Home Privacy Policy
Legal

Privacy Policy

Last updated: March 1, 2026  ·  Effective immediately

Overview

Krestworks Solutions ("Krestworks", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://krestworks.com, use our products, or engage our services.

Please read this policy carefully. If you disagree with any part, please discontinue use of our services. By using our website or services, you consent to the practices described here.

Scope: This policy applies to all Krestworks digital properties, products (SaaS systems), and professional services. It also applies to data collected through our contact forms, demo requests, newsletter, community platform, and client portal.

Information We Collect

Information You Provide Directly

  • Contact Information: Name, email address, phone number, company name — collected when you fill in contact, demo, or consultation forms.
  • Account Data: Email address and password (hashed) when you register for our client portal or community platform.
  • Payment Information: Handled directly by our payment processors (M-PESA, Stripe). We do not store payment card numbers on our servers.
  • Communications: Messages, enquiries, and support tickets submitted through our website or email.
  • Community Content: Posts, replies, and interactions on our community platform — associated with your registered account.

Information Collected Automatically

  • Usage Data: Pages visited, time spent, clicks, referral source, browser type, and device information — collected via server logs and analytics.
  • IP Address: Used for rate limiting, security monitoring, and approximate geographic location (country/city level).
  • Cookies: See the Cookies section below for details.
  • AI Tool Interactions: Input prompts and output results from our AI Hub tools, associated with your account or IP address. These may be used to improve tool quality.

How We Use Your Data

We use the information we collect to:

  • Respond to your enquiries, demo requests, and consultation bookings
  • Provide, maintain, and improve our software products and services
  • Process subscription payments and manage licence agreements
  • Send transactional communications (booking confirmations, support updates, system notifications)
  • Send marketing communications — only where you have given consent, and with easy opt-out
  • Analyse usage patterns to improve website experience and AI tool quality
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations under Kenyan law

We do not use your personal data to make automated decisions that significantly affect you without human oversight.

Data Sharing

We do not sell your personal data. We share it only in the following limited circumstances:

  • Service Providers: Trusted third parties who assist in operating our services — email delivery (SendGrid/Mailgun), payment processing (Stripe, M-PESA), cloud hosting, and analytics. These are bound by data processing agreements.
  • AI API Providers: When you use AI Hub tools, your input is processed by Anthropic's Claude API. Anthropic's own privacy policy governs that processing.
  • Legal Requirements: If required by Kenyan law, court order, or regulatory authority.
  • Business Transfers: In the event of a merger or acquisition, your data would transfer to the successor entity with equivalent protections.

Data Storage & Security

Your data is stored on servers hosted in data centres with industry-standard physical and logical security controls. We implement the following technical measures:

  • HTTPS encryption for all data in transit
  • Bcrypt password hashing — passwords are never stored in plain text
  • Database access restricted to authenticated application connections only
  • Regular security audits and vulnerability assessments
  • Daily automated backups with 30-day retention
  • Role-based access control limiting staff data access to what is necessary

Despite these measures, no system is 100% secure. In the event of a data breach affecting your personal data, we will notify you in accordance with the Kenya Data Protection Act 2019 requirements.

Your Rights

Under the Kenya Data Protection Act 2019, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal retention obligations)
  • Objection: Object to processing of your data for marketing purposes
  • Portability: Request your data in a structured, machine-readable format
  • Withdrawal of Consent: Withdraw consent for processing at any time

To exercise any of these rights, email us at info@krestworks.com with the subject "Data Rights Request". We will respond within 30 days.

Cookies

We use cookies and similar tracking technologies to improve your experience on our website.

Essential Cookies
Required for core functionality — session management, CSRF protection, login state. Cannot be disabled.
Always active
Preference Cookies
Remember your theme choice (light/dark) and display preferences.
Stored in localStorage
Analytics Cookies
Aggregate, anonymised usage data — pages visited, session duration. No personally identifiable information is transmitted.
Opt-out available

You can control cookies through your browser settings. Note that disabling essential cookies will affect website functionality.

Third-Party Services

Our website and products integrate with the following third-party services, each governed by their own privacy policies:

  • Anthropic Claude API — powers our Krest AI Assistant and AI Hub tools
  • Safaricom M-PESA — payment processing for Kenyan customers
  • Stripe — card payment processing for international customers
  • SendGrid / Mailgun — transactional email delivery
  • Google Maps — location embed on our Contact page

We encourage you to review the privacy policies of these services when they are relevant to your interaction with Krestworks.

Children's Privacy

Our services are designed for business use by adults (18+). We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a minor without parental consent, we will delete it promptly. Contact us at info@krestworks.com if you believe we have collected a child's data.

Note: Our eLearning Management System is designed for institutions to manage student data. Any student data processed through that system is governed by the institution's own data policies, and the institution is the data controller.

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, products, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify registered users by email if the change is significant
  • Display a notice on our website for 30 days after a significant update

Continued use of our services after an update constitutes acceptance of the revised policy.

Contact Us

For privacy-related enquiries, data rights requests, or complaints:

Address
Nairobi, Kenya

We aim to respond to all privacy enquiries within 5 business days.