Thibitisha

Privacy Policy

Last updated: January 2025

Introduction

This Privacy Policy describes how Thibitisha ("we", "us", or "our") collects, uses, and protects your personal information when you use our payroll compliance platform. By using Thibitisha, you consent to the practices described in this policy.

Information We Collect

We collect information you provide directly: name, email address, phone number, KRA PIN, NSSF number, SHIF number, employment details, and banking information. We also collect usage data such as log-in times, features accessed, and device information.

How We Use Your Information

We use your information to: process payroll and statutory deductions; generate tax certificates and KRA submission files; provide customer support; improve our platform; send service-related notifications; and comply with legal obligations under Kenyan law.

Data Storage and Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We implement role-based access controls, multi-factor authentication, and immutable audit trails. Payroll records are retained for a minimum of 7 years in compliance with KRA requirements.

Data Sharing and Disclosure

We do not sell your personal information. We may share data with: your employer (for payroll processing); authorised accountants assigned to your company; KRA (as required for tax compliance); and service providers who assist in operating our platform, subject to strict confidentiality agreements.

Your Rights

Under the Kenya Data Protection Act, 2019, you have the right to: access your personal data; request correction of inaccurate data; request deletion of your data (subject to legal retention requirements); object to processing; and data portability. Contact us at privacy@thibitisha.com to exercise these rights.

Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. Analytics cookies may be used to improve platform performance and are anonymised.

Children’s Privacy

Thibitisha is not directed at children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification. Continued use of Thibitisha after changes constitutes acceptance of the updated policy.