KompliTax← Back to home

Privacy Policy

Last updated: April 15, 2026

1. Who We Are

KompliTax is a KRA eTIMS compliance platform operated by Solomon Gababa, based in Kenya. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our Service.

2. Data We Collect

  • Account data: name, email address, business name, KRA PIN.
  • Financial data: transaction amounts, descriptions, categories, VAT, and invoice details you enter into the platform.
  • Payment data: M-Pesa phone number and payment status (we do not store card details; payments are processed by PayHero).
  • Usage data: pages visited, features used, browser type, IP address (via Supabase and Vercel analytics).

3. How We Use Your Data

  • To provide, operate, and improve the Service.
  • To generate your compliance reports, invoices, and tax summaries.
  • To process your subscription payments via M-Pesa.
  • To send you important service notifications and, with your consent, product updates.
  • To comply with applicable Kenyan law, including any lawful KRA requests.

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase — our database and authentication provider (EU/US data centres).
  • Vercel — our hosting provider (US data centres).
  • PayHero — our M-Pesa payment processor (Kenya).
  • Anthropic / OpenAI — for AI-powered transaction categorisation (transaction descriptions only; no personally identifying data is shared).
  • Regulatory authorities when required by law.

5. Data Retention

We retain your data for as long as your account is active. If you close your account, we will delete or anonymise your data within 90 days, except where we are required by law to retain it longer (e.g., financial records under the Kenya Revenue Authority Act).

6. Your Rights

Under the Kenya Data Protection Act 2019, you have the right to access, correct, or delete your personal data. To exercise these rights, contact us at hello@komplitax.co.ke. We will respond within 30 days.

7. Security

We use industry-standard measures to protect your data, including TLS encryption in transit and AES-256 encryption at rest via Supabase. Row-Level Security (RLS) ensures your data is isolated from other users.

8. Cookies

We use session cookies (via Supabase Auth) that are strictly necessary to keep you logged in. We do not use advertising or tracking cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, contact us at hello@komplitax.co.ke.