VOW Wellbeing

Legal

Privacy Policy

Last updated: 11 May 2026. This is a starter template and not legal advice. It must be reviewed by a Kenyan-qualified lawyer before go-live.

Who is the controller

VOW Wellbeing is the data controller. Contact for privacy matters: hello@vowwellbeing.com.

What we collect

  • Identity & contact: name, email, WhatsApp number.
  • Program data: your stated "why", chosen commitment tier.
  • Payment evidence: M-Pesa transaction code and payment screenshot.
  • Technical: minimal request logs needed for security and reliability.

Why we collect it (lawful basis)

  • Contract: to deliver the Vault program you registered for.
  • Consent: for optional marketing emails (you can withdraw any time).
  • Legitimate interest: to keep our service secure and to comply with payment verification.
  • Legal obligation: tax and record-keeping under Kenyan law.

Who we share data with

  • Microsoft Azure (hosting, database, blob storage, email delivery) in regions disclosed on request.
  • M-Pesa / Safaricom — for payment verification.
  • Our accountants and counsel, where required by law.

We do not sell your data. We do not share it with advertisers.

International transfers

Where data is processed outside Kenya (e.g. in an Azure region), we rely on standard contractual clauses and Microsoft's data-protection commitments. We can disclose the specific region(s) we are using on request.

Retention

  • Active member records: kept while you are in the program plus 7 years for tax/audit.
  • Payment screenshots: 24 months by default, then deleted (configurable per tenant).
  • Marketing list: until you withdraw consent.

Your rights

Under the Kenya Data Protection Act 2019 (and GDPR, if applicable), you have the right to:

  • Access your data and request a copy.
  • Correct inaccurate data.
  • Erase your data, subject to legal retention periods.
  • Object to processing and withdraw consent.
  • Port your data to another service.
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.

To exercise any right, email hello@vowwellbeing.com. We respond within 30 days.

Security

Data is encrypted at rest in Azure storage and in transit via TLS. Access to verification screenshots is restricted to authorised operators and audited.

Cookies

We use only essential cookies required for the site to function. If we add analytics or marketing cookies, we will ask for your consent first.

Children

The Vault is for adults aged 18+. We do not knowingly process children's data.

Changes

Material changes will be communicated by email and dated above.