Privacy Policy

Tideflash ("we," "our," or "us") operates the Moolyka platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, in compliance with the Kenya Data Protection Act, 2019.

By using Moolyka, you consent to the data practices described in this policy. If you do not agree, please do not access or use our services.

2.1 Information You Provide

Account Information:

• Full name
• Email address
• Phone number (for M-Pesa users)
• Organization details (for beneficiaries/suppliers)
• Profile photo (optional)

Donation Information:

• Payment details (processed via secure gateways - not stored on our servers)
• Donation amounts and dates
• Selected items and quantities
• Delivery preferences and addresses

Project/Product Information:

• Project descriptions and photos
• Product listings and specifications
• Location data
• Impact reports and updates

2.2 Automatically Collected Information

• IP address and device information
• Browser type and version
• Pages visited and time spent
• Referral URLs
• Cookies and similar technologies

2.3 Information from Third Parties

• Payment processors (M-Pesa, Stripe, crypto exchanges)
• Verification services for projects
• Social media platforms (if you connect accounts)

We use collected information to:

• Provide Services: Process donations, manage accounts, facilitate deliveries
• Communication: Send transaction confirmations, impact reports, platform updates
• Verification: Authenticate users, verify projects and suppliers
• Improvement: Enhance platform features and user experience
• Transparency: Generate public donation reports (anonymized - no personal identifiers)
• Security: Detect and prevent fraud, unauthorized access
• Legal Compliance: Meet regulatory requirements under Kenyan law

4.1 When We Share

We may share information:

• With Suppliers: Necessary details to fulfill your donations (name, delivery address, item specifics) - Suppliers are independent third parties bound by their own privacy policies
• With Beneficiaries: Information about donated items being delivered (anonymous donor identity maintained by default)
• With Service Providers: Payment processors, hosting services, analytics providers under strict confidentiality agreements
• For Legal Reasons: To comply with Kenyan laws, regulations, or legal requests from courts or government agencies
• For Protection: To protect rights, property, or safety of users/public
• With Consent: When you explicitly authorize sharing

4.2 Third-Party Disclaimer

4.3 Blockchain Transparency

Certain transaction data is recorded on public blockchains (Ethereum, Solana, etc.) for transparency:

• Donation amounts (in crypto or converted value)
• Timestamp of transactions
• Delivery confirmation hashes
• Wallet addresses (for crypto donations only - pseudonymous)

Important: Personal identification information (names, emails, phone numbers) is NEVER stored on blockchain. Once recorded, blockchain data cannot be deleted or modified.

5.1 Google Analytics

We use Google Analytics to understand platform usage:

• Tracks: Page views, session duration, user demographics (anonymized)
• Purpose: Improve user experience, optimize features
• Data: Aggregated and anonymized - no personal identifiers
• Opt-out: Available through Google Analytics opt-out browser add-on

5.2 Cookies & Similar Technologies

We use:

• Essential Cookies: Required for platform functionality (login, cart, checkout)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us improve platform performance
• Marketing Cookies: Show relevant impact stories and campaigns

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

We implement industry-standard security measures including:

• Encryption of sensitive data (AES-256 at rest, TLS 1.3 in transit)
• Secure socket layer (SSL) technology for all connections
• Regular security audits and penetration testing
• Role-based access controls and multi-factor authentication for staff
• Secure payment processing via SMPLY Pay (PCI-DSS compliant)
• Regular data backups with encrypted storage

While we strive to protect your information, no method of transmission over the internet is 100% secure. You use the platform at your own risk.

Under the Kenya Data Protection Act, 2019, you have the following rights:

To exercise these rights, contact us at privacy@moolyka.com. We will respond within 30 days as required by law. If unsatisfied with our response, you may complain to the Office of the Data Protection Commissioner.

Moolyka is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover such collection, we will delete it promptly. Parents or guardians who believe we may have collected information from a child should contact us immediately.

We may update this policy periodically. We will notify users of material changes via email or platform notification. Continued use after changes constitutes acceptance. The "Last Updated" date at the top of this page indicates when changes were made.