Readiwork Limited is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our platform and API services. We operate in compliance with the Kenya Data Protection Act, 2019 and all applicable regulations.
1 Who We Are
Readiwork Limited ("Readiwork", "we", "us", "our") is a company registered in Kenya that provides businesses with API-based access to credit checking and identity verification services.
For the purposes of data protection law, Readiwork acts as a data processor when handling End User credit data on behalf of our Clients (who are the data controllers), and as a data controller in relation to our Clients' own account and billing information.
2 Information We Collect
2.1 Information you provide to us
- Account registration details: name, email address, phone number, company name.
- Billing information: top-up amounts and payment method details (payment details are processed by our payment provider, we do not store card numbers).
- Communications: emails or messages you send to our support team.
2.2 Information collected automatically
- API usage logs: timestamp, endpoint called, response code, credit balance change.
- Device and access data: IP address, browser type, operating system.
- Cookies and analytics data (see Section 10).
2.3 End User credit & identity data
When our Clients use the API to run a check on an individual (End User), we temporarily process that individual's National ID number and the resulting credit or identity data returned by the bureau. We do not collect or store this data beyond the immediate API transaction, see Section 4.
3 How We Use Your Information
We use the information we collect to:
- Create and manage your account on the Readiwork platform.
- Process your credit top-ups and deduct credits per API call.
- Provide customer support and respond to enquiries.
- Send transactional emails (e.g. receipts, low-balance alerts, account notifications).
- Monitor and maintain the security and performance of our platform.
- Comply with legal and regulatory obligations.
- Improve our services based on aggregated, anonymised usage data.
- Generate AI-assisted risk indicators and decision-support insights for authorised Clients.
We do not use your data for unsolicited marketing without your explicit consent.
4 Credit & Identity Data (End User Data)
Our core data principle
Readiwork is a pass-through API service. When a Client makes an API call to check an individual's credit or identity, we transmit the request to the relevant licensed credit bureau and return the result directly to the Client. We do not store, retain, or re-process End User credit data after the API response is delivered.
- National ID numbers submitted in API requests are used solely to retrieve the requested report and are not stored in our databases.
- Credit reports, scores, blacklist results, and identity details are passed directly to the Client and not retained on our servers.
- Short-lived API logs (for debugging and billing purposes) may record that a request was made to a specific endpoint, but do not store the content of the credit report or identity information returned.
- Clients are responsible for how they store and use the data returned by the API.
5 Legal Basis for Processing
Under the Kenya Data Protection Act, 2019, we process personal data on the following lawful grounds:
- Contract performance to provide the API services you have signed up for.
- Legitimate interests to maintain platform security, prevent fraud, and improve our services.
- Legal obligation to comply with Kenyan law, CBK regulations, and regulatory directives.
- Consent for any marketing communications, where applicable.
For End User credit data, the lawful basis is the explicit consent obtained by the Client from the End User before the check is initiated.
6 How We Store Your Data
- Account and billing data is stored on secure servers located in Kenya or within jurisdictions offering equivalent data protection standards.
- All data in transit is encrypted using TLS (HTTPS).
- Access to personal data is restricted to authorised Readiwork staff on a need-to-know basis.
- We implement regular security reviews and access control audits.
- In the event of a data breach affecting your personal data, we will notify you in accordance with the Kenya Data Protection Act.
7 Who We Share Data With
We do not sell your personal data. We may share data only in the following circumstances:
- Licensed Credit Reference Bureaus End User ID numbers are submitted to the bureau to retrieve the requested report, as authorised by the Client and End User.
- Payment processors billing data is shared with our payment provider solely to process top-up transactions.
- Service providers trusted third-party vendors (e.g. cloud hosting, email delivery) who process data on our behalf under strict data processing agreements.
- Legal authorities where required by law, court order, or regulatory directive.
8 Data Retention
- Account data is retained for the duration of your account and for 7 years after closure, as required for financial and legal compliance.
- API usage logs (endpoint, timestamp, credit deduction) are retained for 12 months for billing and debugging purposes.
- End User credit & identity data is not retained beyond the API transaction session.
- Support communications are retained for 3 years.
9 Your Rights
Under the Kenya Data Protection Act, 2019, you have the following rights:
- Right of access request a copy of the personal data we hold about you.
- Right to rectification request correction of inaccurate or incomplete data.
- Right to erasure request deletion of your data, subject to legal retention requirements.
- Right to restrict processing request that we limit how we use your data.
- Right to data portability receive your data in a structured, machine-readable format.
- Right to object object to processing based on legitimate interests.
- Right to withdraw consent where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@readiwork.co.ke. We will respond within 21 days.
10 Cookies
Our website uses cookies to improve your experience. We use:
- Essential cookies required for the platform to function (login sessions, security tokens).
- Analytics cookies to understand how visitors use our site (page views, device type). Data is aggregated and anonymised.
- Preference cookies to remember your settings and preferences.
You can manage cookie preferences through your browser settings. See our Cookie Policy for more details.
11 Third-Party Links
Our platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policy of any external site you visit.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify registered Clients by email and update the "Last updated" date at the top of this page.
13 Contact Us
For any privacy-related queries, requests, or complaints, please reach out to us:
