Duka Digital / Privacy

Privacy Policy

This Privacy Policy describes how Quibela ("Quibela," "we," "our," or "us"), operating under the Duka Digital brand, collects, uses, discloses, stores, and protects information in connection with dukadigital.com, the Duka Digital web application, and the Duka Digital Android application (collectively, the "Service"). By using the Service you agree to the practices described here.

Terms of service Account deletion Open Duka Digital
Duka Digital, Operated by Quibela Applies to web and Android Built for shop owners and staff

Quick links

What we collect How we use it Providers Disclosure Cookies & analytics Android Retention Security Your rights Children Changes Contact

1. Information we collect

We collect information you provide directly, information generated through your use of the Service, and limited technical information required to operate, secure, and improve the Service. Categories include:

Account and identity information

  • Name, email address, phone number, login credentials, and optional Google sign-in identity details.
  • Shop name, business details, and subscription preferences.

Business and transactional data

  • Products, stock levels, pricing, and inventory records you create or import.
  • Sales, receipts, payment records, and transaction history.
  • Debtor and credit balances, customer names, customer phone numbers, and payment schedules.
  • Shop settings, staff accounts, roles, and access permissions.

Billing and payment information

  • Selected subscription plan, billing interval, and payment method.
  • Transaction references, payment status, processor response data, and purchase history for add-ons such as SMS bundles or automation credits.

Technical and device information

  • Device type, operating system, browser or app version, IP address, and device identifiers.
  • Screen and page activity, crash details, request failures, and performance metrics.
  • Session identifiers, queued sync operations, and locally cached data where offline support is enabled.

Support and communications

  • Messages you send to our support team and any information you provide in connection with a support request.

2. How we use information

We use collected information for the following purposes:

  • Account management. Create, authenticate, and manage user accounts, shop access, staff roles, and device registrations.
  • Service delivery. Provide point-of-sale, inventory, debtor management, receipt, analytics, reminder, messaging, and related business features.
  • Data synchronization. Synchronize data across sessions and devices, including offline-first workflows where supported.
  • Billing and payments. Process subscriptions, payment confirmations, billing events, checkout requests, and credit allocations.
  • Communications. Send service-related messages such as email verification, password resets, payment confirmations, SMS reminders, debtor notifications, and operational alerts.
  • Security and fraud prevention. Detect, investigate, and prevent unauthorized access, abuse, fraud, and security incidents.
  • Analytics and improvement. Monitor performance, diagnose failures, understand usage patterns, improve reliability, and develop new features.
  • Legal compliance. Comply with applicable laws, regulations, legal processes, and governmental requests.

3. Third-party service providers

Certain features of the Service rely on third-party providers that process information on our behalf or in connection with services you choose to use. These may include:

  • Payment processors. Payments and billing may involve providers such as M-Pesa and IntaSend, which process payment information according to their own terms and policies.
  • SMS and messaging providers. SMS reminders, debtor notifications, and alerts may be delivered through providers such as Africa's Talking.
  • Email infrastructure. Email verification, password reset, and transactional messages may be delivered through our email service providers.
  • Authentication providers. Optional Google sign-in uses Google account identity information that you authorize for authentication.
  • Cloud hosting and infrastructure. The Service is hosted on third-party cloud infrastructure providers that store and process data on our behalf.
  • Analytics and monitoring. We may use analytics and monitoring tools to understand usage, diagnose issues, and improve the Service.

These providers may process personal, business, or transactional information in accordance with their own terms and privacy policies. We select providers that we believe maintain appropriate security practices, but we are not responsible for the privacy or security practices of third-party providers.

4. When we share information

We may share information in the following circumstances:

  • With service providers and infrastructure partners that help us host, secure, authenticate, message, and operate the Service.
  • With payment processors where necessary to complete a transaction, verify payment status, or process billing events.
  • With SMS or messaging providers to deliver reminders, notifications, or alerts you configure or that the Service sends on your behalf.
  • Where required by applicable law, regulation, court order, or a valid governmental request.
  • Where reasonably necessary to investigate fraud, enforce our Terms, protect our rights, or respond to security incidents.
  • In connection with a merger, acquisition, or sale of assets, in which case we will notify affected users.

We do not sell your personal information to third parties for advertising or marketing purposes.

5. Cookies, sessions, and analytics

On the web, Duka Digital uses session cookies and browser storage to maintain authenticated sessions, remember interface settings (such as theme preferences), and support core application functionality. These are essential to the operation of the Service and cannot be disabled while using the web application.

We also collect limited telemetry and diagnostic information to understand failures, monitor performance, track feature adoption, and improve the Service. We make reasonable efforts to filter sensitive fields from telemetry payloads before storage.

On Android, the application may store session data and cached business information locally on the device to support offline operation and improved performance.

6. Android permissions and on-device storage

The Duka Digital Android application currently requests network-related permissions only, including internet access and network state, in order to connect to the Service and synchronize data.

The Android application does not request access to contacts, location, camera, microphone, photos, or SMS messages.

The application may store account and business information locally on the device to support offline operation, queued synchronization, and improved performance. This data remains on your device until you sign out, clear app data, or uninstall the application.

7. Data retention

We retain information for as long as your account is active and for a reasonable period afterward as needed for legitimate business operations, legal compliance, dispute resolution, fraud prevention, backup, and enforcement of our agreements.

Automated inactivity detection. Shops that have had no activity (such as logins, sales, product updates, or dashboard usage) for approximately 180 days may be automatically flagged for deletion. When a shop is flagged, the account owner receives an email warning and has a 14-day grace period to sign in or perform any activity to cancel the process. If no activity occurs during the grace period, shop data is soft-deleted and access is suspended. Soft-deleted data is retained for an additional 30 days before permanent removal, during which time support may be able to assist with recovery. After permanent removal, shop data cannot be restored.

Information stored locally on a device may remain until removed by signing out, clearing app data, or uninstalling the application.

8. Data security

We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These measures include encrypted connections, secure credential storage, role-based access controls, and regular monitoring.

However, no method of electronic storage or internet transmission is completely secure. We cannot guarantee absolute security and are not responsible for the security of information you transmit to the Service over networks we do not control.

9. Your rights and choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

  • Access. You may request a copy of the personal information we hold about you.
  • Correction. You may update or correct inaccurate information. Many records can be edited directly within the Service.
  • Deletion. You may request deletion of your account and personal data by submitting a request through Account Deletion or by contacting us at support@dukadigital.com.

To exercise any of these rights, contact us at support@dukadigital.com. We will respond within a reasonable timeframe and may ask you to verify your identity before processing your request.

Your responsibilities. You are responsible for ensuring that you have the lawful right to collect, upload, store, and process customer and business information in the Service, including any personal data of your customers, staff, or debtors.

10. Children's privacy

The Service is intended for merchants, shop owners, and shop staff. It is not directed to children under 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will take steps to delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will publish the revised version on this page and update the effective date. Where appropriate, we may notify you through the Service. Your continued use of the Service after changes are published constitutes your acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy, your data, or your privacy rights, please contact us at support@dukadigital.com.

Duka Digital, Operated by Quibela. This page is available at /privacy-policy and /privacy. Terms of Service are available at /terms-of-service, and account deletion requests are available at /account-deletion.