Back to home

Legal

Privacy Policy

We take your privacy seriously. This policy explains exactly what data we collect, why we collect it, and how we protect it.

Effective Date: 1 January 2025  |  Last Updated: 20 May 2025

This Privacy Policy applies to FaidaAI ("we", "us", or "our"), a product of Sahan Labs, and governs the collection, use, storage, and sharing of personal data from users of our platform at faidaai.com. We comply with the Kenya Data Protection Act, 2019 and the EU General Data Protection Regulation (GDPR).

1. Who We Are

Sahan Labs is the data controller responsible for your personal information. We are registered in Kenya and operate the FaidaAI platform — an AI-powered WhatsApp Business automation service serving businesses across East Africa and beyond.

Contact: hello@faidaai.com  |  Nairobi, Kenya

2. Data We Collect

We collect the following categories of data:

A. Account Data

  • Full name, email address, and password (hashed — never stored in plain text)
  • Business name, business type, and billing address
  • WhatsApp Business phone number and Meta Business account ID
  • Subscription plan and payment history

B. WhatsApp Conversation Data

  • Inbound and outbound WhatsApp messages processed through our platform
  • Customer names and phone numbers sent to us via the WhatsApp Business API
  • Media files (images, documents) shared in conversations
  • AI-generated responses and confidence scores

C. Usage and Technical Data

  • Browser type, IP address, device type, and operating system
  • Pages visited, features used, and session duration
  • API call logs and error reports

D. Knowledge Base Content

  • Articles, FAQs, product descriptions, and pricing information you upload

3. How We Use Your Data

  • To deliver our service: Process WhatsApp messages, generate AI replies, manage orders and conversations
  • To improve the AI: Analyse conversation patterns to improve response quality (anonymised where possible)
  • To manage billing: Process subscription payments via our payment processor
  • To send you notifications: Alerts about your account, new features, or billing changes
  • To enforce our Terms: Detect and prevent abuse, fraud, or policy violations
  • To comply with law: Meet legal obligations under Kenyan and international law

4. Who We Share Your Data With

We do not sell your data. We share it only with the following trusted service providers:

  • Meta (WhatsApp): To send and receive WhatsApp messages via the WhatsApp Business API
  • OpenAI: To generate AI responses to customer messages. Data sent is subject to OpenAI's privacy policy and data use agreements
  • Supabase / PostgreSQL: Secure database hosting for your business and conversation data
  • Hostinger VPS: Self-hosted cloud server where our backend and frontend run
  • Payment Processor: For handling subscription billing (card and Mpesa)
  • Sentry: Error monitoring and crash reporting (no personal message content sent)

All third-party providers are contractually bound to process your data only as instructed by us and to maintain appropriate security measures.

5. Data Retention

  • Account data: Retained for as long as your account is active, plus 90 days after account closure
  • Conversation data: Retained for 12 months by default; you may delete individual conversations at any time
  • Billing records: Retained for 7 years to comply with financial regulation
  • Usage logs: Retained for 90 days for security and debugging purposes

6. Your Rights

Under the Kenya Data Protection Act and GDPR, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and personal data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing of your data for direct marketing
  • Restriction: Request that we restrict processing of your data in certain circumstances

To exercise any of these rights, email hello@faidaai.com. We will respond within 30 days.

7. Data Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, bcrypt password hashing, role-based access controls, regular security audits, and automated threat monitoring. Our infrastructure runs on enterprise-grade cloud providers with SOC 2 compliance.

8. International Transfers

Your data may be processed in countries outside Kenya, including the United States and the European Union, by our service providers. We ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs) or equivalent mechanisms.

9. Cookies

We use cookies to maintain your login session and analyse platform usage. See our full Cookie Policy for details.

10. Children

FaidaAI is a business tool intended for users aged 18 and over. We do not knowingly collect data from individuals under 18. If you believe a minor has created an account, contact us immediately.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or via an in-app notification at least 14 days before changes take effect. Continued use of FaidaAI after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights:
Email: hello@faidaai.com
Postal: Sahan Labs, Nairobi, Kenya