Privacy Policy

1. Introduction

Welcome to Pandadocz ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at support@pandadocz.co.ke.

2. Information We Collect

We collect information that you provide directly to us when you:

2.1 Personal Information

• Account Information: Name, email address, phone number when you create an account
• Document Information: Information needed for document preparation (names, dates, addresses, etc.)
• Payment Information: MPESA phone number (we never see or store your MPESA PIN)
• Communication Data: Messages and inquiries you send to us

2.2 Automatic Information

• Usage Data: How you interact with our website (pages visited, time spent, etc.)
• Device Information: IP address, browser type, device type, operating system
• Cookies: Essential cookies for website functionality (no tracking cookies)

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide our services: Prepare and deliver your documents
• To process payments: Handle MPESA transactions securely
• To communicate with you: Send order updates and support responses
• To improve our services: Analyze usage patterns to enhance user experience
• To ensure security: Protect against fraud and unauthorized access
• To comply with legal obligations: Meet regulatory requirements

4. Data Security

We implement robust security measures to protect your personal information:

4.1 Encryption

• AES-256 Encryption: All data encrypted at rest and in transit
• TLS 1.3: Secure communication channels
• Encrypted Storage: Files stored in encrypted format

4.2 Access Controls

• Role-Based Access: Strict access controls for employees
• Authentication: Multi-factor authentication for admin access
• Audit Logs: All access attempts logged and monitored

4.3 MPESA Security

• PIN Protection: Your MPESA PIN is never seen or stored by our systems
• Direct Integration: Payments processed through Safaricom's secure API
• Tokenization: Payment tokens used instead of sensitive data

5. Data Retention & Automatic Deletion

5.1 Retention Periods

• Personal Information: Deleted after 30 days
• Document Files: Deleted after 30 days
• Payment Records: Anonymized after 90 days (no personal data retained)
• Account Information: Deleted upon account closure + 30 days

5.2 Your Right to Deletion

You can request immediate deletion of your data at any time by:

1. Contacting our support team
2. Using the "Delete Account" feature in your dashboard
3. Emailing privacy@pandadocz.co.ke

All deletion requests are processed within 24 hours.

6. Your Privacy Rights

You have the following rights regarding your personal information:

6.1 Access & Portability

• Right to Access: Request a copy of your personal data
• Right to Portability: Receive your data in a structured format

6.2 Correction & Deletion

• Right to Correction: Update inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data

6.3 Restriction & Objection

• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to certain types of processing

To exercise any of these rights, please contact us at privacy@pandadocz.co.ke.

7. Third-Party Services

We use the following third-party services that may process your information:

7.1 Essential Services

• Safaricom MPESA: Payment processing (your PIN never shared with us)
• Hosting Provider: Secure cloud hosting with data encryption
• Email Service: Encrypted email communication

7.2 Our Commitments

• We only use reputable, security-focused service providers
• All third parties are contractually bound to protect your data
• We conduct regular security audits of our service providers
• We never sell or rent your personal information to third parties

8. Changes to This Policy

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last updated" date. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

8.1 Notification of Changes

If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

9. Contact Us

If you have questions or comments about this policy, you may contact our Data Protection Officer at:

We typically respond to privacy-related inquiries within 24 hours.