Privacy Policy for Uwazo

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Uwazo Service (the "Service") and tells You about Your privacy rights and how the law aims to protect You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
• Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Uwazo.
• Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
• Country refers to: Kenya.
• Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
• Large Language Models (LLMs) refer to third-party artificial intelligence services, such as Google Gemini and OpenAI models, that We use to process Your queries and generate responses within the Service.
• Personal Data is any information that relates to an identified or identifiable individual. This includes information You provide directly, information collected automatically, and information contained within User Documents and Chat Content.
• Service refers to the Uwazo AI-powered chat application and related services accessible via the Website, designed to provide information on tax, laws, and business regulations.
• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service.
• User Documents refer to files You voluntarily upload to the Service, which may contain personal or sensitive information such as tax records, legal agreements, or business records, used to provide context to the LLM.
• Chat Content refers to the messages, queries You submit to the AI within the Service, and the responses generated by the AI.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website refers to Uwazo, accessible from https://www.uwazo.com/
• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

2. Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We collect the following types of Personal Data:

Information from Social Authentication:

• Email address
• Display Name (First name and last name or preferred display name)
• Profile Photo

Information You Provide Directly:

• User Documents: Files You choose to upload to the Service. You acknowledge that these documents may contain sensitive personal or business information.
• Chat Content: The queries You submit and the conversations You have with the AI.
• Profile Information: Profile details You submit on the Service.

Information for Payments:

• Payment details necessary to process transactions (We do not directly store Your full payment card information).

You are responsible for the accuracy of the information You provide to Us and for ensuring You have the right to upload any User Documents.

Usage Data

Usage Data is collected automatically when using the Service. This may include information such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service, manage Your Account, and enable core functionalities.
• To personalize Your experience and provide context to our AI: Information such as Your name, User Documents, and Chat Content is used to tailor the LLM's responses and make the Service more relevant to You.
• To enable AI functionalities: Your Chat Content and relevant, contextual portions of Your User Documents are processed by third-party Large Language Models (LLMs) such as Google Gemini and OpenAI to generate responses to Your queries. Important: We do not use Your Personal Data, User Documents, or Chat Content to train or fine-tune these LLMs. The data is sent to these LLMs solely for the purpose of generating a response to Your specific query within the Service.
• To manage Your Account: to manage Your registration and authentication as a user of the Service.
• To contact You: To contact You by email regarding important updates to the Service, security notices, or information related to Your Account or use of the Service.
• To manage Your requests: To attend and manage Your requests to Us.
• To process payments: To facilitate transactions for any paid features of the Service.
• For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.

Sharing of Your Personal Data

We may share Your personal information in the following situations:

• With Service Providers: We share Your personal information with Service Providers to facilitate authentication, store and manage Your User Documents, process Your Chat Content, process payments, and analyze Service usage. These Service Providers are contractually obligated to protect Your data and are not permitted to use it for any purpose other than providing services to Us.
• For business transfers: As described in the "Use of Your Personal Data" section.
• With Your consent: We may disclose Your personal information for any other purpose with Your explicit consent.

Retention of Your Personal Data

The Company will retain Your Personal Data, including Your Account information, User Documents, and Chat Content, only for as long as Your Account remains active or as necessary for the purposes set out in this Privacy Policy.

Upon deletion of Your Account, We will take commercially reasonable steps to delete all Your Personal Data associated with Your Account from Our active servers and systems. Please note that some data may persist in backups for a limited period as per Our standard data lifecycle management or if We are required to retain certain information by law or for legitimate and lawful business purposes (e.g., to resolve disputes, enforce our agreements, or comply with legal obligations).

Usage Data is generally retained for a shorter period for internal analysis, unless needed to strengthen security, improve Service functionality, or if legally required to be retained longer.

Security of Your Personal Data

The security of Your Personal Data is important to Us. We use HTTPS to encrypt data in transit, and We rely on the security measures implemented by Our chosen Service Providers. We also follow modern, secure development practices in building and maintaining Uwazo.

However, please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

3. Children's Privacy

Our Service is not intended for use by individuals under the age of 18 (the age of majority as defined under Kenyan law for data protection purposes). We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.

4. Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

5. Changes to this Privacy Policy

We may update Our Privacy Policy from time to time, especially as We introduce new features or as legal requirements change. We will notify You of any material changes by posting the new Privacy Policy on this page and, where feasible, by email or a prominent notice on Our Service, prior to the change becoming effective. We will also update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.