HOME Contact sakamboka
LEGAL
PRIVACY POLICY
Effective: June 2026 · Last updated: May 2026
This Privacy Policy describes how SakaMboka collects, uses, and protects your personal data in accordance with the Kenya Data Protection Act, 2019 (DPA). By using the service, you acknowledge this policy.
01
Data Controller

The data controller for your personal data is SakaMboka, operated from Nairobi, Kenya. For data-related enquiries, contact our Data Protection Officer at [email protected].


02
Data We Collect

Account data: email address and hashed password on registration.

Profile & resume data: your resume text, work history, skills, education, and job preferences that you enter into the profile builder.

API keys: if you supply your own Gemini or Groq API keys, these are stored encrypted at rest using AES-256 (Fernet).

Job interaction data: jobs discovered on your behalf, fit scores, tailored resume files, and cover letter files associated with your account.

Payment data: your M-Pesa phone number, transaction reference, and payment status for credit purchases. We do not receive or store your M-Pesa PIN.

Contact form data: name, email, phone, and message if you contact us via the Get In Touch form.

Usage data: pipeline execution logs (last 500 lines, rolling) stored server-side for diagnostics.


03
How We Use Your Data

We do not use your resume or job data to train AI models. Data passed to third-party AI providers (Google Gemini, Groq) is used solely to fulfil your individual request and is subject to those providers' own data retention policies.


04
Legal Basis for Processing

Under the Kenya Data Protection Act, 2019, we process your data on the following bases:


05
Data Sharing

We do not sell your personal data. We share data only as follows:

We may disclose personal data if required to do so by law or in good faith to comply with legal obligations.


06
Data Retention

07
Your Rights (Kenya DPA 2019)

Under the Kenya Data Protection Act, 2019, you have the following rights:

To exercise any of the above rights, email [email protected]. We will respond within 21 days as required by the DPA.


08
Security

We implement the following technical measures to protect your data:

No system is completely secure. If you discover a security vulnerability, please disclose it responsibly to [email protected].


09
Cookies

We use a single session cookie to maintain your logged-in state. This cookie is strictly necessary for the service to function and does not track you across other websites. We do not use advertising or analytics cookies.


10
Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before material changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.


11
Contact & Complaints

For any privacy-related questions or to exercise your data rights, contact us at [email protected] or via our contact form.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya at odpc.go.ke.