Data protection is a matter of trust, and your trust is paramount to Nocturnal Software Solutions ("Nocturnal," "we," "us," or "our"). We respect your privacy and are committed to safeguarding your personal data in accordance with the Kenya Data Protection Act, 2019 (DPA), the Landlord and Tenant (Shops, Hotels and Catering Establishments) Act, the Rent Restrictions Act, and the applicable regulations governing rental management, tenancy disputes, and tribunal processes in Kenya.

This Privacy Declaration outlines how Nocturnal Software Solutions collects, stores, processes, and protects personal data within our property management platforms, rental systems, and related digital services.

This Declaration applies to all personal data processed by Nocturnal through our websites, applications, services, and all other interactions with our clients, tenants, landlords, agents, and property managers. It forms an integral part of any service agreement where referenced, and where inconsistencies arise between this Declaration and the applicable Terms & Conditions (T&Cs), the provisions of this Declaration shall prevail.

In the context of rental and property management, Nocturnal may process data necessary for compliance with Kenyan tenancy laws, including but not limited to tenant onboarding information, lease documentation, rent payment history, notices, compliance records, and data relevant for dispute resolution before the Business Premises Rent Tribunal (BPRT) or any other legally mandated authority.

This Declaration applies to personal data previously collected and stored by Nocturnal Software Solutions, which may be linked, merged, or processed together with future data in accordance with the Kenya DPA and tenancy-related legislation.

By accessing or using our services, you acknowledge and consent to the processing of your personal data as described in this Declaration, in line with the Kenya Data Protection Act and all applicable rental and property management regulations.

In the course of providing our property management services, we collect various types of personal data necessary for the operation of our platform and compliance with legal obligations.

1.1 Personal Identification Information

• Full name, email address, phone number, and physical address
• National ID number or other government-issued identification
• Date of birth and gender
• Profile photographs and identification documents

1.2 Property and Tenancy Information

• Property details, addresses, and unit information
• Lease agreements, terms, and conditions
• Rent amounts, payment schedules, and payment history
• Deposit information and refund records
• Lease start and end dates, renewal history
• Tenant and landlord contact information

1.3 Financial Information

• Payment method details (M-Pesa, bank account, card information)
• Transaction records and payment history
• Invoice and receipt information
• Late payment records and fee assessments
• Auto-pay preferences and authorization

1.4 Communication Data

• Messages, emails, and SMS communications between tenants, landlords, and property managers
• Communication preferences and notification settings
• Support tickets and customer service interactions

1.5 Maintenance and Service Records

• Maintenance request details, photos, and descriptions
• Service provider information and work orders
• Repair costs and completion records
• Tenant satisfaction ratings and feedback

1.6 Legal and Compliance Documents

• Signed lease agreements and addendums
• Identity verification documents
• Compliance certificates and inspection reports
• Dispute resolution documents and tribunal records
• Legal notices and correspondence

1.7 Technical and Usage Data

• IP addresses, device information, and browser type
• Login credentials and authentication tokens
• Usage patterns, feature interactions, and system logs
• Location data (when relevant for property services)

1.8 Emergency Contact Information

• Emergency contact names and phone numbers
• Relationship to tenant information

We use your personal data for the following purposes, in compliance with the Kenya Data Protection Act and applicable tenancy laws:

2.1 Service Provision

• Facilitate tenant onboarding and account creation
• Manage property listings, unit assignments, and occupancy tracking
• Process rent payments, generate invoices, and maintain payment records
• Create and manage lease agreements with digital signature capabilities
• Handle maintenance requests and coordinate service providers
• Enable communication between tenants, landlords, and property managers
• Generate reports, analytics, and financial statements

2.2 Legal Compliance

• Comply with the Kenya Data Protection Act, 2019
• Fulfill obligations under the Landlord and Tenant (Shops, Hotels and Catering Establishments) Act
• Adhere to the Rent Restrictions Act requirements
• Maintain records for Business Premises Rent Tribunal (BPRT) proceedings
• Respond to legal requests, court orders, and regulatory inquiries
• Prevent fraud, money laundering, and other illegal activities

2.3 Communication and Notifications

• Send payment reminders, lease renewal notices, and important updates
• Notify users of maintenance requests, service appointments, and property updates
• Provide customer support and respond to inquiries
• Send system notifications, security alerts, and account activity updates

2.4 Platform Improvement

• Analyze usage patterns to improve user experience
• Develop new features and enhance existing functionality
• Conduct research and analytics (using anonymized data where possible)
• Monitor system performance and security

2.5 Business Operations

• Manage user accounts, roles, and permissions
• Process billing and subscription management
• Maintain audit trails and activity logs
• Conduct internal training and quality assurance

We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.

3.1 Technical Safeguards

• Encryption: All data in transit is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted using industry-standard encryption algorithms (AES-256)
• Secure Authentication: Multi-factor authentication (MFA) support, password hashing using bcrypt, and secure session management
• Access Controls: Role-based access control (RBAC) ensuring users only access data relevant to their role and permissions
• Network Security: Firewalls, intrusion detection systems, and regular security audits
• Database Security: Secure database configurations, regular backups, and access logging

3.2 Organizational Safeguards

• Employee training on data protection and privacy best practices
• Strict confidentiality agreements for all staff and contractors
• Regular security assessments and penetration testing
• Incident response procedures and breach notification protocols
• Data minimization principles - collecting only necessary data

3.3 Data Storage Locations

Your data is stored on secure cloud infrastructure with redundancy and backup systems. We ensure that all data storage complies with the Kenya Data Protection Act requirements regarding data localization and cross-border transfers.

3.4 Third-Party Service Providers

We use trusted third-party service providers for cloud hosting, payment processing, and communication services. All service providers are contractually obligated to maintain the same level of data protection and security standards.

We do not sell your personal data. We may share your data only in the following circumstances:

4.1 Within the Platform

• Property managers can access tenant information for properties they manage
• Tenants can view their own data and relevant property information
• Super administrators have access to system-wide data for platform management
• All access is logged and audited for security purposes

4.2 Service Providers

• Payment processors (M-Pesa, banks, card processors) for transaction processing
• Cloud hosting providers for secure data storage
• Communication service providers for SMS and email delivery
• Document storage and management services
• All service providers are bound by strict data protection agreements

4.3 Legal Requirements

• When required by law, court order, or regulatory authority
• To comply with the Kenya Data Protection Act and related regulations
• For Business Premises Rent Tribunal (BPRT) proceedings
• To protect our rights, property, or safety, or that of our users
• In connection with legal proceedings or investigations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

Under the Kenya Data Protection Act, 2019, you have the following rights regarding your personal data:

5.1 Right to Access

You have the right to request access to your personal data held by us, including information about how it is being processed.

5.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can update most information directly through your account settings.

5.3 Right to Erasure

You may request deletion of your personal data, subject to legal obligations that require us to retain certain records (e.g., financial records, lease agreements, tribunal documents).

5.4 Right to Object

You have the right to object to processing of your personal data for certain purposes, such as direct marketing.

5.5 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

5.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

5.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. However, withdrawal of consent does not affect the lawfulness of processing before withdrawal.

5.8 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days as required by the Kenya Data Protection Act.

We use cookies and similar tracking technologies to enhance your experience on our platform:

6.1 Essential Cookies

Required for the platform to function properly, including authentication, session management, and security features.

6.2 Functional Cookies

Remember your preferences, language settings, and improve user experience.

6.3 Analytics Cookies

Help us understand how users interact with our platform to improve functionality and user experience. Data is anonymized where possible.

You can control cookie preferences through your browser settings. However, disabling certain cookies may affect platform functionality.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law:

• Active Accounts: Data is retained while your account is active and for a reasonable period thereafter
• Financial Records: Retained for 7 years as required by Kenyan tax and financial regulations
• Lease Agreements: Retained for the duration of the lease and 7 years after termination for legal and dispute resolution purposes
• Legal Proceedings: Data relevant to ongoing or potential legal proceedings may be retained until resolution
• BPRT Records: Retained in accordance with tribunal requirements and applicable tenancy laws
• Deleted Accounts: Most data is deleted within 90 days of account deletion, except where legal retention requirements apply

Upon expiration of the retention period, data is securely deleted or anonymized in accordance with our data destruction policies.

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying a prominent notice on our platform

We encourage you to review this policy periodically to stay informed about how we protect your data. Continued use of our services after changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: