Privacy Policy

Your Privacy Matters

Last updated: June 2026·Kenya Data Protection Act 2019·Bravilex International Co. Limited

1. Who We Are

SOKONI is a digital marketplace platform operated by Bravilex International Co. Limited, a company registered in Kenya. SOKONI is owned and operated by Bravilex International Co. Limited. In this Policy, "Company" means Bravilex International Co. Limited. Our platform connects buyers, sellers, service providers, vendors, drivers, and businesses across Kenya through one unified digital ecosystem available at mysokoni.co.ke.

This Privacy Policy describes how we collect, use, store, and protect personal data in accordance with the Kenya Data Protection Act, 2019 (No. 24 of 2019) and all applicable regulations. By using SOKONI, you agree to this policy.

Data Controller: Bravilex International Co. Limited  •  Nairobi, Kenya
DPO: privacy@mysokoni.co.ke


2. Data We Collect

Account & Identity

DataExamplesPurposeBasis
NameFull name, display nameIdentity, invoicingContract
Email addressuser@example.comLogin, notificationsContract
Phone number+254 7XX XXX XXXOTP login, M-Pesa, deliveryContract
Profile photoUploaded avatarPublic profileConsent
Government IDNational ID numberSeller verification, KYCLegal obligation

Marketplace Activity

Device & Technical Data

Location Data

Seller & Business Data


3. Authentication Providers

SOKONI uses Firebase Authentication (provided by Google LLC) to manage user sign-in securely. When you choose a social sign-in method, that provider's privacy policy also applies to data they share with us.

ProviderData Received by SOKONIProvider Privacy Policy
Google Sign-In Name, email address, Google Account ID, profile photo policies.google.com/privacy
Facebook Login Name, email address, Facebook User ID, public profile photo facebook.com/privacy/policy
Phone OTP Phone number — verified via one-time SMS passcode Managed by Firebase / Google
Email & Password Email address; password hashed by Firebase (SOKONI never sees it) Managed by Firebase / Google

We do not store your social provider passwords. We support account linking — you can connect multiple sign-in methods to one SOKONI account from Profile → Settings.


4. How We Use Your Data


5. Cookies & Local Storage

SOKONI is a Progressive Web App (PWA). We use the following storage mechanisms:

TypePurposeRetention
Firebase Auth session cookieKeep you signed in (Remember Me)365 days (Remember Me) or session
Service Worker CacheOffline access to pages and assetsUntil cache version changes
IndexedDB (SmartPOS)Offline POS transactions pending syncUntil synced to cloud and cleared
localStorageCart, user preferences, print queueUntil cleared by user or logout
Google Analytics 4 (GA4)Aggregate usage analytics (_ga, _gid cookies)Up to 26 months

We do not use third-party advertising cookies. You may clear all browser storage at any time via your browser settings or by logging out of SOKONI.


6. Payments & Financial Data

Payment processing is handled by IntaSend, licensed by the Central Bank of Kenya. SOKONI does not store raw card numbers or M-Pesa PINs.

IntaSend Privacy Policy: intasend.com/privacy-policy


7. Analytics

We use Google Analytics 4 (GA4) to understand how users interact with the platform. All data is aggregated and anonymised before informing product decisions. We do not build individual advertising profiles or sell analytics data to third parties.

We also maintain internal platform analytics (search trends, funnel metrics, seller performance scores) stored in Firebase Firestore, accessible only to authorised admin and operations staff.


8. Data Sharing

We share your personal data only when necessary:

We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.


9. Data Retention

Data CategoryRetention PeriodReason
Active account dataDuration of accountService provision
Order & payment records7 years after transactionKenya Income Tax Act, Cap. 470
KRA eTIMS invoice records7 yearsKRA legal obligation
Chat / messaging data90 days after order completionDispute resolution window
Security audit logs2 yearsSecurity compliance
Deleted account personal data30-day soft-delete, then permanent purgeFraud prevention buffer, then KDPA compliance

After the applicable retention period expires, data is permanently deleted or irreversibly anonymised.


10. Your Rights

Under the Kenya Data Protection Act 2019, you have the following rights:

To exercise any right, visit our Data Deletion & Rights Centre or email privacy@mysokoni.co.ke. We respond within 30 days as required by the KDPA.

You may also complain to the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.


11. Security

To report a security vulnerability responsibly, email security@mysokoni.co.ke.


12. Children

SOKONI is not directed at children under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact privacy@mysokoni.co.ke immediately and we will delete it.


13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or an in-app notification at least 14 days before taking effect. The "Last updated" date at the top of this page always reflects the most recent revision. Continued use of SOKONI after a change takes effect constitutes acceptance of the updated policy.


14. Contact & Data Protection Officer

Bravilex International Co. Limited  •  Nairobi, Kenya

Privacy enquiries: privacy@mysokoni.co.ke

Security disclosures: security@mysokoni.co.ke

Legal / compliance: legal@mysokoni.co.ke

Platform: mysokoni.co.ke

Response time: within 72 hours for general privacy enquiries; within 30 days for formal data subject access requests as required by the KDPA 2019.

To request data deletion or data export, use our self-service Data Deletion Centre.