Privacy Policy

This policy describes how Certus Holdings LTD (trading as Certus Enterprise) collects, uses, and protects your personal data. We comply with the Kenya Data Protection Act (2019), the EU General Data Protection Regulation (GDPR), and other applicable laws.

• Identity & Contact: Name, email, phone number.
• Delivery: Street address, city, region, country.
• Payment: Transaction references and status only. Card numbers and PINs are handled exclusively by Paystack, PayPal, and Pesapal.
• Account: Profile photo (if uploaded), order history, saved addresses.
• Usage: Pages visited, device and browser info, IP address.

• Process and fulfil your orders; communicate with couriers.
• Send order confirmations, receipts, and delivery updates.
• Manage your account and address book.
• Respond to support queries and complaints.
• Comply with legal obligations (fraud prevention, tax).
• Improve our platform through aggregated analytics.
• Send promotions — only with your explicit consent; opt-out anytime.

• Delivery Couriers: Name, phone, address for delivery only.
• Payment Processors: Paystack, PayPal, Pesapal — for transactions, under their own policies.
• Google Firebase: Database, authentication, and storage provider.
• Legal Authorities: When required by law or court order.

Under the Kenya Data Protection Act (2019) and GDPR (where applicable):

To exercise any right, email certusenterprise25@gmail.com. We respond within 30 days. To escalate: Office of the Data Protection Commissioner (Kenya) — odpc.go.ke.

We retain your data while your account is active and for 7 years after for legal/tax compliance. We use essential cookies for sessions and cart, and optional analytics cookies. Control cookies via your browser settings.