AMACHAH Interiors & Hardware Ltd

Privacy Policy

Last updated: 2026. This policy explains what data AMACHAH Interiors & Hardware Ltd collects, why, how we use it, and your rights under the Kenya Data Protection Act, 2019.

1. Who we are (the data controller)

AMACHAH Interiors & Hardware Ltd, based in Nairobi, Kenya, is the data controller for personal information collected on this website. Contact us at amachamash25@gmail.com or +254 717 764 661 for any privacy-related queries.

2. What we collect

We collect only what we need to serve you: • Account data — your name, email, phone number, and (encrypted) password if you create a customer account. • Order data — name, phone, delivery address, items ordered, payment method. Required to fulfill orders. • Contact data — the messages, name, email, and phone number you submit through our contact and quote forms. • Newsletter — your email address if you opt in to receive product news. • Browsing data — basic technical information (IP address, browser type, pages visited) collected automatically through cookies and server logs.

3. Why we collect it (lawful basis)

• To fulfill your orders and provide our services (contract performance). • To respond to your inquiries (legitimate interest). • To send newsletter emails (only with your explicit opt-in consent). • To keep our website secure and detect fraud (legitimate interest). • To comply with tax and accounting law (legal obligation).

4. Who we share it with

We don't sell your data. We share it only with: • Couriers fulfilling your delivery (limited to the name, phone, and address needed to deliver). • Payment processors (M-Pesa via Safaricom; bank transfer details stay between you and your bank). • Service providers helping us run the site — hosting (Vercel), database (Turso), email (Resend), image storage (Vercel Blob). Each is bound by data-processing agreements. We never share your data with marketers or unrelated third parties without your explicit consent.

5. How long we keep it

• Customer accounts — until you delete them. • Order records — 7 years (Kenya tax and accounting requirement). • Contact form submissions — 2 years from last reply. • Newsletter subscribers — until you unsubscribe. • Browser cookies — see our cookie banner; technical cookies expire when you close the browser; analytics cookies (if enabled) up to 24 months.

6. Your rights

Under the Kenya Data Protection Act 2019 you have the right to: • Access — request a copy of the data we hold about you. • Correct — fix anything that's wrong. • Delete — ask us to erase your data (subject to legal-retention requirements). • Object — to processing for marketing or based on legitimate interest. • Portability — receive your data in a structured, machine-readable format. • Withdraw consent — for processing based on consent (e.g. newsletters), at any time. • Lodge a complaint — with the Office of the Data Protection Commissioner (odpc.go.ke). Email amachamash25@gmail.com to exercise any of these rights; we'll respond within 30 days.

7. Cookies

We use: • Essential cookies — to keep you logged in and to remember items in your cart. These cannot be disabled. • Analytics cookies — (when enabled) to understand how visitors use the site so we can improve it. You can decline these via the cookie banner. We do not use advertising or third-party tracking cookies.

8. Security

We use HTTPS site-wide, encrypt passwords with industry-standard scrypt hashing, and never store payment card details on our servers. Despite best efforts, no system is 100% secure — if you suspect a breach, contact us immediately.

9. Children

Our site is intended for users 18 and older. We don't knowingly collect data from anyone under 18. If you believe a minor has signed up, contact us and we'll delete the account.

10. Changes to this policy

We may update this policy occasionally — the date at the top reflects the last update. Material changes will be flagged on the site for at least 30 days before taking effect.