← Back to home

Privacy Policy

Effective date: June 2, 2026

1. Who we are

Daichi Procurement Solutions ("Daichi", "we", "us") operates the Daichi Platform, a cloud-based procurement management service for corporates and NGOs in Kenya. This policy explains how we handle personal and company data on the platform and is aligned with Kenya's Data Protection Act, 2019 and the EU GDPR.

2. Data we collect

  • Account & user details: full name, email, phone, role, company affiliation, avatar, last active timestamp.
  • Company details: company name, subscription plan, branding (logo, primary colour).
  • Procurement data: purchase orders, line items, approvals, supplier records, RFQs and quote responses.
  • Contract documents: uploaded contract files, titles, parties, value, start/end dates and renewal reminders.
  • Budget & financial data: departmental annual budgets, fiscal year, spend against budget.
  • Technical data: IP address, browser, device, and audit log entries needed for security and traceability.

3. How we use your data

  • Provide and operate the platform under your subscription.
  • Authenticate users and enforce role-based access controls.
  • Process and route purchase orders, approvals, RFQs and contract workflows you initiate.
  • Generate reports, exports and analytics for your company.
  • Maintain audit trails for compliance, security investigations and dispute resolution.
  • Send service notifications (e.g. PO approvals, contract renewal reminders) and respond to support requests.

We do not sell your data and we do not use your procurement, supplier or contract content to train machine-learning models.

4. Legal basis (GDPR)

Where GDPR applies, we process personal data on the basis of contract performance (delivering the service), legitimate interests (securing the service, fraud prevention) and legal obligation (record-keeping for tax/audit). For optional communications we rely on consent, which you can withdraw at any time.

5. Sharing & sub-processors

Data is hosted with vetted infrastructure providers (database and file storage) under contracts that include confidentiality and security obligations. We do not share your company data with other Daichi customers. We may disclose data where required by Kenyan law or a valid legal order.

6. Retention

  • Procurement records, contracts and audit logs: retained for the duration of your subscription and for a further 7 years to meet Kenyan tax and corporate record-keeping requirements.
  • User account data: retained while the user is active, then anonymised within 90 days of account deactivation.
  • Backups: encrypted backups are retained for 30 days on a rolling basis.

7. Your rights

You have the right to access, correct, delete, restrict or object to processing of your personal data, and the right to data portability — including export of your purchase orders, suppliers, contracts and budgets in CSV or PDF format. You may also lodge a complaint with the Office of the Data Protection Commissioner of Kenya.

8. Security

Data is encrypted in transit (TLS) and at rest. Access is governed by row-level security policies and role-based permissions. All actions are recorded in an audit log.

9. Contact for data requests

To exercise your rights or ask a data-protection question, email privacy@daichi.co.ke. We respond within 30 days.