Privacy Policy
Last updated: March 18, 2026. This Privacy Policy explains how Rembeka collects, uses,
stores, and shares personal data across the Rembeka Client App, Partner App, Apprentice App, and website
(rembeka.co.ke).
1. Who We Are
Rembeka is a platform that connects clients with beauty professionals and studios, and supports onboarding, service fulfillment, communication, payments, and safety operations.
2. Data We Collect
- Account and profile data: name, phone number, email, role, profile photo, and account identifiers.
- KYC and verification data: legal name, ID details, ID images, selfies, and onboarding documentation.
- Service and booking data: requested services, bids, request status, job history, ratings, and support notes.
- Payment and wallet data: payment method (cash/M-Pesa/wallet where available), wallet balances, ledger entries, payout requests, and payment confirmations.
- Location data: precise/coarse location to discover providers, route jobs, and support live service operations.
- Device and technical data: device/app identifiers, push notification tokens, logs, and diagnostics.
- Communications data: in-app chat/call session metadata and related service messages.
- Website data: form submissions, uploaded onboarding files, and analytics/pixel events.
3. Permissions Used by the Apps
- Location (precise/coarse): used for provider discovery, matching, navigation, and service coordination.
- Background location (Client App): used for live service updates while an active request is in progress.
- Notifications: used for request updates, job alerts, and important account events.
- Camera/Photos: used when uploading profile photos and KYC documents.
- Microphone/related call capability: used only when using in-app calling features.
4. How We Use Your Data
- To create and manage accounts.
- To onboard and verify providers/studios/apprentices.
- To match requests and coordinate services.
- To process service payments, wallet records, and payouts.
- To provide customer support, dispute handling, and fraud/safety controls.
- To improve platform reliability, features, and performance.
- To comply with legal and regulatory obligations.
5. Legal Basis for Processing
- Performance of a contract (providing requested services).
- Legitimate interests (platform safety, fraud prevention, service quality).
- Legal obligations (compliance, financial records, law enforcement requests).
- Consent (where required, such as optional notifications/marketing).
6. Data Sharing
We do not sell personal data. We share data only where necessary, including:
- Between platform users: limited details needed to deliver a booked service.
- Service providers/processors: cloud database/storage, authentication, push notifications, maps/location, hosting, and payment infrastructure.
- Regulatory/legal requests: where required by applicable law.
- Business continuity events: mergers/restructuring subject to lawful safeguards.
7. Data Retention
We retain personal data only as long as necessary for service delivery, security, dispute resolution, and legal/compliance obligations. Retention periods vary by data type (for example, KYC and transaction-related records may be retained longer where required).
8. Security
We apply technical and organizational controls designed to protect your data, including access controls, authentication safeguards, storage protections, and audit/logging mechanisms. No method of transmission or storage is completely risk-free.
9. Your Rights
Subject to applicable law, you may request to:
- Access your personal data.
- Correct inaccurate or incomplete data.
- Delete data or close your account (where legally permissible).
- Object to or restrict certain processing.
- Receive a copy of data you provided.
- Withdraw consent for optional processing.
To make a request, contact us through /contact/.
10. Children
Rembeka is not intended for children under the age required by applicable law to use this type of service independently. If we learn we have collected personal data from a child unlawfully, we will delete it.
11. Cross-Border Processing
Our service providers may process data in multiple jurisdictions. Where data is transferred internationally, we apply reasonable safeguards consistent with applicable law.
12. Website Analytics and Pixels
Our website may use analytics and advertising measurement tools (for example GA4 and Meta Pixel) to measure traffic and conversion events such as app-install button clicks and onboarding form submissions.
13. Policy Updates
We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date above.
14. Contact
For privacy questions or requests, please contact us via /contact/.