Privacy Policy

Last Updated: April 14, 2026

Our Commitment: Maur CRM is committed to protecting your privacy and complying with the Kenya Data Protection Act 2019 and the EU General Data Protection Regulation (GDPR) where applicable.

1. Data Controller Information

Data Controller: Maur CRM
Address: Kenya
Email: info@maur.co.ke
Phone: 0798 548 968
Website: maur.co.ke

We are registered with the Office of the Data Protection Commissioner (ODPC) of Kenya as required under the Data Protection Act 2019 [^1^].

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal data:

Identity Data: Name, company name, job title
Contact Data: Email address, phone number, postal address
Financial Data: M-Pesa transaction details, payment information
Technical Data: IP address, browser type, device information
Usage Data: How you interact with our Service
Business Data: Customer data you upload to our CRM

2.2 Sensitive Personal Data

We do not intentionally collect sensitive personal data (health information, biometric data, etc.) unless specifically required for particular modules (e.g., HR management). Where such processing occurs, we obtain explicit consent as required by Section 31 of the Kenya Data Protection Act [^1^].

3. How We Collect Your Data

Direct interactions (registration forms, correspondence)
Automated technologies (cookies, server logs)
Third parties (payment processors, integration partners)
Publicly available sources (where permitted by law)

4. Lawful Basis for Processing

Under the Kenya Data Protection Act 2019 and GDPR, we process your personal data based on:

Purpose	Legal Basis
Service provision	Performance of contract
Account management	Performance of contract
Payment processing	Performance of contract
KRA eTIMS compliance	Legal obligation
Marketing communications	Consent (Section 37, DPA) [^1^]
Service improvement	Legitimate interests

5. How We Use Your Information

We use your personal data for:

Providing and maintaining our CRM services
Processing payments via M-Pesa and other gateways
Facilitating KRA eTIMS tax compliance reporting
Enabling WhatsApp Business API integrations
Customer support and communication
Security monitoring and fraud prevention
Legal compliance and regulatory reporting
Marketing (with your explicit consent)

6. Data Sharing and Recipients

We may share your data with:

6.1 Service Providers

Cloud hosting providers (data storage)
Payment processors (M-Pesa, banks)
Email and SMS delivery services
Analytics providers

6.2 Legal and Regulatory

Kenya Revenue Authority (KRA) for eTIMS compliance
Law enforcement agencies (when legally required)
Courts and regulatory authorities

6.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different Privacy Policy.

7. International Data Transfers

Your data is primarily stored and processed in Kenya. However, some service providers may be located outside Kenya. In such cases, we ensure:

The recipient country has adequate data protection safeguards [^1^]
Standard contractual clauses are in place (for GDPR compliance)
Consent is obtained for sensitive data transfers outside Kenya

8. Data Security

We implement appropriate technical and organizational measures to protect your data [^1^]:

Encryption of data in transit (TLS/SSL) and at rest
Regular security assessments and penetration testing
Access controls and authentication mechanisms
Employee training on data protection
Incident response procedures

9. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Active accounts: Duration of subscription plus 7 years (for tax compliance)
Deleted accounts: 90 days (for recovery purposes), then permanent deletion
Financial records: 7 years (as required by Kenyan tax law)
Marketing data: Until consent is withdrawn

10. Your Data Protection Rights

Under the Kenya Data Protection Act 2019 and GDPR, you have the following rights [^1^][^6^]:

Right	Description
Access	Request copies of your personal data
Rectification	Correct inaccurate or incomplete data
Erasure	Request deletion of your data ("right to be forgotten")
Restriction	Limit how we process your data
Portability	Receive your data in a structured, machine-readable format
Objection	Object to processing based on legitimate interests or direct marketing
Withdraw Consent	Withdraw consent at any time (does not affect prior lawful processing)

To exercise these rights, contact us at info@maur.co.ke. We will respond within 30 days as required by law [^1^].

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Maintain your session and preferences
Analyze Service usage and performance
Improve user experience

You can control cookies through your browser settings. Essential cookies required for Service operation cannot be disabled.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

13. Data Breach Notification

In the event of a personal data breach that poses a real risk of harm, we will:

Notify the Office of the Data Protection Commissioner within 72 hours [^1^]
Notify affected users without undue delay
Provide information about protective measures you can take

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date. For significant changes, we will notify you via email or through the Service.

15. Contact Us

Data Protection Contact:
Email: info@maur.co.ke
Phone: 0798 548 968
Address: Kenya

Supervisory Authority:
Office of the Data Protection Commissioner (ODPC)
Kenya

This Privacy Policy is designed to comply with the Kenya Data Protection Act 2019 and EU GDPR. If you have any concerns about our data handling practices, please contact us immediately.