trusted sub-processors (hosting, email delivery, analytics) bound by data processing agreements and obligated to process data only on our instructions.
- Business transfers — if Complybase360 is acquired or merges, your data may be transferred to the successor entity, which will be bound by this policy.
- Legal requirements — when disclosure is required by law, court order, or to protect the rights, property, or safety of Complybase360, its users, or the public.
5. Data Storage and Transfers
Your data is stored on servers located within Africa or in jurisdictions that the Office of the Data Protection Commissioner (ODPC) recognises as providing adequate data protection. Where data is transferred outside Kenya, we rely on appropriate safeguards such as standard contractual clauses or binding corporate rules.
6. Data Retention
We retain your personal data for as long as your account is active, plus an additional period as required by law. For example, financial records are retained for at least seven (7) years in line with the Income Tax Act. When retention periods expire, data is securely deleted or anonymised.
If you close your account, we will delete or anonymise your personal data within 90 days, except where longer retention is legally required.
7. Cookies
We use the following types of cookies:
- Essential cookies — required for the platform to function. Cannot be disabled.
- Analytics cookies — help us understand how users interact with the site (e.g., page views, session length). These are anonymised where possible.
- Preference cookies — remember your settings (e.g., language, display preferences).
You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to use the platform.
8. Your Rights
Under the Kenya Data Protection Act, 2019, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — request deletion of your data where there is no lawful reason for us to continue processing it.
- Restriction — ask us to suspend processing of your data in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email privacy@complybase360.com. We will respond within 21 days. You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.
9. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include encryption in transit (TLS) and at rest, access controls, regular security reviews, and staff training. However, no system is completely secure, and we encourage you to use a strong, unique password and enable two-factor authentication once available.
10. Children's Privacy
Complybase360 is a business compliance platform intended for use by adults operating registered businesses. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of the platform after the effective date constitutes acceptance of the revised policy.
12. Contact Us
For any privacy-related questions or requests: