Privacy Policy

Effective date: September 9, 2025
Website: https://zawadibooking.com
Contact: info@zawadibooking.com

Zawadi Booking (“Zawadi,” “we,” “us,” or “our”) respects your privacy. This Policy explains how we collect, use, disclose, and protect personal information when you use zawadibooking.com and our related services, including our booking platform (powered by Booknetic SaaS), vendor dashboards, and communication channels (collectively, the “Services”).

Important: This Policy applies to both Clients (people booking services) and Vendors (businesses listing services). By using the Services, you agree to this Policy and our Terms of Service.

1) Who We Are & Roles

  • Controller: For the marketplace platform (website, vendor onboarding, bookings, communications), Zawadi Booking acts as the data controller under the Kenya Data Protection Act, 2019 (DPA).
  • Processor relationships: We use certain third-party processors (e.g., hosting, analytics, SMS/email providers) to deliver the Services.
  • Vendor responsibilities: Vendors may act as independent controllers of Client data they receive through Zawadi (e.g., appointment details). Vendors must process such data in accordance with Kenyan law and this Policy.

2) Information We Collect

We collect information in three ways: (A) you provide it to us; (B) we collect it automatically; and (C) we receive it from third parties.

A) Information you provide

  • Account & profile: name, email, phone, password, profile photo, business name, business address, service categories, and other onboarding details.
  • Booking details: selected service, date/time, location (if applicable), notes, add-ons, price, and preferences.
  • Vendor onboarding & KYC: business registration details, ID numbers where applicable, Mpesa payout details, portfolio media, policies, and availability.
  • Communications: messages, support requests, reviews/ratings, dispute information, and survey responses.
  • Marketing preferences: newsletter opt-ins, notification choices.

B) Information collected automatically

  • Device/usage data: IP address, browser type, operating system, referring URLs, pages viewed, links clicked, and time spent.
  • Cookies & similar technologies: session cookies for login/booking flows, preference cookies, and analytics cookies (see Cookies section).

C) Information from third parties

  • Payments: limited payment metadata (e.g., transaction ID, status) from M-Pesa or other payment partners. We do not store M-Pesa PINs or full card details.
  • Authentication/anti-fraud: tools that help verify identity and prevent abuse.

3) How We Use Information

We process personal information to:

  • Operate, maintain, and improve the Services and booking flows (including Booknetic SaaS).
  • Create and manage accounts (Client and Vendor), enable listings, availability, checkout, confirmations, and reminders.
  • Facilitate M-Pesa payments, at-store payments, refunds, and payouts.
  • Provide support, respond to inquiries, and resolve disputes.
  • Personalize content, recommendations, and communications.
  • Send transactional emails/SMS (e.g., confirmations, reminders, policy updates). Marketing communications are sent with your consent and include an option to opt out.
  • Protect the integrity and security of the Services, prevent fraud, enforce our Terms, and comply with legal obligations.

4) When We Share Information

We share information only as needed:

  • Vendors: Client booking details are shared with the selected Vendor to deliver the service.
  • Service providers/processors: hosting, SMS/email delivery, analytics, file storage/CDN, and customer support tools.
  • Legal & safety: to comply with law, respond to lawful requests, protect rights, safety, and prevent fraud.
  • Business transfers: in a merger, acquisition, or asset sale, user information may be transferred consistent with this Policy.

We do not sell personal information. We do not allow third parties to collect data for their own targeted advertising on our checkout or account pages.

5) Payments

  • Mpesa: Clients may pay via Mpesa. We receive transaction confirmations but do not collect or store PINs.
  • Pay at store: Clients may also pay directly at the vendor’s location. Zawadi does not control how vendors handle in-store payments.
  • Vendor payouts: Vendors receive payouts via M-Pesa to the line they provided during the onboarding process.

6) Cookies & Analytics

We use cookies and similar technologies to:

  • keep you signed in;
  • remember preferences and booking progress; and
  • measure performance and improve the site.

Where required, we present a cookie banner with choices to accept, reject non-essential cookies, or manage settings. You can also control cookies via your browser.

Analytics data is aggregated and may include IP addresses, device IDs, and usage metrics. We use this only to improve performance and user experience.

7) Data Retention

We keep personal information only as long as necessary for the purposes described in this Policy, including maintaining accounts, meeting legal, tax, and audit obligations, and resolving disputes. We will anonymize or delete data when no longer required.

8) Your Rights & Choices (Kenya DPA 2019)

Under the Kenya Data Protection Act, you may:

  • access, correct, or delete your data;
  • object to or restrict certain processing; and
  • withdraw consent where processing is based on consent.

You can access most information in your account settings or by contacting us at info@zawadibooking.com. We will verify your request and respond within applicable timelines under Kenyan law.

Marketing opt-out: Use the unsubscribe link in marketing emails or adjust your preferences in account settings. Transactional messages related to bookings are not marketing and you may still receive them.

9) Vendor Responsibilities

Vendors must handle Client information received via Zawadi in compliance with the Kenya Data Protection Act and this Policy. Vendors should:

  • process data only for fulfilling bookings and related customer service;
  • keep data secure and limit access to authorized personnel; and
  • publish their own privacy notices covering any additional processing they perform.

10) International Transfers

If you access our Services from outside Kenya, your information may be processed and stored in Kenya. Where necessary, we ensure appropriate safeguards for transfers.

11) Security

We employ administrative, technical, and physical safeguards designed to protect personal information (e.g., TLS encryption in transit, access controls, regular updates, and monitoring). No method of transmission or storage is completely secure; your use of the Services is at your own risk.

12) Children’s Privacy

The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will take appropriate steps to delete it.

13) Region-Specific Disclosures

  • Kenya: We comply with the Data Protection Act, 2019. You may request access, correction, deletion, or objection by contacting info@zawadibooking.com. You may also lodge a complaint with the Office of the Data Protection Commissioner (ODPC).
  • Other countries: If you are booking from abroad, we process your data in line with this Policy and applicable laws.

14) Third-Party Links

Our Services may link to third-party websites or apps. Their privacy practices are governed by their own policies; we are not responsible for their content or practices.

15) Changes to This Policy

We may update this Policy from time to time. We will post the updated version and revise the “Effective date” above. Significant changes may be communicated via email or in-app notice.

16) How to Contact Us

If you have questions or requests regarding this Policy or our data practices, contact us at info@zawadibooking.com.

Quick Summary (Not a substitute for the full Policy)

  • We collect only what we need to run bookings, vendor onboarding, Mpesa/pay-at-store payments, and support.
  • We share data with Vendors and processors to deliver services; we do not sell personal information.
  • You can access, correct, or delete your data and opt out of marketing.
  • Vendors must protect Client data received via Zawadi.

© 2025 Zawadi. All rights reserved | Powered by Magnate Designs