Legal
Privacy Policy
BuuQ ("we", "us") respects your privacy and is committed to protecting your personal data in accordance with the Data Protection Act, 2019 (Kenya) and the regulations of the Office of the Data Protection Commissioner (ODPC).
1. Data Controller
BuuQ is the data controller for personal data processed through the app. Contact: privacy@buuq.co.ke
2. Personal Data We Collect
- Identity & contact: name, email, phone number, profile photo.
- Verification: phone/email verification timestamps (KYC).
- Provider data: specialties, handle, location, service listings.
- Transactions: bookings, payments, wallet and commission records.
- Technical: device identifiers, IP address, usage/telemetry data.
- Location: coordinates you provide for proximity search.
3. Lawful Basis & Purpose (s.30, DPA 2019)
We process personal data to create and secure your account, verify identity, match seekers with providers, process payments, provide support, prevent fraud, and improve the service. Our lawful bases include your consent, performance of a contract, compliance with legal obligations, and our legitimate interests in operating a safe marketplace.
4. Consent
By creating an account you consent to the processing described here. You may withdraw consent at any time (subject to legal/contractual retention) by contacting privacy@buuq.co.ke or deleting your account.
5. Your Rights as a Data Subject (Part V, DPA 2019)
You have the right to be informed, to access, to correct, to request deletion ("right to erasure"), to object to or restrict processing, and to data portability where technically feasible. To exercise these rights contact privacy@buuq.co.ke. You may also lodge a complaint with the Office of the Data Protection Commissioner (odpc.go.ke).
6. Data Sharing
We share data only with payment processors (Safaricom M-Pesa, card networks), providers you book with (limited to fulfilling the booking), infrastructure providers, and authorities where required by law. We do not sell your personal data.
7. Cross-Border Transfers (s.48–49, DPA 2019)
Where data is processed outside Kenya, we ensure appropriate safeguards consistent with the Act before any transfer.
8. Data Security
We apply TLS in transit, encrypted secrets, hashed passwords, least-privilege access, and audit logging.
9. Retention
We retain personal data only as long as necessary for the purposes above or as required by law, after which it is deleted or anonymised.
10. Children
BuuQ is not intended for persons under 18; we do not knowingly collect their data.
11. Changes
We will notify you of material changes to this policy in-app.
12. Contact
Data Protection contact: privacy@buuq.co.ke
Office of the Data Protection Commissioner:https://www.odpc.go.ke