Kenya Parts Logo
  1. Home
  2. privacy_policy

Terms and Conditions

CAR PARTS KENYA APP
PRIVACY POLICY
Effective Date: 4th February 2026 | Last Updated: May 2026
1. Introduction
Welcome to the Privacy Policy of the Car Parts Kenya App ("App"), developed and operated by CAR PARTS KENYA APP ("we", "our", or "us"). We are a Kenyan-based online marketplace connecting buyers and sellers of motor vehicle spare parts.
This Privacy Policy explains how we collect, use, disclose, retain, and protect the personal and sensitive data we acquire through your use of the App. It also explains your rights with respect to that data. By downloading, registering, or using the App, you agree to the terms described in this Privacy Policy.
This policy complies with the Kenya Data Protection Act (DPA) 2019 and applicable Google Play Store data safety requirements.
2. Data We Collect
We collect data in three ways:
a) Information You Provide Directly
• Registration details: your full name, email address, and mobile phone number
• Spare parts listings: photos of spare parts uploaded from your device gallery or captured using your device camera, along with item descriptions, pricing, and condition details
• Transaction details: mobile number used to initiate M-Pesa USSD STK Push payments via Safaricom PLC's Daraja API
• Communications: any messages or queries you send through the App or to our support team
b) Information Collected Automatically
• Device information: device model, operating system version, app version, and unique device identifiers
• App usage logs: screens accessed, session duration, error reports, and interaction timestamps
• Transaction metadata: timestamps, order identifiers, and payment status logs
• Network information: IP address and mobile network operator (used for fraud prevention)
c) Information from Third Parties
• Payment confirmation data from Safaricom PLC (M-Pesa Daraja API), limited to transaction status and reference numbers
• We do not purchase or receive marketing data from any third-party data brokers
3. How We Use Your Data
We use your data solely to provide, maintain, and improve the marketplace experience. Specifically, we use it to:
• Display spare parts listings to buyers and sellers browsing the App
• Facilitate secure communication and transactions between buyers and sellers
• Process payments via the integrated M-Pesa STK Push through Safaricom PLC's Daraja API sandbox
• Verify user identity and detect or prevent fraudulent activity
• Send operational notifications such as order updates, payment confirmations, and account alerts
• Improve App features, performance, and overall user experience through usage analytics
• Respond to customer support enquiries and resolve disputes
• Comply with legal, tax, and regulatory obligations under Kenyan law
We do NOT use your personal data to serve advertisements within the App. We do not engage in profiling or automated decision-making that produces legal or similarly significant effects on users.
4. Data Sharing and Disclosure
We do not sell, rent, or exchange your personal or sensitive data to third parties for monetary or marketing purposes. We share data only in the following limited circumstances:
a) With Other App Users
Photos of spare parts (uploaded from your gallery or captured using your camera) and listing descriptions are shared with other users of the App as part of the buying and selling process. Your personal contact details (e.g., mobile number) are not publicly disclosed to other users.
b) With Payment Service Providers
To process M-Pesa payments, we transmit your registered mobile number to Safaricom PLC via the Daraja API. This transmission is encrypted and limited to what is strictly necessary to initiate and complete a transaction.
c) With Service Providers
We may engage trusted third-party service providers (e.g., cloud hosting and IT support) who process data on our behalf under strict confidentiality and data processing agreements.
d) For Legal or Regulatory Reasons
We may disclose your data if required by applicable Kenyan law, a valid court order, or a lawful request from a government authority. We will notify you of such disclosure to the extent permitted by law.
We do not publicly disclose personal financial information, payment activity details, or government identification numbers.
We do not authorize the publishing or disclosure of non-public contacts of individuals using the App.
5. M-Pesa Payments (STK Push)
Checkout within the App is facilitated through M-Pesa's STK Push via Safaricom PLC's Daraja API production. When you initiate a payment:
• A payment prompt is sent directly to your mobile phone from Safaricom
• You complete the transaction using your M-Pesa PIN on your device
• We do not collect or store your M-Pesa PIN at any time
• Transaction records (amount, status, reference ID, and timestamp) are logged securely on our servers for dispute resolution and compliance purposes
6. App Permissions
The App requests only the permissions necessary for its core functions. Below is a full account of what we access and what we do not:
Permissions We Request
• Storage / Photos (mandatory): required to allow you to upload photos of spare parts from your device gallery when creating listings
Permissions We Do NOT Request
• Camera (optional): used only when you choose to take a live photo of a spare part when creating a listing. You may alternatively upload from your gallery. Camera access is never initiated without your explicit action
• Microphone: we do not access your microphone
• Contacts or call logs: we do not access your contacts or call history
• Calendar: we do not access your calendar
• Location: we do not collect or track your GPS or network location
We do not collect or link persistent device identifiers for the purpose of tracking or identifying users across unrelated applications or sessions.
7. Data Retention
We retain your data only for as long as necessary to fulfil the purposes outlined in this policy, subject to legal and regulatory requirements:
• Account and registration data: retained for the duration of your active account, and for up to 7 years after account closure for tax and compliance purposes
• Spare parts listing photos: retained for the lifetime of the listing plus 24 months for dispute resolution purposes
• Transaction records: retained for 7 years in accordance with Kenyan tax and financial regulations
• App usage logs: retained for up to 12 months, then anonymised or deleted
• Support communications: retained for up to 3 years from the date of closure of the query
Upon expiry of these periods, data is securely deleted or irreversibly anonymised.
8. Security of Your Data
We are committed to protecting your data using industry-standard security measures, including:
• HTTPS (TLS encryption) for all data transmitted between your device and our servers
• Encryption of sensitive data at rest on our secure cloud infrastructure
• Role-based access controls limiting staff access to personal data on a need-to-know basis
• Audit logs to detect and investigate unauthorised access or misuse
• Regular security reviews of our systems and third-party integrations
While we employ strong safeguards, no digital system is completely immune to risk. Transmission of data over the internet carries inherent risks, and we cannot guarantee absolute security. We encourage you to use a strong, unique password and to keep your device secure.
We do not provide anti-virus, anti-malware, or device security features within the App.
9. Children's Privacy
The Car Parts Kenya App is intended solely for use by adults and registered businesses. It is not designed for or directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately at info@carpartske.com and we will take prompt steps to delete such data.
10. Your Data Rights
Under the Kenya Data Protection Act 2019, you have the following rights with respect to your personal data:
• Right of Access: you may request a copy of the personal data we hold about you
• Right to Rectification: you may request correction of inaccurate or incomplete data
• Right to Erasure: you may request deletion of your personal data, subject to our legal retention obligations
• Right to Restriction: you may request that we restrict processing of your data in certain circumstances
• Right to Object: you may object to the processing of your personal data for purposes other than those strictly necessary to provide the service
• Right to Data Portability: you may request your data in a structured, commonly used, machine-readable format
To exercise any of these rights, please contact us using the details in Section 14. We will respond within 30 days of receiving your request.
11. Account and Data Deletion
You may request deletion of your account and associated personal data at any time by:
• Navigating to Settings within the App and selecting "Delete Account"
• Sending a written request to info@carpartske.com with the subject line "Account Deletion Request"
Upon receiving a valid request, we will delete or anonymise your personal data within 30 days, except where retention is required for legal, tax, regulatory, or legitimate dispute-resolution purposes. In such cases, access to retained data will be restricted until the applicable retention period expires.
12. International Data Transfers
Our primary operations and data storage are based in Kenya. However, some of our third-party service providers (such as cloud infrastructure providers) may store or process data in other jurisdictions. Where data is transferred outside Kenya, we ensure that appropriate safeguards are in place in compliance with the Kenya Data Protection Act 2019 and applicable data transfer regulations.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or Google Play Store data safety requirements. When we make material changes, we will:
• Notify you through a prominent in-app notice
• Update the "Last Updated" date at the top of this document
• Where required, seek your renewed consent
Continued use of the App following notification of changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
14. Compliance and Governing Law
This Privacy Policy is governed by and complies with:
• The Kenya Data Protection Act (DPA) 2019
• The Kenya Communications Act and related subsidiary legislation
• Google Play Store Developer Programme Policies (Data Safety requirements)
This policy is governed by the laws of the Republic of Kenya. Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Kenya.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Car Parts Kenya App
• Email: hi@carpartske.com
• Telephone: +254 721 860 180
• Location: Nairobi, Kenya
We aim to respond to all enquiries within 5 business days.