Privacy Policy

Introduction

ChukaCribs ("we," "us," "our," or "Company") values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website https://www.chukacribs.co.ke and related services.

1. Information We Collect

Personal Information

• Name, email address, phone number
• University/student details (institution, ID, year of study)
• Residential address and housing preferences
• Payment information (processed securely via third-party providers)
• Government ID (for verification purposes)

Technical Information

• IP address and browser type
• Operating system and device information
• Pages visited and time spent on site
• Referral source

Usage Information

• Forms submitted (registration, booking, inquiries)
• Booking and reservation details
• Search queries and filters applied
• Messages and support tickets

Cookies and Tracking

We use cookies and similar technologies (pixels, web beacons) to:

• Maintain session information
• Improve website functionality
• Analyze traffic and user behavior
• Personalize user experience

2. Legal Basis for Processing

We process your information based on one or more of the following legal grounds:

Basis	Application
Your Consent	Marketing communications, optional cookies, user preferences
Contract Performance	Booking management, payment processing, service delivery
Legal Obligation	Compliance with tax laws, fraud prevention, court orders
Legitimate Interest	Website security, fraud detection, analytics, service improvement

3. How We Use Your Information

• Providing, maintaining, and improving our services (booking management, student housing platform)
• Sending transactional emails (confirmations, receipts, notifications, verification links)
• Responding to inquiries or support requests
• Sending marketing communications (only if you have opted in)
• Fraud prevention, security monitoring, and legal compliance
• Generating analytics and usage reports to optimize our services
• Verifying user identity and preventing unauthorized access

4. Information Sharing

We Do Not Sell or Trade Your Data

We may share information with:

Service Providers & Data Processors

All third parties have signed Data Processing Agreements (DPA):

• Sender.net – Email delivery and transactional communications
• [Payment Provider Name] – Payment processing (PCI DSS Level 1 certified)
• [Hosting Provider] – Server hosting and infrastructure
• Google Analytics – Website traffic analysis (anonymized data)

Legal & Business Scenarios

• Legal Authorities – If required by law, court order, or to protect our rights
• Business Transfers – In the event of merger, acquisition, bankruptcy, or asset sale
• ODPC & Regulators – When required by data protection authorities

5. Your Privacy Rights

Under Kenya's Data Protection Act, 2019, and applicable international regulations, you have the right to:

How to Exercise Your Rights

To exercise any of these rights:

• Email: privacy@chukacribs.co.ke
• Physical Address: ChukaCribs, Chuka, Kenya
• Response Time: We will respond within 30 days

6. Data Retention

We retain personal information only as long as necessary to provide services or comply with legal obligations:

Data Type	Retention Period	Reason
Account Profile	3 years after last login	Service provision & dispute resolution
Booking Records	7 years	Tax compliance, legal disputes
Payment History	7 years	Tax/accounting requirements
Marketing Preferences	12 months after opt-out	GDPR/CCPA compliance
Transaction Logs	2 years	Fraud investigation, security
Support Tickets	3 years	Service improvement, disputes
Technical Logs (IP, device)	90 days	Security monitoring, abuse prevention

7. Data Security

Technical Security

• Encryption in Transit: TLS 1.2+ for all data transmission
• Encryption at Rest: AES-256 encryption for sensitive data
• Authentication: Secure password hashing (bcrypt/Argon2)
• API Security: Rate limiting, CORS protection, SQL injection prevention
• Access Controls: Role-based access control (RBAC)

Organizational Security

• Staff Training: Regular data protection and security awareness training
• Background Checks: Screening of staff with data access
• Incident Response Plan: 72-hour breach notification protocol
• Regular Audits: Security assessments and penetration testing
• Vendor Management: Verification of third-party security compliance

Payment Data

• PCI DSS Compliance: Payment information processed by PCI DSS Level 1 certified providers
• No Card Storage: We do not store full credit/debit card details on our servers
• Tokenization: Cards are tokenized for secure recurring payments

8. Third-Party Links & Services

Our website may contain links to third-party websites and services. We are not responsible for:

• Privacy practices of third-party sites
• Content, accuracy, or security of external links
• Data collection by third-party services

Please review the privacy policies of external websites before providing information.

9. Cookies & Tracking Technologies

Types of Cookies We Use

Cookie Type	Purpose	Duration	Disable?
Session Cookies	Authentication & session management	Session	No (essential)
Preference Cookies	Remember user preferences	1 year	Yes
Analytics Cookies	Google Analytics tracking	2 years	Yes
Marketing Cookies	Retargeting & personalized ads	90 days	Yes

Managing Cookies

• Browser Settings: Disable cookies in your browser settings (some features may not work)
• Do Not Track (DNT): We honor browser DNT signals for non-essential tracking

10. Children's Privacy

ChukaCribs is designed for university students and adults (18 years and older). We do not knowingly collect personal information from individuals under 18.

• If you are under 18, parental or guardian consent is required
• If we discover data from a minor, we will promptly delete it
• Contact us at privacy@chukacribs.co.ke if you have concerns

11. Data Breach Notification

In the event of a data breach affecting your personal information:

1. We will investigate the breach within 24 hours
2. We will notify affected users within 72 hours via email, site notification, or SMS
3. We will report to ODPC if required by law
4. We will provide details of the breach and recommended actions

12. Contact & Privacy Requests

Privacy Officer

• Email: privacy@chukacribs.co.ke
• Mailing Address: ChukaCribs, Chuka, Kenya
• Response Time: 30 days maximum

Data Protection Complaints

If you believe your rights have been violated, you can lodge a complaint with:

13. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, new regulations, or technical advancements. The "Effective Date" and "Last Updated" date will indicate the most current version.

Continued use of our services after updates constitutes acceptance of the revised policy.

14. Summary of Your Privacy Rights

15. Questions?

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at privacy@chukacribs.co.ke.