Privacy Policy

Last updated: February 2026

This Privacy Policy describes how Paylink IT Systems ("we," "our," or "us"), operating as an Independent Software Vendor (ISV), collects and processes information. As a non-custodial technology provider, we never hold or manage your business funds; we provide the software layer to orchestrate your existing M-PESA tools.

1. Information We Collect

We collect the following technical and personal information to facilitate our SaaS suite:

  • Personal & Business Information: Name, contact details, and KRA PIN required for service licensing.
  • Integration Credentials: Encrypted M-PESA API keys provided by you to allow our software to trigger prompts on your behalf.
  • Transaction Metadata: We process transaction statuses and timestamps for your digital ledger. We do not have access to your bank or mobile money balances.
  • Technical Data: IP addresses and device info required for secure POS software operations.

2. How We Use Your Information

  • To provide the Paylink Cloud and POS software interfaces.
  • To orchestrate STK Push prompts directly to your customers via Safaricom APIs.
  • To provide real-time business analytics and inventory tracking.
  • To ensure compliance with the Office of the Data Protection Commissioner (ODPC).

3. Data Role & Legal Basis

Under the Data Protection Act (2019), Paylink acts as a Data Processor for the business data you input and a Data Controller for your account management data. Our processing is based on the Performance of a Contract to provide software services.

4. Non-Custodial Disclosure

Paylink does not sell data. We share information only with:

  • Safaricom M-PESA: To execute the payment prompts you initiate.
  • Regulators: The Communications Authority or ODPC when required by Kenyan law.

5. Data Security

We implement technical measures including AES-256 encryption for API credentials at rest and secure JWT-based authentication for all attendant accounts.

6. Your Rights

You retain all rights to access, rectify, or request the erasure of your data. Because we are an ISV, you may also request a portable export of your inventory and transaction history at any time.

7. Contact Us