Privacy Policy

Last updated: February 11, 2026

1. Introduction

Vutia Enterprises ("we", "us", "our") operates the VE.KE platform. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

2. Information We Collect

Information you provide:

  • Contact information: Name, email address, phone number, company name
  • Project details: Descriptions, requirements, and technical specifications submitted through the intake form
  • Payment information: M-Pesa phone number and transaction references (we do not store M-Pesa PINs or account details)
  • Communications: Messages sent through the client portal AI chat and feedback forms

Information collected automatically:

  • Usage data: Pages visited, features used, and timestamps
  • Device information: Browser type, IP address, operating system
  • Authentication data: Magic link usage timestamps and IP addresses for security purposes

3. How We Use Your Information

We use your information to:

  • Analyze project requirements and generate quotes
  • Develop, test, and deploy your software projects
  • Process M-Pesa payments for project milestones
  • Communicate project updates and status changes
  • Authenticate your access to the client portal
  • Improve our AI-powered development services
  • Comply with legal obligations

4. AI Processing

We use AI (Claude by Anthropic) to:

  • Analyze project requirements you submit
  • Generate Business Requirements Documents
  • Provide AI chat support in the client portal
  • Assist in code development

Project descriptions and chat messages are sent to Anthropic's API for processing. We do not share your personal contact details or payment information with AI services.

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Safaricom (M-Pesa): Phone number for payment processing
  • Anthropic (Claude AI): Project descriptions for analysis (no personal identifiers)
  • GitHub: Source code for project repositories
  • Law enforcement: When required by law or to protect our legal rights

6. Data Security

We implement appropriate security measures including:

  • HTTPS encryption for all data in transit
  • Hashed authentication tokens (magic links)
  • Encrypted storage for sensitive credentials
  • IP-based verification for payment webhooks
  • Rate limiting on authentication and payment endpoints

7. Data Retention

  • Project data: Retained for the duration of the project plus 2 years
  • Payment records: Retained for 7 years as required by Kenyan tax law
  • Magic link tokens: Automatically expire after 30 minutes; deleted after use
  • Chat history: Retained for the duration of the project

8. Your Rights

Under the Kenya Data Protection Act (2019), you have the right to:

  • Access your personal data held by us
  • Correct inaccurate personal data
  • Request deletion of your personal data (subject to legal retention requirements)
  • Object to processing of your personal data
  • Request data portability

To exercise these rights, contact us at [email protected].

9. Cookies and Analytics

We may use:

  • Session cookies: Required for authentication and CSRF protection
  • Google Analytics: Website usage statistics (when enabled)
  • Microsoft Clarity: User experience analytics (when enabled)

You can disable analytics cookies through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to active clients via email. Continued use of the Service constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries: