Privacy policy

Privacy Policy

This policy sets out the basis on which RiverPen collects, uses, discloses, stores, and protects personal data in connection with its web, software development, and graphics design services.

Information we collect

When you contact RiverPen, request a proposal, place an order, or use a website or software product we build, RiverPen may collect names, business details, contact information, project instructions, uploaded files, billing information, and technical usage data such as browser, device, and log information.

  • Prospect and client contact details used to prepare quotations, administer projects, and respond to support requests.
  • Project materials such as brand assets, copy, documents, images, briefs, and instructions supplied for performance of the services.
  • Operational data such as invoices, payment status, delivery records, analytics, and system logs.

How we use data

  • To deliver the services requested, including design, development, hosting support, maintenance, and project communications.
  • To issue invoices, manage payments, maintain records, and comply with tax, accounting, and legal obligations.
  • To secure systems, prevent abuse, investigate issues, and improve service quality.
  • To send marketing or update communications only where permitted by law or where consent has been obtained.

Sharing and transfers

  • RiverPen may use trusted processors for hosting, email, payment, analytics, file storage, and support tooling.
  • Personal information is not sold.
  • Where data is transferred outside Kenya, appropriate safeguards and transfer terms are used to the extent required by law.
  • Client-supplied content is disclosed only as necessary to perform the project or comply with legal obligations.

Retention and rights

  • Records are retained only for as long as reasonably necessary for the applicable service, legal, tax, audit, or dispute purpose.
  • You may request access, correction, deletion, restriction, or portability of your personal data by contacting us.
  • If a request cannot be granted in full, the lawful basis for the refusal and the retained portion will be explained.

Security and limits

  • Reasonable technical and organisational safeguards are used, although no internet-based service can be guaranteed to be perfectly secure.
  • Access credentials, secret keys, and sensitive files should be provided only through approved secure channels.
  • This policy is a business document and should be reviewed by Kenyan counsel before publication.

Effective date: August 24, 2025