">
Kuza ERP Logo KUZA ERP

Privacy Policy

How KUZA ERP protects your business data and respects your privacy

Last updated: October 15, 2025

1. Introduction

Welcome to KUZA ERP ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your business data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Enterprise Resource Planning (ERP) system and related services.

2. Information We Collect

2.1 Business Information

When you register for our ERP system, we collect:

  • Company name, registration details, and business structure
  • Contact information (address, phone, email)
  • Industry type and business size
  • Tax identification numbers and regulatory information

2.2 Personal Data

We collect personal information about:

  • Users and employees using the system
  • Customer and supplier contact details
  • Financial data including invoices, payments, and transactions
  • Inventory and product information

2.3 Technical Data

We automatically collect:

  • IP addresses and device information
  • Usage patterns and system interactions
  • Error logs and performance metrics
  • Browser and operating system information

3. How We Use Your Information

We use your information to:

  • Provide and maintain our ERP services
  • Process financial transactions and generate reports
  • Manage inventory and supply chain operations
  • Ensure system security and prevent fraud
  • Provide customer support and technical assistance
  • Comply with legal and regulatory requirements
  • Improve our services and develop new features

4. Data Security

We implement industry-leading security measures to protect your business data:

  • Encryption: All data is encrypted in transit and at rest using SSL/TLS and AES-256
  • Access Controls: Multi-factor authentication and role-based access controls
  • Data Centers: SOC 2 Type II certified data centers with 99.9% uptime guarantee
  • Regular Audits: Third-party security audits and penetration testing
  • Backup Systems: Automated daily backups with 30-day retention

5. Compliance with Kenyan Data Protection Laws

KUZA ERP is fully compliant with the Kenyan Data Protection Act 2019 and is registered with the Office of the Data Protection Commissioner (ODPC). Our compliance ensures:

  • ODPC Registration: We are officially registered as a data controller/processor with the ODPC
  • Data Protection Principles: We adhere to all eight data protection principles including lawfulness, fairness, and transparency
  • Kenyan Jurisdiction: Your data is processed in accordance with Kenyan data protection laws
  • Local Support: We provide local data protection support and compliance assistance
  • Regular Compliance Audits: We conduct regular internal audits to ensure ongoing compliance
  • Data Protection Officer: We have appointed a qualified Data Protection Officer to oversee compliance

ODPC Compliance Certificate

KUZA ERP maintains active registration with the Office of the Data Protection Commissioner and complies with all requirements under the Data Protection Act 2019.

6. Data Sharing and Third Parties

We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in our operations
  • Legal Compliance: When required by law or to protect our rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • Consent: With your explicit consent for specific purposes

7. Data Retention

We retain your business data for as long as necessary to provide our services and comply with legal obligations. Financial records are typically retained for 7 years as required by tax laws in most jurisdictions.

8. Your Rights

You have the right to:

  • Access: Request copies of your personal and business data
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your data for certain purposes

9. International Data Transfers

As an East African ERP solution, your data may be processed and stored in data centers across Kenya, Uganda, Tanzania, and Rwanda. We ensure all international transfers comply with applicable data protection laws.

10. Children's Privacy

Our ERP system is designed for business use and is not intended for children under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@kuzaerp.com

Phone: +254117730252

Address: Nairobi, Kenya

Data Protection Officer: dpo@kuzaerp.com

GDPR Compliance

KUZA ERP is fully compliant with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We respect your rights as a data subject and are committed to protecting your personal information.

Kenyan Data Protection Compliance

KUZA ERP is fully compliant with the Kenyan Data Protection Act 2019 and maintains active registration with the Office of the Data Protection Commissioner (ODPC). We adhere to all data protection principles and provide local compliance support.