ShopEasy Privacy Policy

Last Updated: March 22, 2026

Applicable to: ShopEasy Retailer App

1. Information We Collect

1.1 Account Information

Email Address: Used for account creation, login, and communication
Password: Securely hashed and stored for account access
Business Name: To identify your business in the platform
Phone Number: For order notifications, customer support, and contact sharing with suppliers
User Role: Retailer classification

1.2 Business Profile Information

Business Name: Your company or business name
Business Description: Information about your business and services
Business Phone: Contact number for your business
Profile Picture: Optional business logo or profile image uploaded through the "My Account" section

1.3 Delivery Address Information

County: County where delivery should be made
Sub-County: Sub-county within the selected county
Town: Town or area for delivery
Shopping Center: Nearby shopping center or landmark
Location Description: Additional delivery instructions or directions
Location Pin: Precise location selected via Google Maps for accurate delivery (optional)

1.4 Transaction Data

Order Information: Products ordered, quantities, prices, and order history
Payment References: Payment confirmation codes submitted to verify transactions (payments made directly to suppliers)
Cart Data: Items saved in shopping cart
Invoice Records: Email invoices containing order details, supplier information (name, email, phone), retailer information (name, email, phone), product details, quantities, and total amounts

Note: We do not process payments. All payments are made directly between buyers and suppliers.

1.5 Usage Analytics

We analyze your order data to provide business insights:

Product Preferences: Most frequently ordered products based on your order history
Order Analytics: Order frequency (monthly comparisons), total spending, and average order value
Pending Orders: Count of orders awaiting processing

Note: Analytics are derived from your order data, not separate tracking mechanisms.

1.6 Technical Information

Login Data: Login timestamps and failed login attempts for security
Session Data: Authentication tokens and session management
Push Notification Tokens: Firebase Cloud Messaging tokens for sending notifications

1.7 Third-Party Services

We use the following third-party services that may collect data:

Google Maps Platform: Embedded in the app for location selection. Google may collect location data when you interact with the map to select your business or delivery location
Firebase Cloud Messaging: Collects device tokens and notification interaction data for push notifications
Google Play Services: For app distribution and updates

These services have their own privacy policies. We recommend reviewing them.

1.8 App Permissions

The app requests the following permissions:

Internet Access: Required to connect to our servers and access app features
Network State: Check internet connectivity before making requests
Notifications: Send order updates and important announcements (you can manage this in settings)
Storage (Android 7-9 only): Save QR codes to your device's Pictures folder when you choose to download them

Storage permissions are only requested on older Android versions (7-9) and only when you download a QR code.

2. How We Use Your Information

Service Delivery: Facilitate order placement and connect retailers with suppliers
Account Management: Create and maintain user accounts, verify email addresses
Communication: Send order confirmations, updates, and customer support via email and push notifications
Analytics: Provide business insights such as favorite products, order frequency, and spending patterns
Security: Protect against fraud and unauthorized access through login monitoring
Legal Compliance: Maintain transaction records for tax purposes and comply with the Kenya Data Protection Act, 2019

We do not process payments or handle financial transactions - these occur directly between users.

3. Information Sharing

We share information only in these limited circumstances:

With Suppliers: When you place an order, your business name, phone number, delivery address, and order details are shared with the supplier for fulfillment
Supplier Listings: Suppliers voluntarily provide their business name, phone number, and description to be displayed on the platform, allowing retailers to discover and contact them directly
Service Providers: Google Maps (location services), Firebase (push notifications), email services, cloud hosting providers
Legal Requirements: When required by law or to protect our rights
Business Transfers: In case of merger, acquisition, or sale of assets

Supplier Information Display:

The app displays supplier business information including business names, contact details (phone, email), locations, and product listings. Suppliers have consented to display this information when registering on the ShopEasy platform for the purpose of connecting with retailers and facilitating B2B transactions.

Payment Processing:

We do not process or handle payments. All financial transactions occur directly between buyers and suppliers. We do not store payment card information or banking details.

We never sell your personal information to third parties.

4. Data Security

We implement security measures to protect your information:

Encryption: All data transmitted between your device and our servers uses HTTPS/TLS encryption
Password Security: Passwords are hashed using bcrypt with industry-standard salt rounds
Access Controls: Authentication required for all user actions, with session management
Login Monitoring: Failed login attempts are tracked to detect unauthorized access

5. Your Rights

You have the following rights regarding your personal data:

Access: Contact us to request information about the data we hold about you
Correction: Update your profile information directly in the app settings
Deletion: Delete your account through app settings (requires OTP verification)
Notification Preferences: Manage push notification settings in the app

To exercise these rights, contact us at shopyeasy254@gmail.com or use the in-app settings.

6. Data Retention

Account Data: Retained while account is active
Transaction Records: Retained indefinitely for legal, tax, and business compliance
Deleted Accounts: Account data (profile, credentials) deleted immediately upon confirmation
Order History: Transaction records are retained even after account deletion for business and legal purposes

7. Authentication and Session Management

We use secure authentication tokens (cookies) to:

Authentication: Keep you logged in securely between app sessions
Session Management: Maintain your active session with the server
Security: Protect against unauthorized access with httpOnly secure cookies

These tokens are stored securely and automatically expire after 7 days of inactivity.

8. Children's Privacy

ShopEasy is a B2B platform intended for business use only. We do not knowingly collect information from individuals under 18 years of age.

9. Data Storage and Processing

Your data is processed and stored as follows:

Primary Data: Stored on DigitalOcean servers (database and application data may be processed outside Kenya)
File Storage: Images and files stored on DigitalOcean Spaces
Third-Party Services: Google Maps and Firebase may process data on international servers

These services comply with international data protection standards.

10. Changes to This Policy

We may update this privacy policy periodically. We will notify you of significant changes through the app or email. Continued use of ShopEasy after changes constitutes acceptance of the updated policy.

11. Contact Information

For privacy-related questions or requests:

Email: shopyeasy254@gmail.com
Address: ShopEasy, Nyeri, Kenya
Phone: +254 747 050 607

We will respond to privacy requests within 30 days.

12. Governing Law

This privacy policy is governed by the laws of Kenya and the Kenya Data Protection Act, 2019.