Waisa Privacy Policy
Last Updated: 3rd October, 2025
Introduction
Welcome to Waisa (“we,” “our,” or “us”). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our bookstore website and services.
Information we Collect
Information You Provide Directly
- Account Information: Name, email address, shipping address, billing address, and phone number
- Payment Information: Credit card details or other payment information (processed securely through third-party payment processors)
- Order Information: Purchase history, product preferences, and order details
- Communications: Information you provide when contacting our customer service team
Information Collected Automatically
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent on pages, links clicked, and other browsing behavior
- Cookies and Similar Technologies: We use cookies to enhance your experience (see Cookie Policy section)
Google User Data Access and Usage
When you choose to create an account or sign in using “Login with Google,” we access limited data from your Google account to facilitate account creation and authentication.
1. Data Accessed from Google
We access only the following Google user data:
- Email Address: Your Google account email address
- Profile Picture: Your Google account profile picture (optional)
We do NOT access:
- Your Google Drive files
- Your Gmail messages
- Your Google Calendar
- Your YouTube data
- Any other Google services data
2. How We Use Google User Data
We use the Google user data we access for the following purposes only:
- Account Creation: To create and maintain your bookstore account
- Authentication: To verify your identity when you log in
- Communication: To send order confirmations, shipping updates, and customer service responses
Profile Display: To display your profile picture within your account dashboard (if provided)
we do NOT use your Google data for:
- Advertising or marketing purposes (unless you separately opt-in)
- Selling or renting to third parties
- Any purpose not explicitly stated in this policy
3. How We Share Google User Data
We do NOT sell, rent, or trade your Google user data to third parties.
We may share your Google-provided email address only in the following limited circumstances:
- Service Providers: With trusted third-party service providers who assist us in operating our website, processing payments, or fulfilling orders (e.g., shipping companies, email service providers). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
- Legal Requirements: When required by law, court order, or government regulation
- Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)
- Protection of Rights: To protect our rights, property, or safety, or that of our users or the public
Your Google profile picture is stored locally on our servers and is never shared with third parties.
4. Data Storage and Protection
We implement industry-standard security measures to protect your data:
Storage Practices:
- Google user data (email and profile picture) is stored in encrypted databases on secure servers
- We use SSL/TLS encryption for all data transmission
- Access to user data is restricted to authorized personnel only
- Regular security audits and vulnerability assessments are conducted
Security Measures:
- Firewalls and intrusion detection systems
- Secure authentication protocols
- Regular software updates and security patches
- Employee training on data protection
Data Location:
- Your data is stored on secure servers located in Europe.
5. Data Retention and Deletion
Retention Period:
- We retain your Google user data (email address and profile picture) for as long as your account remains active
- If you do not log in for [specify period, e.g., 3 years], we may contact you to confirm whether you wish to keep your account active
Your Right to Deletion: You have the right to request deletion of your data at any time. To exercise this right:
- Delete Your Account:
- Log into your account
- Navigate to Account Settings > Privacy
- Click “Delete My Account”
- Follow the confirmation prompts
- Email Request:
- Send an email to support@waisa.co.ke
- Include “Data Deletion Request” in the subject line
- We will process your request within 30 days
- Revoke Google Access:
- Visit your Google Account permissions page: https://myaccount.google.com/permissions
- Find Waisa Bookstore and click “Remove Access”
What Happens When You Delete Your Account:
- Your Google-provided email address and profile picture are permanently deleted
- Your order history may be retained for legal and accounting purposes but will be disassociated from your personal identifiers
- We will send you a confirmation email once deletion is complete
Use of Your Information (Non-Google Data)
Beyond the Google user data, we use other information we collect to:
- Process and fulfill your orders
- Provide customer support
- Improve our website and services
- Send you marketing communications (with your consent)
- Prevent fraud and enhance security
- Comply with legal obligations
Your Rights and Choices
You have the following rights regarding your personal information:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (as described above)
- Objection: Object to certain processing of your data
- Portability: Request transfer of your data to another service
- Withdrawal of Consent: Withdraw consent for data processing at any time
To exercise these rights, contact us at support@waisa.co.ke
Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Remember your preferences and login status
- Analyze website traffic and usage patterns
- Provide personalized content
You can control cookie settings through your browser preferences. Note that disabling cookies may affect website functionality.
Third-Party Services
We use the following third-party services that may collect data:
- Payment Processors: [e.g., Stripe, PayPal, Mpesa] – for processing payments
- Shipping Partners: [e.g., FedEx, UPS] – for order fulfillment
- Analytics: [e.g., Google Analytics] – for website analytics
- Email Services: [e.g., Brevo, Mailchimp] – for transactional and marketing emails
Each third party has their own privacy policy governing their use of your data.
Children’s Privacy
Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it immediately.
International Data Transfers
If you are accessing our website from outside Kenya, please be aware that your information may be transferred to, stored, and processed in Kenya. By using our services, you consent to this transfer.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on our website
- Updating the “Last Updated” date
- Sending an email notification for significant changes (if you have an account)
Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
Compliance with Google API Services User Data Policy
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum necessary scopes (email and profile) required for authentication and account creation.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: support@waisa.co.ke
Response Time: We aim to respond to all privacy inquiries within 5-7 business days.
Summary og Google Data Handling
For quick reference, here’s a summary of how we handle Google user data:
| Aspect | Details |
| Data Accessed | Email address and profile picture only |
| Purpose | Account creation and authentication |
| Sharing | Not shared except with essential service providers under contract |
| Storage | Encrypted databases with industry-standard security |
| Retention | While account is active |
| Deletion | Available on request within 30 days |
| User Control | Full control via account settings or email request |
