Kashyka logoKashYka

Kashyka Privacy Policy

KASHYKA respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you install or use the Browser.

By installing or using the Browser, you agree to this Policy. If you do not agree, please discontinue use of the Browser.

Effective Date
May 8, 2026
Last Updated
May 8, 2026
Privacy Contact
support@kashyka.com

Overview

KASHYKA only collects data that is necessary to provide the Browser’s features securely and effectively. We do not collect browsing history, passwords, or private communications unless you explicitly opt in to a feature that requires that information, such as syncing bookmarks.

This policy applies to personal data collected through the Browser and related support interactions connected to the Browser.

1. Data Controller

The Data Controller responsible for your personal data is:

Company/Developer Name
Kashyka Ltd.
Registered Address
Bishop Magua Centre, Ngong Road, Nairobi, Kenya

If you are located outside Kenya, including in the EU, UK, or US, this entity also acts as the data controller for GDPR and CCPA compliance.

2. Information We Collect

We only collect data necessary to provide the Browser’s features securely and effectively.

2.1 Data You Provide

  • Contacts Data: Names, numbers, or emails accessed only upon your explicit consent to enable features such as contact-based sharing or autocompletion.
  • SMS Data: Message content that you initiate via the Browser, including sharing links or sending messages.
  • Support Information: When you contact us for help, we may collect your name, email, and issue details.

2.2 Automatically Collected Data

  • Device Information: Android version, device ID, country, and language.
  • Usage Data: Aggregated, anonymized interactions with the Browser.
  • Network Data: Type of connection, including Wi-Fi or mobile, to optimize browsing performance.

We do not collect browsing history, passwords, or private communications unless you explicitly opt in to a feature that requires it.

4. Purpose of Data Collection

Your information is used to:

  1. Provide Browser functionality, including web access, contact-based sharing, and user-initiated SMS sending.
  2. Facilitate support and communication with you.
  3. Maintain app performance and security.
  4. Comply with legal or regulatory obligations under Kenyan or international law.

We will never use your personal data for marketing or profiling without your explicit, informed consent.

5. Sensitive Permissions and User Control

Our Browser requests the following sensitive Android permissions:

PermissionPurposeConsent type
Contacts AccessTo enable sharing and autocompletion features.Explicit consent via system prompt
SMS Access/SendingTo send messages initiated by you.Explicit consent via system prompt
Network AccessTo deliver core browsing features.Functional requirement

Each permission is accompanied by an in-app disclosure, as required by Google Play’s User Data Policy.

You can withdraw permissions at any time through your device settings.

6. Data Retention

We retain data only as long as necessary to fulfill the purpose for which it was collected:

  • Contacts and SMS Data: Stored locally on your device unless you choose to sync or export it.
  • Analytics Data: Retained in anonymized form for up to 12 months.
  • Support Communications: Retained for up to 24 months.

Once the retention period expires, data will be securely deleted or anonymized.

7. Data Storage and Security

We employ administrative, technical, and physical safeguards to protect your data:

  • End-to-end encryption using TLS/HTTPS for data in transit.
  • Secure local storage following Android’s Scoped Storage model.
  • Access controls and audit trails for all internal data handling.
  • Regular penetration testing and vulnerability monitoring.

If a personal data breach occurs that may affect your rights, we will notify you and the ODPC and/or any other relevant authority within the legally prescribed timeframe.

8. Cross-Border Data Transfers

If data is transferred outside Kenya, including to EU or US servers for hosting or analytics, we ensure that:

  • The destination country provides adequate data protection as determined by the ODPC; or
  • We have executed legally binding instruments such as Standard Contractual Clauses (SCCs); or
  • You have provided explicit consent for the transfer.

We always ensure equivalent levels of protection as required by the Kenya DPA, GDPR, and similar frameworks.

9. Data Sharing and Disclosure

We do not sell, rent, or trade personal information.

We may share data only with:

  • Service providers under strict contractual confidentiality, including analytics and hosting providers.
  • Regulatory or law enforcement authorities where required by law.
  • Third-party integrations, including search engines or APIs, that you explicitly choose to use within the Browser.

All processors act under written data processing agreements compliant with Kenyan and international law.

10. Your Rights

Under the Kenya Data Protection Act, 2019, you have the following rights:

  • Right to be informed about the collection and use of your data.
  • Right of access to request a copy of your personal data.
  • Right to rectification to correct inaccurate or incomplete information.
  • Right to deletion to request erasure of your personal data.
  • Right to object to or restrict processing where applicable.
  • Right to data portability to receive your data in a structured, machine-readable format.
  • Right to withdraw consent at any time without affecting prior lawful processing.
  • Right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC).

For GDPR, UK, or CCPA users, equivalent rights apply under those frameworks.

You can exercise your rights by emailing support@kashyka.com. We will respond within the statutory timelines, typically 21 days in Kenya and 30 days under GDPR.

You may also lodge a complaint with the Office of the Data Protection Commissioner (ODPC).

11. Children's Privacy

Our Browser is not intended for children under eighteen (18) years. We do not knowingly collect or process data from minors.

If such data is collected inadvertently, please contact us for immediate deletion.

12. Third-Party Services

The Browser may include links to external websites or third-party tools. We are not responsible for their privacy practices.

You are encouraged to review those third-party privacy policies independently.

13. Data Protection Officer (DPO)

In compliance with Section 24 of the Kenya DPA and Article 37 of GDPR, we have appointed a Data Protection Officer responsible for oversight of compliance and user inquiries.

Name
Kashyka Privacy Office
Address
Bishop Magua Centre, Ngong Road, Nairobi, Kenya

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect legal or operational changes.

Updated versions will be posted within the Browser and on our website. Material changes will be communicated through an in-app notice or email where appropriate.

15. Contact and Complaints

For inquiries, rights requests, or complaints, please contact the Privacy Office or Data Protection Officer using the details below:

Address
Bishop Magua Centre, Ngong Road, Nairobi, Kenya

If you remain unsatisfied, you may escalate your complaint to the Office of the Data Protection Commissioner (ODPC).

Need help with a privacy request?

For access, correction, deletion, portability, or complaint requests, contact Kashyka through the public support channels below.

Address

Bishop Magua Centre, Ngong Road, Nairobi, Kenya

If you need general assistance beyond privacy requests, the public contact page remains available without authentication.

Contact Kashyka