SOKONI is a digital marketplace platform operated by Bravilex International Co. Limited, a company registered in Kenya. SOKONI is owned and operated by Bravilex International Co. Limited. In this Policy, "Company" means Bravilex International Co. Limited. Our platform connects buyers, sellers, service providers, vendors, drivers, and businesses across Kenya through one unified digital ecosystem available at mysokoni.co.ke.
This Privacy Policy describes how we collect, use, store, and protect personal data in accordance with the Kenya Data Protection Act, 2019 (No. 24 of 2019) and all applicable regulations. By using SOKONI, you agree to this policy.
Data Controller: Bravilex International Co. Limited • Nairobi, Kenya
DPO: privacy@mysokoni.co.ke
| Data | Examples | Purpose | Basis |
|---|---|---|---|
| Name | Full name, display name | Identity, invoicing | Contract |
| Email address | user@example.com | Login, notifications | Contract |
| Phone number | +254 7XX XXX XXX | OTP login, M-Pesa, delivery | Contract |
| Profile photo | Uploaded avatar | Public profile | Consent |
| Government ID | National ID number | Seller verification, KYC | Legal obligation |
SOKONI uses Firebase Authentication (provided by Google LLC) to manage user sign-in securely. When you choose a social sign-in method, that provider's privacy policy also applies to data they share with us.
| Provider | Data Received by SOKONI | Provider Privacy Policy |
|---|---|---|
| Google Sign-In | Name, email address, Google Account ID, profile photo | policies.google.com/privacy |
| Facebook Login | Name, email address, Facebook User ID, public profile photo | facebook.com/privacy/policy |
| Phone OTP | Phone number — verified via one-time SMS passcode | Managed by Firebase / Google |
| Email & Password | Email address; password hashed by Firebase (SOKONI never sees it) | Managed by Firebase / Google |
We do not store your social provider passwords. We support account linking — you can connect multiple sign-in methods to one SOKONI account from Profile → Settings.
SOKONI is a Progressive Web App (PWA). We use the following storage mechanisms:
| Type | Purpose | Retention |
|---|---|---|
| Firebase Auth session cookie | Keep you signed in (Remember Me) | 365 days (Remember Me) or session |
| Service Worker Cache | Offline access to pages and assets | Until cache version changes |
| IndexedDB (SmartPOS) | Offline POS transactions pending sync | Until synced to cloud and cleared |
| localStorage | Cart, user preferences, print queue | Until cleared by user or logout |
| Google Analytics 4 (GA4) | Aggregate usage analytics (_ga, _gid cookies) | Up to 26 months |
We do not use third-party advertising cookies. You may clear all browser storage at any time via your browser settings or by logging out of SOKONI.
Payment processing is handled by IntaSend, licensed by the Central Bank of Kenya. SOKONI does not store raw card numbers or M-Pesa PINs.
IntaSend Privacy Policy: intasend.com/privacy-policy
We use Google Analytics 4 (GA4) to understand how users interact with the platform. All data is aggregated and anonymised before informing product decisions. We do not build individual advertising profiles or sell analytics data to third parties.
We also maintain internal platform analytics (search trends, funnel metrics, seller performance scores) stored in Firebase Firestore, accessible only to authorised admin and operations staff.
We share your personal data only when necessary:
We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.
| Data Category | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account | Service provision |
| Order & payment records | 7 years after transaction | Kenya Income Tax Act, Cap. 470 |
| KRA eTIMS invoice records | 7 years | KRA legal obligation |
| Chat / messaging data | 90 days after order completion | Dispute resolution window |
| Security audit logs | 2 years | Security compliance |
| Deleted account personal data | 30-day soft-delete, then permanent purge | Fraud prevention buffer, then KDPA compliance |
After the applicable retention period expires, data is permanently deleted or irreversibly anonymised.
Under the Kenya Data Protection Act 2019, you have the following rights:
To exercise any right, visit our Data Deletion & Rights Centre or email privacy@mysokoni.co.ke. We respond within 30 days as required by the KDPA.
You may also complain to the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.
To report a security vulnerability responsibly, email security@mysokoni.co.ke.
SOKONI is not directed at children under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact privacy@mysokoni.co.ke immediately and we will delete it.
We may update this Privacy Policy periodically. Material changes will be communicated via email or an in-app notification at least 14 days before taking effect. The "Last updated" date at the top of this page always reflects the most recent revision. Continued use of SOKONI after a change takes effect constitutes acceptance of the updated policy.
Bravilex International Co. Limited • Nairobi, Kenya
Privacy enquiries: privacy@mysokoni.co.ke
Security disclosures: security@mysokoni.co.ke
Legal / compliance: legal@mysokoni.co.ke
Platform: mysokoni.co.ke
Response time: within 72 hours for general privacy enquiries; within 30 days for formal data subject access requests as required by the KDPA 2019.
To request data deletion or data export, use our self-service Data Deletion Centre.