Privacy Policy

FlexiCommerce Kenya ("FlexiCommerce", "we", "us"), operated by Ujjwal Technolabs, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ke.flexicommerce.store or use our SaaS ecommerce platform.

This policy is compliant with the Kenya Data Protection Regulation (Kenya Data Protection Act) and enforced by the Office of the Data Protection Commissioner (Office of the Data Protection Commissioner) of Kenya.

By using our services, you consent to the data practices described in this policy.

We use collected information to:

• Provide and maintain our SaaS platform, including deploying your store, managing hosting, and delivering updates.
• Process payments for plan purchases and monthly hosting fees via M-Pesa & Pesapal.
• Communicate with you about your account, service updates, maintenance schedules, and support queries.
• Improve our platform by analyzing usage patterns, identifying bugs, and enhancing features.
• Ensure security by detecting fraud, unauthorized access, and platform abuse.
• Legal compliance to meet obligations under the Kenya Data Protection Regulation (Kenya Data Protection Act), Kenya Information and Communications Act, and applicable Indian law, including VAT and data protection compliance.
• Send updates about new features, platform improvements, and relevant offers (you can opt out anytime).

We do not sell your personal data to any third party. We may share information only in these cases:

• Service Providers — M-Pesa (payments), local couriers (shipping), cloud hosting providers, and CDN services necessary to operate your store.
• Legal Requirements — When required by applicable law, court order, or government authority in India or Kenya, including the Office of the Data Protection Commissioner (Office of the Data Protection Commissioner).
• Business Transfers — In the event of a merger, acquisition, or asset sale, user data may be transferred with prior notice.
• With Your Consent — When you explicitly authorize sharing for specific purposes.

We implement industry-standard security measures to protect your data:

• SSL/TLS Encryption — All data transmitted between your browser and our servers is encrypted.
• Managed Cloud Hosting — Servers with firewalls, intrusion detection, and regular security patches.
• Daily Backups — Automated daily backups with secure off-site storage.
• Cloudflare CDN & DDoS Protection — Protection against distributed denial-of-service attacks.
• Access Control — Role-based access controls on admin dashboard and internal systems.
• Payment Security — All payment processing handled by PCI-DSS compliant M-Pesa. We never store card details.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

• Active accounts — Data is retained for as long as your account is active and hosting is paid.
• Inactive accounts — If hosting fees are unpaid, data is retained for 30 days after suspension. After 30 days, data is permanently deleted.
• Transaction records — Payment records are retained for 7 years as required by applicable tax laws.
• Analytics data — Aggregated, anonymized analytics data may be retained indefinitely for platform improvement.
• Communication records — Support conversations and emails are retained for 2 years.

We use cookies and similar technologies for:

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

Under the Kenya Data Protection Regulation (Kenya Data Protection Act) and regulations enforced by the Office of the Data Protection Commissioner (Office of the Data Protection Commissioner), you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete data.
• Data Export — Export your business data (products, orders, customers) from the admin dashboard.
• Deletion — Request deletion of your personal data (subject to legal retention requirements).
• Opt-out — Unsubscribe from marketing communications at any time.
• Withdraw Consent — Withdraw consent for data processing where consent is the legal basis.
• File a Complaint — You may file a complaint with the Office of the Data Protection Commissioner (Office of the Data Protection Commissioner) if you believe your data privacy rights have been violated.

To exercise any of these rights, contact us via WhatsApp or email. We will respond within 30 days.

Our platform may contain links to or integrate with third-party services (M-Pesa, local couriers, Google, etc.). We are not responsible for the privacy practices of these third parties. We encourage you to review their respective privacy policies.

FlexiCommerce is a business-to-business (B2B) SaaS platform intended for use by businesses and individuals aged 18 and above. We do not knowingly collect personal data from children under 18. If we discover such data has been collected, we will delete it immediately.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of the platform after changes constitutes acceptance.

For privacy-related questions or data requests:

Data Controller: Ujjwal Technolabs, Indore, Madhya Pradesh, India