Get In Touch
support@faidia.com
Ph: +254.116.250.250
Back

FAIDIA · Legal Documents
Privacy Policy & Cookie Policy
📅 Effective Date: [INSERT DATE]
🔄 Last Updated: [INSERT DATE]
🇰🇪 Governed by Kenya Data Protection Act 2019

Table of Contents
  1. Introduction
  2. Who We Are
  3. Information We Collect
  4. How We Use Your Information
  5. How We Share Your Information
  6. Data Retention
  7. Your Data Rights
  8. Data Security
  9. Children’s Privacy
  10. International Data Transfers
  11. WhatsApp & Third-Party Platforms
  12. What Are Cookies?
  13. Types of Cookies We Use
  14. Third-Party Cookies
  15. Managing Your Cookie Preferences
  16. Do Not Track
  17. Changes to This Policy
  18. Complaints
  19. Contact Us

Part 1 — Privacy Policy

1 Introduction

Welcome to FAIDIA. We are a financial technology platform designed to empower small and medium-sized enterprises (SMEs) across Kenya and East Africa. FAIDIA provides business owners with tools for daily sales tracking, supplier invoice management, working capital financing, supplier credit (Buy Now, Pay Later), payment processing, and business analytics — primarily delivered through our WhatsApp-based interface and web platform.

This Privacy Policy explains how FAIDIA collects, uses, stores, shares, and protects your personal information and business data when you use our services. This Cookie Policy explains how we use cookies and similar tracking technologies on our website and platforms.

By using FAIDIA’s services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services immediately.

Governing Law

This policy is governed by the Kenya Data Protection Act, 2019 (DPA 2019), the Kenya Data Protection Regulations 2021, Communications Authority of Kenya regulations, and applicable Central Bank of Kenya (CBK) guidelines for digital financial services.

2 Who We Are

FAIDIA is the data controller responsible for your personal data.

Company Name
FAIDIA
Registered Address
75089-00200, Jamhuri Estate, Nairobi, Kenya
Contact Email
privacy@faidia.com
Phone
254-116-250-250
Data Protection Officer
[INSERT NAME] — dpo@faidia.com

Where FAIDIA processes personal data on behalf of third parties (e.g., partner lenders or distributors), we act as a data processor in accordance with written data processing agreements.

3 Information We Collect

We collect several categories of information in order to provide and improve our services:

3.1 Information You Provide Directly

  • Full name, business name, and business address
  • Phone number (used as your primary identifier on WhatsApp)
  • M-Pesa phone number and Lipa Na M-Pesa business number
  • National Identity (ID) number or Passport number (for identity verification and credit assessment)
  • Photos of supplier invoices, shop fronts, stock shelves, and other business verification images
  • Daily sales figures reported via WhatsApp (cash and M-Pesa totals)
  • Supplier details including supplier names, phone numbers, and business numbers
  • Purchase records, stock counts, and inventory information
  • Loan applications and supporting financial information
  • Bank account details (where linked voluntarily)
  • Any communications you have with FAIDIA through WhatsApp, email, or phone

3.2 Information Collected Automatically

  • M-Pesa transaction data (with your authorisation via M-Pesa API integration) — including transaction amounts, timestamps, and customer phone number patterns
  • Device identifiers and IP addresses when accessing our web platform
  • GPS coordinates embedded in photos submitted for verification purposes
  • WhatsApp message metadata (timestamps, read receipts)
  • Usage data and interaction patterns within our platform

3.3 Information Collected from Third Parties

  • M-Pesa transaction history obtained from Safaricom via API integration (with your explicit consent)
  • Supplier verification confirmations from supplier contacts you provide
  • Credit reference bureau (CRB) data from Metropol, TransUnion Kenya, or Creditinfo for credit assessment purposes
  • Field agent verification data (photographs, GPS coordinates, physical visit notes) for loans above KES 100,000
  • Referral information when you are referred by another FAIDIA user or distributor partner

4 How We Use Your Information

We use your information for the following purposes, each supported by a lawful basis under the Kenya Data Protection Act 2019:

4.1 Service Delivery (Contract Performance)

  • Processing daily sales close-outs and generating financial summaries
  • Tracking supplier invoices and purchase history
  • Managing inventory data and providing stock insights
  • Processing payments and reconciling transactions through M-Pesa
  • Operating the working capital lending product (including disbursement and repayment collection)
  • Facilitating supplier credit (Buy Now, Pay Later) arrangements
  • Delivering business analytics, trend insights, and financial reports

4.2 Credit Assessment & Fraud Prevention (Legitimate Interests)

  • Building and maintaining a credit scoring model using verified business data
  • Assessing your eligibility for loans and credit limits across our lending tiers
  • Detecting fraud signals such as sudden unexplained sales spikes, mismatched M-Pesa ratios, or irregular purchase patterns
  • Cross-referencing supplier confirmation data to validate invoice authenticity
  • Conducting physical or digital verification for larger loan applications
  • Reporting confirmed defaults to Credit Reference Bureaus (Metropol, TransUnion Kenya, Creditinfo) as permitted by law

4.3 Compliance & Regulatory Obligations (Legal Obligation)

  • Verifying your identity in compliance with Kenya’s Anti-Money Laundering (AML) requirements
  • Maintaining records as required by the Central Bank of Kenya (CBK) for licensed financial services
  • Reporting to regulatory bodies where required by law
  • Complying with court orders, subpoenas, or other legal processes

4.4 Business Improvement & Analytics (Legitimate Interests)

  • Improving our fraud detection algorithms and credit scoring models
  • Developing new features based on aggregated, anonymised usage patterns
  • Training internal staff and systems on service delivery quality

4.5 Marketing & Communications (Consent)

  • Sending you information about new FAIDIA features, products, or promotions — only where you have consented
  • Informing you of relevant supplier deals or marketplace opportunities
  • You may withdraw consent for marketing at any time by messaging STOP to our WhatsApp number or emailing privacy@faidia.co.ke

5 How We Share Your Information

📌 FAIDIA does not sell your personal data. We share data only in the circumstances described below.

5.1 Service Partners

  • M-Pesa / Safaricom: We exchange transaction data via the M-Pesa API to verify sales and process repayments. Safaricom’s own privacy policy applies to their systems.
  • Partner Lenders: Where FAIDIA facilitates loans through a licensed partner institution, your credit data and business profile will be shared with that lender under a written data processing agreement.
  • Insurance Partners: If you opt into stock insurance products, relevant business data (inventory value, transaction history) will be shared with the underwriting insurer.
  • Accountants & Tax Partners: If you request tax filing assistance, summarised financial data is shared with the partnering accounting firm with your explicit consent.

5.2 Distributor Partners

If you were onboarded through a FAIDIA distributor partner, that distributor may have access to your onboarding status, platform activity metrics, and subscription status as part of their contractual relationship with FAIDIA. They do not have access to your individual transaction data or loan information without your consent.

5.3 Credit Reference Bureaus

In the event of a confirmed loan default that remains unpaid after all recovery efforts, FAIDIA may report your name, identification details, and outstanding debt amount to Metropol, TransUnion Kenya, or Creditinfo, as permitted under Kenyan law. You will be given prior written notice before any such report is made.

5.4 Legal & Regulatory Disclosure

We may disclose your data to law enforcement authorities, courts, or regulators where we are legally required to do so, or where we believe in good faith that disclosure is necessary to prevent fraud, protect our rights, or protect the safety of users or third parties.

5.5 Corporate Transactions

If FAIDIA undergoes a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. You will be notified of any such transfer and given the opportunity to request deletion of your data before the transfer is completed, where legally permissible.

6 Data Retention

We retain your data for the periods set out below, after which it is securely deleted or anonymised:

Data Category Retention Period Reason
Active account data Duration of active use Service delivery
Transaction & financial records 7 years from transaction date KRA & CBK compliance
Loan records & credit data 7 years from loan closure Financial regulation
Identity verification documents 7 years from account closure AML legislation
Confirmed fraud investigation records Up to 10 years Legal proceedings
Marketing consent records Until consent is withdrawn DPA 2019 compliance
Anonymised analytics data Indefinitely Platform improvement

After the applicable retention period, your data will be securely destroyed. Where we are unable to immediately delete data due to legal, regulatory, or technical constraints, we will isolate and protect it until deletion is possible.

7 Your Data Rights

Under the Kenya Data Protection Act 2019, you have the following rights in relation to your personal data:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data, subject to overriding legal obligations.

Right to Object

Object to processing based on legitimate interests, including credit profiling.

Right to Portability

Request your data in a structured, machine-readable format.

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

Right to Withdraw Consent

Withdraw consent at any time without affecting prior lawful processing.

Right to Complain

Lodge a complaint with the ODPC at www.odpc.go.ke at any time.

How to Exercise Your Rights

Contact us at privacy@faidia.co.ke or message us on WhatsApp. We will respond within 21 days as required by the DPA 2019. We may need to verify your identity before processing certain requests.

8 Data Security

FAIDIA takes the security of your data seriously. We have implemented the following technical and organisational security measures:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of sensitive data at rest in our databases
  • Role-based access controls — only authorised staff access personal data on a need-to-know basis
  • Multi-factor authentication for all internal systems holding personal data
  • Regular security audits and penetration testing
  • WhatsApp Business API communications secured by end-to-end encryption provided by WhatsApp
  • Secure cloud storage for invoice images and verification photographs, with access logging
  • Automated fraud detection systems that flag unusual account activity

⚠ Despite our best efforts, no system is completely secure. In the event of a data breach likely to result in risk to your rights and freedoms, we will notify the Office of the Data Protection Commissioner within 72 hours and inform affected users without undue delay, as required by the DPA 2019.

9 Children’s Privacy

FAIDIA’s services are intended solely for business owners and individuals who are at least 18 years of age. We do not knowingly collect personal data from persons under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor has submitted data to FAIDIA, please contact us at privacy@faidia.co.ke.

10 International Data Transfers

FAIDIA primarily stores and processes data within Kenya. Where we use third-party technology providers (such as cloud infrastructure providers) that may process data outside Kenya, we ensure that such transfers comply with Section 49 of the Kenya Data Protection Act 2019. This includes ensuring adequate protections are in place through contractual clauses, adequacy decisions, or other appropriate safeguards.

11 WhatsApp & Third-Party Platforms

  • WhatsApp’s own Terms of Service and Privacy Policy govern your use of the WhatsApp platform itself. FAIDIA is not responsible for WhatsApp’s data practices.
  • We access only the data you share with us through our WhatsApp business number. We do not access your personal WhatsApp conversations with others.
  • WhatsApp messages to our bot are processed and stored on our secure servers for the purposes set out in this policy.
  • We use the official WhatsApp Business API and comply with Meta’s WhatsApp Business Policy.

Part 2 — Cookie Policy

12 What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, or smartphone) when you visit a website. They are widely used to make websites work efficiently, improve user experience, and provide information to website owners. Similar technologies include web beacons, pixel tags, local storage, and session storage.

Important Note

This Cookie Policy applies to the FAIDIA website (www.faidia.co.ke) and any other web-based interfaces we operate. Our WhatsApp-based service does not use cookies — cookies only apply when you access FAIDIA through a web browser.

13 Types of Cookies We Use

Strictly Necessary Cookies
Always Active

These cookies are essential for the website to function and cannot be disabled. They are set in response to actions you take such as logging in, filling in forms, or setting your privacy preferences. They do not store any personally identifiable information beyond what is strictly necessary.

  • Session management cookies (keeping you logged in)
  • Security cookies (CSRF protection and fraud prevention)
  • Load balancing cookies

Legal Basis: Contract Performance — no consent required

Functional Cookies
Optional

These cookies enable enhanced functionality and personalisation, such as remembering your language preference or last visited page. They may be set by us or by third-party providers whose services we have added to our pages.

  • Language preference cookies
  • Interface personalisation cookies (dashboard layout preferences)

Legal Basis: Legitimate Interests — disabling may affect some features

Analytical / Performance Cookies
Optional

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use these in aggregate form only — they do not track you individually.

  • Page visit frequency and bounce rate tracking
  • Error reporting and performance monitoring
  • User journey analytics (to understand how users navigate our platform)

We may use Google Analytics. You can opt out via the Google Analytics Opt-out Browser Add-on.

Legal Basis: Consent — you will be asked via our cookie banner

Marketing & Targeting Cookies
Not Currently Used

At present, FAIDIA does not use marketing cookies on our website. If we introduce these in the future, we will update this policy and seek your explicit consent before placing any such cookies.

Legal Basis: Consent (required before introduction)

14 Third-Party Cookies

Some cookies on our site are placed by third parties. These may include:

  • Google Analytics — analytics and performance measurement
  • Cloudflare — security, DDoS protection, and performance
  • WhatsApp / Meta — if WhatsApp chat widgets are embedded on the site

We do not control third-party cookies. Please refer to the respective third-party privacy policies for information on how they use cookies. We list all active third-party cookies in our Cookie Consent Manager on our website.

15 Managing Your Cookie Preferences

15.1 Cookie Consent Banner

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You may change your preferences at any time by clicking the “Cookie Settings” link in the footer of our website.

15.2 Browser Settings

Most browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or notify you when a cookie is being sent. However, some features may not function properly if you disable cookies.

  • Google Chrome: chrome://settings/cookies
  • Mozilla Firefox: about:preferences#privacy
  • Safari: Preferences > Privacy
  • Microsoft Edge: edge://settings/content/cookies

15.3 Opt-Out Tools

16 Do Not Track

Some browsers include a ‘Do Not Track’ (DNT) feature that signals to websites that you do not want your online activity tracked. Because there is not yet a common understanding of how to interpret DNT signals, FAIDIA does not currently respond to browser DNT signals. We will review this position as industry standards develop.

Part 3 — General Provisions

17 Changes to This Policy

We may update this Privacy and Cookie Policy from time to time to reflect changes in our services, technology, legal requirements, or business practices. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this document
  • Notify you via WhatsApp message or email at least 14 days before the changes take effect
  • For significant changes affecting your rights, seek your renewed consent where required by law

Your continued use of FAIDIA services after the effective date of the revised policy constitutes your acceptance of the changes.

18 Complaints

If you have concerns about how FAIDIA handles your personal data, please contact us first so we can resolve your concern directly:

  • Email: privacy@faidia.co.ke
  • WhatsApp: [INSERT WHATSAPP SUPPORT NUMBER]
  • Post: FAIDIA Data Protection Officer, [INSERT ADDRESS], Nairobi, Kenya

If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya:

Website
www.odpc.go.ke
Email
info@odpc.go.ke
Phone
+254 20 424 4000
Address
Upperhill, Nairobi, Kenya

19 Contact Us

For any questions, requests, or concerns regarding this Privacy and Cookie Policy, please reach out through any of the following channels:

General Privacy
privacy@faidia.com
Data Protection Officer
dpo@faidia.com
WhatsApp
0116250250
Website
www.faidia.com
Registered Address
75089-00200, Jamhuri Estate, Nairobi, Kenya
Response Time

We are committed to responding to all privacy-related queries within 21 days as required by the Kenya Data Protection Act 2019.

© FAIDIA 2026. All rights reserved.

This document is governed by the Kenya Data Protection Act, 2019.

[INSERT LEGAL COMPANY NAME] · [INSERT COMPANY REG NUMBER] · Nairobi, Kenya

This website stores cookies on your computer. Cookie Policy