Privacy Policy

1. Who We Are

UniZaar is a peer-to-peer (P2P) marketplace operated by UniCorns Ltd (“we”, “us”, “our”). We provide a platform that enables individuals to buy and sell goods directly to each other. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use UniZaar at zaar.unicorns.run.

2. Data We Collect

3. How We Use Your Data

• To create and manage your account
• To enable buying, selling, and communication between users
• To process transactions and facilitate payments
• To provide customer support and resolve disputes
• To detect and prevent fraud, abuse, and policy violations
• To improve our platform, features, and user experience
• To send service-related notifications (transaction updates, security alerts)
• To comply with legal obligations under Kenyan and applicable international law

4. Legal Basis for Processing

• Contract performance: Processing necessary to provide our marketplace services to you
• Legitimate interest: Platform security, fraud prevention, and service improvement
• Consent: Analytics cookies, marketing communications, and optional data collection
• Legal obligation: Compliance with Kenya DPA 2019, tax regulations, and court orders

5. Data Sharing

We do not sell your personal data. We may share data with:

• Other users: Your public profile, listings, and ratings are visible to other UniZaar users
• Service providers: AWS (hosting), Amazon Cognito (authentication), payment processors (M-Pesa, Stripe)
• Law enforcement: When required by law or to protect the safety of our users

6. Data Storage & Transfers

Your data is stored on AWS infrastructure in the US-East-1 region. International data transfers are protected by Standard Contractual Clauses in compliance with both the Kenya DPA 2019 and GDPR. Data is encrypted in transit (TLS 1.3) and at rest (AES-256).

7. Data Retention

We retain your account data for as long as your account is active. Transaction records are retained for 7 years for tax and legal compliance. You may request account deletion at any time, after which personal data is removed within 30 days (except where retention is legally required).

8. Your Rights

Under the Kenya Data Protection Act 2019 and GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Request erasure of your data (“right to be forgotten”)
• Restrict or object to processing of your data
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time (without affecting prior processing)
• Lodge a complaint with the ODPC at datacommissioner@odpc.go.ke
• For EU residents: lodge a complaint with your local Data Protection Authority

9. Security

We implement industry-standard security measures including TLS encryption, secure authentication via Amazon Cognito, per-tenant encryption keys via AWS KMS, regular security audits, and access controls. While no system is 100% secure, we take all reasonable measures to protect your data.

10. Children's Privacy

UniZaar is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or platform notification. Continued use of UniZaar after changes constitutes acceptance.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at: privacy@unicorns.run