Privacy Policy

1. The Data We Collect

To provide our services, we collect only the minimum necessary information:

• • Identity Data: Full name and account role.
• • Contact Data: Email address for digital delivery. We do not store phone numbers for buyers.
• • Vendor Data: We only store phone numbers for Vendors to facilitate commission payouts and payment processing.
• • Financial Data: M-Pesa transaction identifiers only.

2. Purpose of Processing

We process your data based on the performance of a contract to:

• Deliver purchased academic resources to your email.
• Initiate M-Pesa STK push prompts for order payments.
• Verify vendor identities for commission payouts.
• Maintain a secure audit trail of system activities to prevent fraud.

3. Third-Party Disclosures

We do not sell your data. However, we share necessary information with the following service providers to complete your orders:

• ✔ Safaricom (M-Pesa): Buyer phone numbers are passed to Safaricom only to facilitate the secure STK push payment prompt. EduShop does not retain this number in our buyer database after the transaction.
• ✔ Legal Authorities: Only when strictly required by the Laws of Kenya.

4. Data Retention & Security

Your data is stored securely on servers compliant with industry standards. We retain transaction data for the period required by Kenyan tax and financial laws. Personal data of inactive accounts is periodically reviewed for de-identification or deletion.

5. Your Rights as a Data Subject

Under the Kenya Data Protection Act, you have the right to:

6. Content Protection & Copyright

To protect our vendors, all digital products are accessed via time-limited, secure links. Users are prohibited from distributing, sharing, or re-selling materials obtained through EduShop.