Duka Digital / Privacy

Privacy Policy

This Privacy Policy describes how Duka Digital ("Duka Digital," "we," "our," or "us") collects, uses, discloses, stores, and protects information in connection with dukadigital.com, the Duka Digital web application, and the Duka Digital Android application (collectively, the "Services").

Account deletion Open Duka Digital

Last updated: April 1, 2026 Applies to web and Android Built for shop owners and staff

1. Categories of information we collect

We collect information you provide directly, information generated through your use of the Services, and limited technical information required to operate, secure, and improve the Services.

Account and shop information, including name, email address, phone number, shop name, login credentials, and optional Google sign-in identity details.
Business and transactional records you choose to store in Duka Digital, including products, stock levels, sales, debtor balances, customer names, customer phone numbers, receipts, and shop settings.
Subscription, billing, and payment-related information, including selected billing interval, transaction references, payment status, and processor response data.
Technical, diagnostic, and usage information, including device type, operating system, browser or app version, screen or page activity, crash details, request failures, and performance metrics.
On-device and offline data required for app functionality, including cached files, queued sync operations, session identifiers, and locally stored business records where offline support is enabled.

2. How we use information

We use collected information for legitimate business and operational purposes, including to:

Create, authenticate, and manage user accounts and shop access.
Provide point-of-sale, inventory, debtor management, receipt, analytics, reminder, and related business features.
Synchronize data across sessions and devices, including offline-first workflows where supported.
Process subscriptions, payment confirmations, billing events, and checkout requests.
Send service-related communications such as email verification, password reset messages, and operational alerts.
Monitor performance, diagnose failures, improve reliability, maintain security, and prevent abuse or unauthorized access.

3. Third-party service providers

Certain features of the Services rely on third-party providers that process information on our behalf or in connection with services you choose to use.

Payments and billing may involve providers such as M-PESA and IntaSend.
SMS reminders and alerts may be delivered through Africa's Talking.
Email verification and password reset communications may be delivered through our email infrastructure providers.
Optional Google sign-in uses Google account identity information that you authorize for authentication.

These providers may process personal, business, or transactional information in accordance with their own terms and privacy policies.

4. Android permissions and on-device storage

The Duka Digital Android application currently requests network-related permissions only, including internet access and network state, in order to connect to the Services and synchronize data.

The application may store account and business information locally on the device to support offline operation, queued synchronization, and improved performance.

5. Cookies, session management, and diagnostics

On the web, Duka Digital uses session cookies and browser storage to maintain authenticated sessions, remember interface settings, and support core application reliability. We also collect limited telemetry and diagnostic information to understand failures, monitor performance, and improve the Services.

We make reasonable efforts to filter sensitive fields from telemetry payloads before storage. You should avoid entering confidential information into free-form fields unless it is reasonably necessary for your use of the Services.

6. Disclosure of information

With service providers and infrastructure partners that help us host, secure, authenticate, message, and operate the Services.
With payment processors where necessary to complete a transaction or confirm payment status.
Where required by applicable law, regulation, court order, or a valid governmental request.
Where reasonably necessary to investigate fraud, security incidents, or misuse of the Services.

We do not sell your personal information for advertising purposes.

7. Retention of information

We retain information for as long as reasonably necessary to provide the Services, maintain accounts, support legitimate business operations, resolve disputes, enforce applicable agreements, and comply with legal obligations. Information stored locally on a device may remain until removed by signing out, clearing app data, or uninstalling the application.

Automated inactivity detection. Shops that have had no activity (such as logins, sales, product updates, or dashboard usage) for approximately 180 days may be automatically flagged for deletion. When a shop is flagged, the account owner receives an email warning and has a 14-day grace period to sign in or perform any activity to cancel the process. If no activity occurs during the grace period, shop data is soft-deleted and access is suspended. Soft-deleted data is retained for an additional 30 days before permanent removal, during which time support may be able to assist with recovery. After permanent removal, shop data cannot be restored.

8. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

9. Children's privacy

The Services are intended for merchants, shop owners, and shop staff. The Services are not directed to children under 13, and we do not knowingly design the Services for a child audience.

10. Your choices and responsibilities

You are responsible for ensuring that you have the right to collect, upload, store, and use customer and business information in Duka Digital.
You may update certain shop, account, and customer records from within the product.
If you need to request account deletion, you may use the public account deletion page at /account-deletion.
If your shop is flagged as inactive, you can cancel the scheduled deletion simply by signing in or using any feature of the Services during the grace period.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will publish the revised version on this page and update the "Last updated" date shown above.