Privacy Policy
Last Updated: 14th February 2026
Your privacy matters. Here’s how we protect your data while delivering creative, innovative digital solutions.
Table of Contents
Introduction
At Tasflex (“we,” “our,” “us”), we are committed to protecting your privacy and being transparent about how we handle your information. As a full-service digital agency based in Nairobi, Kenya, we specialize in web design, SEO, content marketing, social media management, automation, and graphic design.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:
- Visit our website tasflex.co.ke
- Purchase our services (Web Design, Digital Marketing, Creative Services)
- Subscribe to our newsletter
- Contact us for consultations or support
- Interact with us on social media
We comply with the Kenya Data Protection Act, 2019, and where applicable, international regulations like the GDPR for our clients in the European Union.
By using our services, you trust us with your information. We take that responsibility seriously.
1. Information We Collect
We collect information to provide you with better services and deliver the digital solutions you expect from us.
1.1 Information You Provide Directly
When you engage with Tasflex, you may provide:
| Category | Examples | Why We Collect It |
|---|---|---|
| Contact Information | Name, email address, phone number, physical address | To communicate with you about your projects, send invoices, and provide support |
| Business Information | Company name, business registration, industry, website URL | To understand your business needs and tailor our solutions |
| Billing Information | MPESA transaction IDs, bank transfer details, payment method preferences | To process payments securely for our Bronze, Silver, Gold packages and monthly retainers |
| Project Requirements | Design preferences, content briefs, target audience details, competitor information | To deliver custom websites, marketing campaigns, and creative assets |
| Communication History | Emails, consultation notes, support tickets, Zoom call recordings (with consent) | To maintain continuity in our relationship and improve our service |
| Newsletter Subscription | Email address, name, content preferences | To send you updates, tips, and offers you’ve requested |
1.2 Information Collected Automatically
When you browse our website, we automatically collect:
- Usage Data: Pages viewed, time spent, links clicked (e.g., which pricing package you viewed)
- Device Information: IP address, browser type, operating system, device model
- Referral Information: How you found us (Google search, social media, referral)
- Location Data: Approximate geographic location based on IP address
1.3 Information from Third Parties
We may receive information about you from:
- Social Media Platforms: If you interact with our Facebook, Instagram, Twitter, or LinkedIn pages
- Payment Processors: Confirmation of payment status (we don’t receive full card details)
- Business Partners: Referral partners who introduce us to you
- Public Sources: Information you’ve made publicly available online
2. How We Use Your Information
We use your information to deliver our services and grow your business—and ours.
2.1 To Deliver Our Services
| Service Category | How We Use Your Data |
|---|---|
| Web Design & Development | To build your custom website (Bronze, Silver, Gold packages), integrate contact forms, set up analytics, and configure your CMS |
| Digital Marketing | To create content for your social media, manage ad campaigns, optimize for SEO, and report on performance |
| Creative Services | To design logos, brand identities, graphics, and marketing materials that reflect your business |
| Maintenance & Support | To provide ongoing updates, security patches, and technical support |
2.2 To Communicate With You
- Send project updates and milestone notifications
- Respond to your inquiries and support requests
- Share invoices and payment confirmations
- Send newsletters and marketing communications (you can opt out anytime)
- Notify you about policy changes or service updates
2.3 To Improve Our Business
- Analyze which services (Bronze, Silver, Gold) are most popular
- Understand how clients find us to optimize our marketing
- Train our team to provide better consultations
- Develop new services based on client needs
2.4 To Comply with Legal Obligations
- Maintain accurate financial records for tax purposes
- Respond to legal requests from Kenyan authorities
- Prevent fraud and unauthorized transactions
- Resolve disputes and enforce our terms
2.5 With Your Consent
We may use your information for other purposes where you’ve given specific consent, such as featuring your website in our portfolio or using your testimonial.
3. Legal Basis for Processing (Kenya & GDPR)
Under Kenya’s Data Protection Act, 2019, we process your data based on these lawful grounds:
| Legal Basis | When It Applies |
|---|---|
| Contract Performance | When you purchase a Bronze, Silver, or Gold package, or sign up for monthly marketing retainers |
| Consent | When you subscribe to our newsletter, agree to cookies, or allow us to use your testimonial |
| Legal Obligation | When we need to retain records for tax purposes (KRA requirements) |
| Legitimate Interests | To improve our services, prevent fraud, and understand client needs—without overriding your privacy rights |
For clients in the European Economic Area (EEA), we also comply with GDPR requirements.
4. Data Sharing and Third Parties
We respect your data. We do not sell, rent, or trade your personal information.
4.1 Service Providers We Work With
To deliver our services, we share necessary information with trusted partners:
| Provider Type | Examples | Data Shared | Purpose |
|---|---|---|---|
| Web Hosting | Kenyan/local hosting providers | Website files, databases | To host your website |
| Payment Processors | MPESA, Safaricom, banks | Transaction amounts, phone numbers | To process your payments securely |
| Email Services | Email marketing platforms | Email addresses, names | To send newsletters and updates |
| Analytics | Google Analytics | Usage data (anonymized) | To understand website performance |
| Design Tools | Cloud-based design platforms | Project files, brand assets | To create your logos and graphics |
| CRM Systems | Customer relationship tools | Contact details, communication history | To manage client relationships |
| Social Media Platforms | Facebook, Instagram, LinkedIn | Content, engagement data | To manage your social media campaigns |
All third-party providers are contractually bound to protect your data and use it only as we instruct.
4.2 Legal Requirements
We may disclose your information if required by:
- Kenyan courts or law enforcement
- The Office of the Data Protection Commissioner (ODPC)
- Kenya Revenue Authority (KRA) for tax compliance
- Other regulatory bodies with legal authority
4.3 Business Transfers
If Tasflex is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
4.4 With Your Explicit Consent
We may share testimonials, case studies, or portfolio examples only with your written permission.
5. Data Security Measures
We implement strong security measures to protect your information:
5.1 Technical Measures
- SSL Encryption: All data transmitted between your browser and our site is encrypted
- Secure Servers: Your data is stored on protected servers with firewall protection
- Access Controls: Only authorized Tasflex team members can access client data
- Regular Backups: We maintain secure backups to prevent data loss
- Malware Scanning: Regular scans to detect and prevent security threats
5.2 Organizational Measures
- Staff Training: Our team receives training on data protection and privacy
- Confidentiality Agreements: All team members sign confidentiality agreements
- Regular Audits: We review our security practices periodically
- Incident Response: We have procedures in place for potential data breaches
5.3 Payment Security
When you make payments via MPESA or bank transfer:
- We don’t store your full payment details
- Payment confirmations are handled through secure channels
- Transaction data is protected by Safaricom’s security systems
While we take every precaution, no internet transmission is 100% secure. We will promptly notify you of any data breach in accordance with Kenyan law.
6. Data Retention
We keep your data only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Client Project Files | 5 years after project completion | For reference, support, and potential updates |
| Invoicing & Payment Records | 7 years | Kenya Revenue Authority (KRA) requirements |
| Email Communications | 3 years after last contact | To maintain relationship history |
| Newsletter Subscriber Data | Until you unsubscribe | To send you requested content |
| Website Usage Data | 24 months (anonymized after 6 months) | Analytics and improvement |
| Consultation Records | 2 years | For follow-up and service improvement |
After these periods, data is securely deleted or anonymized.
7. Your Data Protection Rights
Under Kenya’s Data Protection Act, 2019, you have the following rights:
7.1 Right to Be Informed
You have the right to know how we collect and use your data (this policy fulfills that right).
7.2 Right of Access
You can request confirmation of whether we process your data and obtain a copy of that data.
7.3 Right to Rectification
If your information is inaccurate or incomplete, you can request correction.
7.4 Right to Erasure (Right to be Forgotten)
You can request deletion of your data where there’s no compelling reason for its continued processing.
7.5 Right to Restriction of Processing
You can request that we limit how we use your data in certain circumstances.
7.6 Right to Data Portability
You can request to receive your data in a structured, commonly used format (like JSON or CSV).
7.7 Right to Object
You can object to processing for direct marketing or based on legitimate interests.
7.8 Right to Withdraw Consent
Where processing is based on consent (like newsletters), you can withdraw anytime.
7.9 Right to Lodge a Complaint
You have the right to complain to the Office of the Data Protection Commissioner (ODPC).
How to Exercise Your Rights:
Contact our Data Protection Officer using the details in Section 12. We’ll respond within 30 days as required by Kenyan law.
8. Cookies and Tracking Technologies
Our website uses cookies to enhance your experience and improve our services.
8.1 What Are Cookies?
Small text files stored on your device when you visit our website.
8.2 Cookies We Use
| Cookie Type | Purpose | Examples | Duration |
|---|---|---|---|
| Essential Cookies | Required for website functionality | Session cookies, security cookies | Session / Up to 1 year |
| Performance Cookies | Understand how visitors use our site | Google Analytics | Up to 24 months |
| Functional Cookies | Remember your preferences | Language preferences, form data | Up to 12 months |
| Marketing Cookies | Deliver relevant content and ads | Facebook Pixel, retargeting | Up to 24 months |
8.3 Managing Cookies
You can control cookies through your browser settings:
- Chrome: Settings → Privacy and Security → Cookies
- Firefox: Options → Privacy & Security → Cookies
- Safari: Preferences → Privacy → Cookies
- Edge: Settings → Cookies and site permissions
Disabling cookies may affect website functionality.
8.4 Third-Party Tracking
We use:
- Google Analytics: To understand website traffic and user behavior
- Facebook Pixel: To measure ad effectiveness and retarget visitors
- Social Media Buttons: To allow sharing of our content
9. International Data Transfers
As a Kenya-based agency:
- Your data is primarily stored and processed in Kenya
- Some service providers may be located outside Kenya (e.g., Google, Meta/Facebook)
When we transfer data outside Kenya, we ensure:
- Transfers are to countries with adequate data protection laws
- We use standard contractual clauses approved by the ODPC
- We obtain your consent where required
10. Children’s Privacy
Our services are intended for businesses and individuals aged 18 and above. We do not knowingly collect information from children under 18.
If we discover we’ve collected data from a child, we will delete it immediately. Please contact us if you believe this has occurred.
11. Marketing Communications
11.1 Newsletter
When you subscribe to our newsletter, we use your email to send:
- Tips on web design and digital marketing
- Updates on new services and packages
- Special offers and industry news
You can unsubscribe anytime using the link in any email or by contacting us.
11.2 Promotional Communications
We may contact you about related services that may interest you, based on your previous interactions with us. You can opt out at any time.
12. Changes to This Privacy Policy
We may update this policy to reflect:
- Changes in our services or packages (Bronze, Silver, Gold, etc.)
- New legal requirements from Kenyan or international regulators
- Improvements in our data practices
We’ll notify you of material changes by:
- Updating the “Last Updated” date at the top
- Posting a notice on our website
- Sending an email for significant changes (if we have your email)
We encourage you to review this policy periodically.
13. Contact Us
If you have questions, concerns, or requests regarding your data:
Data Protection Officer (DPO)
Tasflex
Email: info@tasflex.co.ke
Phone: +254 743 496 602
Website: www.tasflex.co.ke
Physical Address:
Tasflex
Nairobi, Kenya
For Support Inquiries:
General Inquiries: info@tasflex.co.ke
Sales Questions: sales@tasflex.co.ke
Technical Support: support@tasflex.co.ke