Privacy Policy

1. Introduction and Data Controller Identity

Design Yangu is a platform operated by Yami Designs, a company based in Nairobi, Kenya. In this Privacy Policy, "we", "us", and "our" refer to Yami Designs trading as Design Yangu.

Yami Designs is the Data Controller for personal data processed through the Design Yangu platform (designyangu.com). This policy explains what data we collect, why we collect it, how we use it, and what rights you have regarding your personal information.

Our Data Protection contact is: privacy@designyangu.com

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

• Account Registration: Full name, email address, phone number (used for M-Pesa payment and account verification), and password (stored as a one-way hash)
• Order Information: Delivery address, order details, and payment transaction references
• Designer Profile: Bio, profile photo, M-Pesa or bank account details for payout purposes, and portfolio descriptions
• Communications: Messages sent to our support team via email or contact forms

2.2 Data Collected Automatically

• IP address, browser type and version, operating system, and device type
• Pages visited, time spent on each page, and navigation patterns within the Platform
• Referring website URLs and search terms used to find us
• Session tokens, authentication cookies, and user preference cookies

2.3 Data from Third Parties

• If you register or log in using Google OAuth, we receive your name, email address, and profile picture from Google, subject to Google's privacy policy
• Payment processors (including Safaricom M-Pesa) may share transaction confirmation references with us to verify payment completion

3. Legal Basis for Processing

Under the Kenya Data Protection Act 2019, we process your personal data on the following lawful bases:

• Contract Performance: Processing necessary to fulfil your orders, process payments, and deliver products to you
• Legitimate Interests: Operating and improving the Platform, preventing fraud, and ensuring the security of our systems
• Consent: Where you have given explicit consent, such as subscribing to our newsletter or accepting non-essential cookies
• Legal Obligation: Where processing is required to comply with applicable Kenyan law, including tax regulations and court orders

4. How We Use Your Personal Data

We use your personal data to:

• Create and manage your account and authenticate your identity
• Process your orders — from manufacturing through to delivery
• Process payments and disburse designer earnings via M-Pesa or bank transfer
• Communicate with you about your orders, account activity, and support requests
• Send you transactional notifications such as order confirmation and delivery updates
• Send marketing communications where you have opted in (you can unsubscribe at any time)
• Detect, investigate, and prevent fraudulent transactions, abuse, and security incidents
• Comply with our legal obligations under Kenyan law, including the Kenya Data Protection Act 2019 and the Income Tax Act
• Improve the Platform through anonymised analytics and usage data

5. Sharing of Personal Data

We do not sell or rent your personal data to third parties. We may share your data with the following categories of recipients only to the extent necessary:

• Print Fulfillment Partners: Your delivery name and address are shared with our print and logistics partners to fulfil your order
• Payment Processors: Safaricom (M-Pesa Daraja API) and card payment processors receive the minimum data needed to complete transactions. We do not store full card numbers on our servers.
• Cloud and Hosting Services: Our platform is hosted on secure servers. Infrastructure providers operate under strict data processing agreements.
• Legal Authorities: We may disclose personal data to government agencies, law enforcement, or courts when required by law or to protect our legal rights.

All third-party service providers are contractually required to protect your data and use it only for the purpose for which it was shared.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specific retention periods are:

• Account data: retained for the life of your account and up to 3 years after account closure
• Order and transaction records: retained for 7 years to comply with Kenyan tax and financial regulations
• Design files: retained while your account is active; deleted within 90 days of account closure upon request
• Support communications: retained for 2 years from the date of the last communication

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for authentication, session management, and platform security. These cannot be disabled.
• Preference Cookies: Remember your settings such as dark/light mode and language preferences.
• Analytics Cookies: Used to understand how visitors use the Platform so we can improve it. These are collected in anonymised, aggregated form.

You can manage non-essential cookies through your browser settings. Please note that disabling certain cookies may affect Platform functionality.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• HTTPS/TLS encryption for all data transmitted to and from the Platform
• Passwords stored using industry-standard one-way hashing (bcrypt)
• Database access restricted to authorised internal systems only
• Regular security reviews and dependency updates

Despite these measures, no method of electronic transmission or storage is 100% secure. If you suspect a security incident related to your account, please contact us immediately at privacy@designyangu.com.

9. Your Rights Under the Kenya Data Protection Act 2019

As a data subject under the Kenya Data Protection Act 2019, you have the following rights:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may ask us to correct inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data, subject to our legal retention obligations.
• Right to Object: You may object to the processing of your personal data for direct marketing purposes at any time.
• Right to Data Portability: You may request a copy of your data in a structured, machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please submit a written request to privacy@designyangu.com. We will respond within 21 days in accordance with the Act. We may ask you to verify your identity before processing your request.

If you believe your rights have been violated, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya at odpc.go.ke.

10. Children's Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take prompt steps to delete that information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We will notify registered users of material changes via email or through a notice on the Platform. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the Platform following any changes constitutes your acceptance of the revised policy.

12. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: