Privacy Policy

Enthelot Cloud ("Agency", "We", "Us") is committed to protecting the privacy and security of our clients and users. This Privacy Policy outlines how we collect, use, process, and safeguard your personal and corporate data when you interact with our website, client portal, cloud infrastructure, and software engineering services. By using our services, you consent to the data practices described in this policy.

For the purposes of applicable data protection laws (including the Kenya Data Protection Act and GDPR), Enthelot Cloud acts as the Data Controller for information collected directly from our direct clients (e.g., billing details, contact info). However, for data hosted on our cloud infrastructure or processed through applications we develop for clients, we act strictly as a Data Processor. The Client remains the Data Controller for their own users' data.

When you request a quote, submit a project brief, or create an account on our Client Portal, we collect personally identifiable information (PII) and corporate data. This includes your name, corporate email address, phone/WhatsApp number, physical business address, project specifications, brand assets, and billing information necessary to establish a commercial relationship.

When you visit our website or use our cloud infrastructure panels, we automatically collect technical telemetry data. This includes your IP address, browser type, operating system, access times, referring website addresses, and interaction metrics. This data is utilized strictly for maintaining service quality, security monitoring, and localized performance optimization.

We utilize cookies, web beacons, and similar tracking technologies to track activity on our platform and hold certain information. Essential cookies are used for authentication and security. Analytical cookies help us understand user behavior to improve our UI/UX. You can instruct your browser to refuse all cookies; however, portions of our Client Portal may become inaccessible.

We use the collected data for the following strictly defined purposes: to provide and maintain our cloud services, to notify you about changes to our infrastructure, to provide customer support, to gather analysis so we can improve our engineering processes, to monitor usage of our services, and to detect, prevent, and address technical issues or security threats.

Enthelot Cloud provides server space and database hosting. We do not inspect, mine, sell, or interact with the raw data our clients store on our servers unless explicitly requested for technical support, database migration, or disaster recovery. We utilize zero-knowledge principles wherever technically feasible.

We do not sell, rent, or trade your personal information. We only share data with trusted third-party vendors who assist us in operating our infrastructure (e.g., AWS, DigitalOcean), processing payments (e.g., Stripe, M-Pesa API), and delivering our communications. These third parties are contractually obligated to keep your information confidential and use it only for the services they provide to us.

When processing payments via credit cards or mobile money, Enthelot Cloud does not store raw financial data (e.g., full credit card numbers) on our local servers. All transactions are routed through encrypted, PCI-DSS compliant third-party payment gateways. We only retain transaction IDs, timestamps, and billing addresses for tax and accounting purposes.

We implement enterprise-grade security measures to protect your personal information. This includes SSL/TLS encryption in transit, AES-256 encryption at rest for sensitive database columns, strict firewall configurations, and role-based access control (RBAC) for our engineering staff. However, no method of transmission over the Internet is 100% secure.

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, Kenyan tax laws require retaining invoices for up to 7 years), resolve disputes, and enforce our legal agreements and policies.

Depending on your jurisdiction, you have the right to access, update, or delete the information we have on you. You also possess the right to rectification, the right to object to processing, the right to restriction, the right to data portability, and the right to withdraw consent. Requests to exercise these rights can be submitted via our official privacy contact email.

If you are an active client or have opted into our mailing list, we may use your corporate email to send newsletters, infrastructure updates, or promotional materials. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

We may use third-party Service Providers to monitor and analyze the use of our Service. These tools (such as Google Analytics or self-hosted alternatives like Plausible) collect data regarding page views, navigation paths, and load times. This data is anonymized and aggregated to help us optimize our server response times and frontend performance.

Your information, including Personal Data, may be transferred to—and maintained on—computers located outside of your country or other governmental jurisdiction where the data protection laws may differ. By consenting to this Privacy Policy, you agree to the transfer of data to our secure server clusters located globally, strictly under compliant data transfer agreements.

Our services are strictly intended for corporate entities, professionals, and individuals over the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If we become aware that we have collected Personal Data from children without verification of parental consent, we take immediate steps to remove that information from our servers.

If Enthelot Cloud is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred as a business asset. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy. Your data will remain protected under the terms of this existing policy until the transfer is complete.

Under certain circumstances, Enthelot Cloud may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency in Kenya or applicable jurisdictions). We will strictly verify the legal validity of any such request before compliance.

In the unlikely event of a data breach compromising unencrypted client data or hosted infrastructure, Enthelot Cloud commits to notifying affected Data Controllers within 72 hours of discovering the breach. We will provide full transparency regarding the nature of the breach, the data affected, and the immediate mitigation steps implemented by our security team.

Our Service may contain links to other sites that are not operated by us (e.g., portfolio links, third-party software providers). If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We may update our Privacy Policy periodically to reflect changes in our engineering practices, legal compliance requirements, or cloud infrastructure updates. We will notify active clients of any material changes via email and update the "Last Updated" date at the top of this document. Continued use of our services after updates constitutes acceptance of the new policy.

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a security vulnerability, please contact our Data Protection Officer at our official privacy email address or through our corporate headquarters in Nairobi, Kenya.