Skip to content

Privacy Policy

1. Introduction

PropTraka, a product of PropTraka Ventures ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our property management platform, compliant with the Kenya Data Protection Act (2019).

2. Information We Collect

We collect information that you provide directly to us, including:

  • Identity Data: Name, ID number, and contact details for verification.
  • Property Data: Details of the properties you manage or inhabit.
  • Financial Data: Rent payment history, M-Pesa transaction identifiers (for reconciliation), and billing information.
  • Usage Data: How you interact with our platform and ARDO™ (our AI assistant).
  • Tax Compliance Data: KRA PINs (landlord and tenant), eTIMS OSCU credentials, invoice numbers, and VAT registration details for tax compliance purposes.
  • Device Tokens: Push notification tokens for delivering push notifications to your browser or mobile device. Tokens are stored in your user profile and refreshed automatically.
  • Referral Data: Referral codes, referrer and referred user identifiers, and referral completion status for administering the referral rewards programme.
  • Passkey Credential Data: Passkey credential identifiers and public keys for passwordless authentication. We do not store your actual biometric data (fingerprints, facial scans, or PINs) — these never leave your device.
  • API Usage Data: API request counts, timestamps, and endpoints accessed for rate limiting and usage monitoring purposes.
  • Applicant Screening Data: When a landlord initiates tenant screening, we collect the applicant's name, national ID number, phone number, email address, and KRA PIN. We also collect identity documents (ID photos and selfies) for AI-powered identity verification, and financial documents (M-Pesa statements) for behavioural analysis. KRA PINs are sent to the Kenya Revenue Authority API for verification — only the verification result (valid/invalid) is stored; the full KRA response is not retained.

3. How We Use Your Information

We use the collected data to:

  • Provide, maintain, and improve our property management services.
  • Generate TrustTraka™ reports based on verified financial and identity data.
  • Automate rent reconciliation and financial reporting.
  • Detect and prevent fraudulent activities.
  • Comply with statutory requirements from the Kenya Revenue Authority (KRA) and other regulatory bodies.
  • Generate and submit eTIMS-compliant rent invoices and credit notes to KRA.
  • Deliver tenant notifications via WhatsApp (rent reminders, maintenance updates, payment confirmations).
  • Screen prospective tenants on behalf of landlords, including AI-assisted identity verification, financial document analysis, and KRA PIN validation.

4. Cookies & Tracking Technologies

PropTraka uses cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication, session management, and security (e.g., session cookies, CSRF tokens). These cannot be disabled.
  • Functional Cookies: Store your preferences such as language, currency, theme, and locale settings.
  • Analytical Cookies: Help us understand usage patterns to improve the platform. These are anonymised and do not track individual users across other websites.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the platform from functioning correctly.

5. Data Anonymization & AI

When using ARDO™, our AI assistant, we employ strict data separation as per our AI Safety Policy. Your Personally Identifiable Information (PII) is never used for training general models. All AI analysis is performed on anonymised data streams to ensure your privacy is maintained while providing top-tier investment insights.

6. Third-Party Data Sharing

We may share your data with the following third parties strictly for the purpose of providing our services:

  • Safaricom / M-Pesa: Transaction data is shared for rent collection and payment reconciliation purposes.
  • Paystack: Billing and subscription payment data is processed by our payment partner. Card details are tokenised by Paystack on capture; PropTraka does not store or transmit full card numbers (PAN), CVV, or magic-stripe data.
  • Kenya Revenue Authority (KRA): Rent invoice data, credit note data, tenant KRA PINs (when provided), VAT amounts, and invoice line items are shared when you use eTIMS integration for invoice generation and submission.
  • Meta / WhatsApp: Phone numbers, message content (rent amounts, due dates, maintenance status), and delivery status data are shared with Meta for WhatsApp message delivery via the WhatsApp Business Platform (Cloud API). Meta's privacy policy governs their processing of this data.
  • Cloud Infrastructure Provider: Authentication data and anonymised analytics are processed via our cloud infrastructure partner.
  • AI Processing Partners: Anonymised data may be processed by our third-party AI infrastructure partners for ARDO™ features, in accordance with our AI Safety Policy. Where you upload lease templates or other agreements for merge-field analysis, the document text is sent transiently to our AI providers for placeholder suggestion only and is not retained by them beyond the request.
  • Market Data: Publicly available rental listing data from Kenyan property portals is aggregated via third-party data services to power ARDO™'s market intelligence features (rent comparisons, suburb analysis). No personal user data is shared with these providers.
  • Guarantor Data: Where a tenancy is marked as needing a guarantor and the landlord has not provided the guarantor's contact details up front, the tenant supplies the guarantor's full name and email when signing their agreement. PropTraka acts as data processor on the landlord's behalf for this guarantor data; the landlord remains the data controller and is responsible for ensuring the guarantor has consented to the use of their personal data.
  • Landlord (Applicant Screening): When you apply as a prospective tenant, your screening data (identity verification results, financial analysis summary, and KRA PIN validation status) is shared with the landlord who initiated the screening process. The landlord receives the screening outcome to inform their tenancy decision.

We do not sell your personal data to third parties. We do not share your data for advertising or marketing purposes without your explicit consent.

7. Data Retention Periods

We retain your data for the following periods:

  • Active Accounts: Data is retained for the duration of your subscription.
  • Post-Cancellation: Account data is retained for 90 days after cancellation to allow for recovery, after which it is permanently deleted.
  • Financial Transaction Records: Retained for a minimum of 7 years in compliance with KRA regulations and POCAMLA requirements.
  • AI Conversation Logs: Retained for 30 days for service improvement, then automatically purged.
  • Server & Access Logs: Retained for 90 days for security and debugging purposes.
  • Backup Data: Retained for a maximum of 180 days, after which backups are rotated and overwritten.
  • eTIMS Invoice Records: Retained for a minimum of 7 years in compliance with KRA regulations, including invoice numbers, amounts, SCU IDs, receipt numbers, and QR verification codes.
  • Applicant Screening Data: Retained for the duration of the application process. If the applicant is approved and converted to a tenant, relevant data is migrated to their tenant profile. If the application is rejected, applicant data is retained for 12 months (to support dispute resolution and audit requirements) and then permanently deleted.
  • Tenant Portal Access: When a landlord's subscription expires or is deactivated, the tenant portal transitions to read-only mode. Tenants can still view their payment history and documents but cannot make new payments or submit maintenance requests. Tenant data follows the same 90-day retention window as the landlord's account.
  • Tenant Notifications: When a landlord's subscription is deactivated, tenants linked to the landlord's properties receive a one-time email notification with the landlord's contact details so they can arrange payments directly.

8. Data Localisation & Security

In compliance with the Data Protection Act, we ensure that sensitive personal data is stored and processed within servers that meet Kenyan localisation requirements or are protected by equivalent data protection standards. We implement industry-standard encryption for all financial records and mobile money transaction data.

All uploaded files are scanned for malware before being stored. Files that fail security validation (invalid type, excessive size, or detected malware) are rejected immediately and are never persisted to our servers. This ensures that no infected or malicious content is stored alongside your data.

9. International Data Transfers

PropTraka uses enterprise cloud infrastructure, which may process data on servers located outside Kenya. All such transfers are subject to appropriate safeguards under the Kenya Data Protection Act, including:

  • Our cloud provider's Data Processing Agreement, which provides protections equivalent to the Kenya DPA.
  • Encryption of all data in transit (TLS) and at rest using industry-standard encryption.
  • Strict access controls and audit logging on all international processing.

10. Data Breach Notification

In the unlikely event of a data breach, PropTraka is committed to notifying the Office of the Data Protection Commissioner (ODPC) and affected users within 72 hours of becoming aware of the breach, as required by law.

11. Children's Privacy

PropTraka is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take immediate steps to delete such data. A parent or guardian may contact us at legal@proptraka.ke to request deletion of a minor's data.

12. Data Controller and Processor

PropTraka acts as the Data Controller for the personal data you provide directly to us. When you use our platform to manage properties and tenant data, we may act as a Data Processor on your behalf. We commit to processing such data strictly according to your instructions and this Privacy Policy.

13. Marketing Communications

We will only send you marketing communications (product updates, promotions, newsletters) if you have provided explicit opt-in consent during registration or via your account settings. You may withdraw this consent at any time by:

  • Updating your notification preferences in your account Settings.
  • Clicking the "Unsubscribe" link at the bottom of any marketing email.

Transactional communications (payment receipts, security alerts, lease reminders) are not considered marketing and will continue regardless of your marketing preference.

13A. Mandatory Notifications (Auto Opt-In)

Certain notifications are classified as mandatory and cannot be opted out of. By creating an account, you automatically consent to receiving the following:

  • Legal Document Updates: Changes to these Terms of Service, Privacy Policy, or any other binding document.
  • Security Breach Notifications: As required by the Data Protection Act (2019), we will notify you within 72 hours of any breach affecting your personal data.
  • Emergency Service Disruptions: Critical platform incidents, scheduled maintenance, or service outages.
  • Regulatory Compliance Updates: Changes to Kenyan laws (KRA, Data Protection Act, POCAMLA) that affect your use of the platform.
  • Account Security Alerts: Login notifications, suspicious activity, and password changes.

These mandatory notifications are delivered via email, SMS, and in-app push notifications. They are essential to the operation of your account and our legal obligations under Kenyan law, and cannot be disabled while your account is active.

14. Your Rights

Under the Data Protection Act, you have the right to access, rectify, or erase your personal data held by PropTraka. You also have the right to object to processing or request data portability.

To exercise these rights or raise any data protection concerns, please contact our Data Protection Officer:

  • Email: legal@proptraka.ke
  • Address: PropTraka Ventures, Nairobi, Kenya

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe your data protection rights have been violated.

Last Updated: March 18, 2026. Nairobi, Kenya.