Privacy Policy

1. Introduction

GARAJI Systems ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GARAJI OS platform and services (collectively, the "Service").

Please read this Privacy Policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Name, email address, phone number, KRA PIN, garage name, and password
• Business Information: Business details, location, services offered, and operational data
• Customer Data: Information about your customers, vehicles, and service records that you input into the Service
• Payment Information: Billing address, payment method details (processed securely through third-party providers)
• Communications: Messages, feedback, and other communications you send to us

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

• Usage Data: How you interact with the Service, features used, pages visited, and time spent
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, and system performance data
• Location Data: General location information based on IP address

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

2.4 Cookies and consent

We use the following cookie categories. You can choose which optional categories to allow at any time.

• Necessary: Required for the site and authentication (e.g. session, security). Always on.
• Analytics (Statistics): Help us understand how the site is used (e.g. page views). Only loaded if you accept.
• Marketing (Targeting): Used for ads and retargeting. Only loaded if you accept.

You can manage your choices at any time on our Manage cookies page.

3. How We Use Your Information

We use the information we collect for various purposes, including:

• To provide, maintain, and improve our Service
• To process your registration and manage your account
• To process payments and send related information
• To send you technical notices, updates, and support messages
• To respond to your comments, questions, and requests
• To monitor and analyze usage patterns and trends
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations, including KRA eTIMS requirements
• To send you marketing communications (with your consent, where required)
• To personalize your experience and provide relevant content

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, such as:

• Payment processors (e.g., M-Pesa integration providers)
• Cloud hosting and infrastructure providers
• Analytics and monitoring services
• Customer support platforms
• Email and communication services

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including compliance with KRA eTIMS reporting requirements.

4.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

4.4 With Your Consent

We may share your information with your explicit consent or at your direction.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure data centers and infrastructure
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention policies and applicable legal requirements.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Objection: Object to processing of your personal information
• Portability: Request transfer of your data to another service
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our Service, you consent to the transfer of your information to facilities located outside your jurisdiction.

10. Third-Party Links

Our Service may contain links to third-party websites or services that are not owned or controlled by GARAJI. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or through a prominent notice on our Service for material changes.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Compliance with Data Protection Laws

We comply with applicable data protection laws, including:

• The Data Protection Act of Kenya (2019)
• General Data Protection Regulation (GDPR) for users in the European Union
• Other applicable regional data protection regulations

If you are located in a jurisdiction with specific data protection requirements, we will process your personal information in accordance with those requirements.

13. Marketplace, public surfaces, and related processing

This section describes personal and business data handled through public and semi-public product features. It supplements sections 2 and 3 above.

13.1 Public garage directory & profiles

When a garage or listing tenant opts into directory visibility (or where we auto-create a discoverable profile from workspace data), we may process and display business identifiers such as trading name, location, services, phone, email, description, ratings aggregates, and booking-related metadata. Motorists who browse or search may submit queries that do not identify them unless they choose to contact a garage or book.

13.2 Leads, bookings, and cart checkout

If you submit a lead form, booking request, or marketplace order, we process the details you provide (e.g. name, phone, vehicle, service type, delivery address) to deliver the request to the relevant garage or supplier, to operate the Service, and for fraud prevention, support, and billing where applicable. Other businesses may see the data needed to fulfil your request.

13.3 Claiming a profile (OTP)

To verify ownership of a listed business we may send a one-time code by SMS to the number you supply. We process that number, the code, and claim metadata (e.g. name you provide) to prevent unauthorised takeovers. A short-lived token may be issued to complete signup securely; it is stored in hashed form and expires.

13.4 Waitlist & marketing site

Waitlist sign-up may collect email, optional business/contact fields, and campaign (UTM) parameters. We use these to operate the waitlist, communicate about launch, and measure acquisition. See also section 2.4 for cookies and analytics consent.

13.5 Analytics & tags (e.g. Google Tag Manager)

We may load analytics or tag-management scripts only where allowed by your cookie choices (where we implement consent). Third-party scripts may set or read cookies and receive technical data such as IP address and page URL. If your browser blocks or redirects such requests (e.g. privacy extensions, strict tracking protection), some measurement features may not load; core site functionality should still work.

13.6 Vehicle fitment & search

When you use vehicle make/model/year selectors on the public marketplace, we process those selections to filter parts or services. This is typically stored in your session or browser only for UX unless you submit a search or order that we log as part of normal Service operation.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: