Privacy Policy

1. Introduction

Welcome to Imara Logic ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business messaging and commerce platform, including our integration with WhatsApp Business API, Facebook Messenger, Instagram, and related services.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Name, email address, phone number, company name, business details
• Authentication Data: Passwords (encrypted), authentication tokens
• Business Configuration: WhatsApp Business API credentials, Facebook Page access tokens, Instagram account links
• Customer Data: Contact information of your customers (phone numbers, names, email addresses) that you collect through our platform
• Message Content: Messages sent and received through WhatsApp, Messenger, and Instagram via our platform
• Product Information: Product catalogs, prices, inventory data, images
• Payment Information: Billing details (processed securely via third-party payment providers like M-Pesa and Paystack)
• Support Communications: Information you provide when contacting customer support

2.2 Information Collected Automatically

• Usage Data: Log data, IP addresses, browser type, device information, pages visited
• Analytics: Interaction patterns, feature usage, performance metrics
• Cookies: Session cookies, preference cookies, analytics cookies

2.3 Information from Meta Platforms

When you connect your Facebook, WhatsApp Business, or Instagram accounts, we receive:

• Page and account information
• Message content sent/received through these platforms
• Business catalog data
• Analytics and performance metrics

3. How We Use Your Information

We use the information we collect to:

• Provide Services: Deliver and maintain our business messaging platform
• Process Transactions: Handle payments, orders, and related notifications
• Communication: Send service updates, technical notices, security alerts
• Customer Support: Respond to inquiries and resolve issues
• Personalization: Customize your experience and improve our services
• Analytics: Understand usage patterns to enhance platform performance
• Security: Detect, prevent, and address fraud and security issues
• Compliance: Meet legal obligations and enforce our terms
• AI Training: Improve chatbot responses using anonymized conversation data (only with your explicit consent)

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

4.1 Service Providers

• Meta Platforms: For WhatsApp, Messenger, and Instagram messaging services
• Payment Processors: M-Pesa, Paystack for transaction processing
• Cloud Infrastructure: Railway for hosting and database services
• Authentication: Clerk for secure user authentication
• Analytics: Sentry for error monitoring

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Imara Logic, our users, or others.

4.3 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access, multi-factor authentication, regular audits
• Infrastructure Security: Secure data centers with physical and network security
• Monitoring: 24/7 security monitoring and incident response
• Regular Audits: Security assessments and penetration testing
• Employee Training: Security awareness and data protection training

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (tax records, etc.)
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

Default Retention: Account data is retained for 365 days after account closure. Message history is retained for 90 days unless deleted earlier.

You can request deletion of your data at any time. See our Data Deletion Instructions.

7. Your Rights and Choices

Under the Kenya Data Protection Act 2019, GDPR (for EU users), and other applicable laws, you have the following rights:

To exercise these rights, contact us at privacy@imaralogic.co.ke

8. International Data Transfers

Your information may be transferred to and processed in countries other than Kenya, including the United States and European Union, where data protection laws may differ. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements with service providers
• Compliance with applicable data protection frameworks

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you an email notification for material changes

We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

12. Regulatory Information

Office of the Data Protection Commissioner (Kenya): www.odpc.go.ke

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Office of the Data Protection Commissioner in Kenya.