Privacy Policy

Xfix Global Limited | Protecting Your Data Across Our Global Ecosystem

Last Updated: March 22, 2026 | Version 2.0

Effective for all Xfix Global Limited products and services worldwide

X

Xfix Global Limited

Building Software, Empowering Business

At Xfix Global Limited, we are a premier enterprise-grade software engineering company dedicated to building innovative technological solutions that power businesses across Africa and beyond. Our expertise spans rental management systems, custom enterprise applications, point-of-sale solutions, educational technology platforms, and comprehensive digital transformation services. With a commitment to excellence, security, and innovation, we serve thousands of users across our diverse product ecosystem.

This Privacy Policy governs all products, services, platforms, and applications developed, operated, and maintained by Xfix Global Limited, including but not limited to Nesthub Global (Rental Management System), Daphas POS (Point of Sale System), Shule Yangu Online (Educational Management Platform), StreamPay (Digital Payment Solution), Giigikuyu Giitu (Cultural Heritage Platform), and all custom software solutions delivered to our enterprise clients. We are committed to protecting your privacy and ensuring the highest standards of data security across our entire technological ecosystem.

1

Information We Collect Across Xfix Global Platforms

As a comprehensive software engineering enterprise serving diverse industries, Xfix Global Limited collects various categories of information to deliver, optimize, and secure our services. Our data collection practices are designed to be transparent, lawful, and aligned with international privacy standards. The types of information we collect include:

πŸ“‹ Personal Identification Information

  • Full name and preferred name
  • Email addresses (personal and business)
  • Phone numbers (mobile and landline)
  • Physical address and postal address
  • Date of birth and age verification data
  • Government-issued identification numbers (where required for compliance)
  • National ID, passport, or driver's license information for KYC purposes
  • Employer details and job title
  • Professional certifications and credentials

πŸ” Account and Authentication Data

  • Username and password credentials
  • Multi-factor authentication tokens and backup codes
  • Security questions and answers
  • Login history and session data
  • Device fingerprints and trusted device information
  • API keys for developer and enterprise access
  • SSO (Single Sign-On) integration data

πŸ’° Transactional and Financial Data

  • Payment method details (credit/debit cards, mobile money, bank transfers)
  • Billing address and tax identification numbers
  • Subscription plans and payment history
  • Invoice records and receipts
  • Refund and dispute information
  • Pricing tier and service level agreements
  • Financial transaction metadata and timestamps
  • Currency preferences and exchange rate data

πŸ“Š Usage and Analytics Data

  • IP addresses and geolocation data
  • Browser type, version, and language preferences
  • Operating system and device information
  • Screen resolution and viewport dimensions
  • Feature usage patterns and clickstream data
  • Session duration and engagement metrics
  • Error logs and performance data
  • Referrer URLs and traffic sources

🏒 Business and Enterprise Data

  • Company name, registration number, and tax ID
  • Business structure and organizational hierarchy
  • Employee details and role assignments
  • Departmental information and access permissions
  • Operational data specific to our software solutions
  • Custom configurations and settings
  • Integration data with third-party services
  • Service level agreements and contract details

πŸ’¬ Communication and Support Data

  • Customer support tickets and chat transcripts
  • Email correspondence and attachments
  • Phone call recordings and notes
  • Survey responses and feedback submissions
  • Feature requests and bug reports
  • Social media interactions and mentions
  • Newsletter subscriptions and marketing preferences
  • User-generated content and reviews

Collection Methods: We collect this information through multiple channels including direct user input during registration and onboarding, automated tracking technologies (cookies, pixels, and scripts), third-party integrations (payment processors, authentication providers, analytics services), and indirect sources such as business partners and public records where legally permissible.

2

How Xfix Global Limited Uses Your Information

Xfix Global Limited processes your information for specific, legitimate purposes that enable us to deliver exceptional software solutions and maintain the highest standards of service. Our processing activities are grounded in legal bases including contractual necessity, legitimate business interests, compliance with legal obligations, and user consent where required. We use your information for:

🎯
Core Service Delivery
  • Creating and managing user accounts across all Xfix platforms
  • Authenticating user identities and maintaining session security
  • Processing transactions and managing subscriptions
  • Delivering platform features and functionality as designed
  • Providing customer support and technical assistance
  • Managing API access for enterprise integrations
  • Customizing user experiences based on roles and permissions
πŸš€
Product Development & Improvement
  • Analyzing usage patterns to identify optimization opportunities
  • Developing new features based on user feedback and needs
  • Improving platform performance and reducing latency
  • Enhancing user interface and user experience design
  • Conducting A/B testing to validate improvements
  • Identifying and fixing bugs and technical issues
  • Scaling infrastructure to meet growing demand
πŸ›‘οΈ
Security & Compliance
  • Detecting and preventing fraudulent activities
  • Monitoring for unauthorized access attempts
  • Ensuring compliance with applicable laws and regulations
  • Conducting security audits and vulnerability assessments
  • Investigating security incidents and breaches
  • Implementing data protection measures and safeguards
  • Maintaining audit trails for regulatory requirements
πŸ“’
Communication & Engagement
  • Sending service announcements and security alerts
  • Delivering transactional emails and notifications
  • Responding to support inquiries and feedback
  • Sharing product updates and new feature releases
  • Conducting user surveys and gathering testimonials
  • Managing marketing communications with user consent
  • Facilitating community engagement and user forums
πŸ“ˆ
Analytics & Business Intelligence
  • Generating aggregate usage statistics and trends
  • Measuring platform performance and reliability
  • Identifying user preferences and market opportunities
  • Forecasting resource requirements and capacity planning
  • Supporting strategic business decisions and investments
  • Creating anonymized datasets for research purposes
  • Evaluating marketing campaign effectiveness
βš–οΈ
Legal Obligations & Rights Protection
  • Complying with court orders and regulatory requests
  • Enforcing our Terms of Service and agreements
  • Protecting intellectual property rights
  • Defending against legal claims and disputes
  • Investigating violations of our policies
  • Cooperating with law enforcement agencies
  • Preserving evidence for legal proceedings
3

Data Sharing, Disclosure, and Third-Party Relationships

Xfix Global Limited is committed to maintaining your trust and protecting your information. We do not sell your personal data to third parties. We share information only under specific circumstances with appropriate safeguards in place:

Recipient Category Purpose of Sharing Safeguards Implemented
Hosting Infrastructure Provider
TrueHost (Cloudoon Networks)		 Enterprise-grade hosting services including dedicated servers, Virtual Private Servers (VPS), and shared hosting infrastructure across multiple global data centers ISO-certified data centers, 24/7 security monitoring, physical access controls, redundant power and network infrastructure, regular security audits
Cloud & Infrastructure Providers
AWS, Google Cloud, Azure		 Additional cloud services, content delivery, backup storage, and disaster recovery services Data processing agreements, encryption at rest and in transit, regional data residency options
Payment Processors
Stripe, PayPal, M-Pesa, Banks		 Payment processing, fraud detection, subscription management, and financial reconciliation PCI DSS compliance, tokenization, limited data sharing, separate security certifications
Analytics & Monitoring Services
Google Analytics, Sentry, Hotjar		 Performance monitoring, error tracking, user behavior analysis, and platform optimization Data anonymization, IP masking, data retention limits, user opt-out options
Business Partners
Daphas Comp, Shule Yangu, StreamPay		 Cross-platform integration, seamless user experiences, and co-marketing initiatives Contractual data protection clauses, limited data scope, user consent mechanisms
Customer Support Tools
Zendesk, Freshdesk, Intercom		 Ticket management, live chat, email support, and user communication Access controls, data encryption, compliance with support platform security standards
Legal & Regulatory Authorities
Courts, regulators, law enforcement		 Compliance with legal obligations, court orders, and regulatory investigations Legal review of requests, minimum necessary disclosure, user notification where permitted
πŸ”’ Additional Sharing Scenarios:
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred as part of the transaction. We will provide notice before your information becomes subject to a different privacy policy.
  • With Your Consent: We may share your information with third parties when you provide explicit consent for specific purposes, such as participating in co-marketing campaigns or enabling third-party integrations.
  • Aggregated Data: We may share anonymized, aggregated data that does not identify individuals for research, marketing, or business intelligence purposes.
  • Emergency Situations: We may disclose information to protect the vital interests of users or others in emergency situations involving threats to health or safety.
4

Enterprise-Grade Security Measures & Hosting Infrastructure

As an enterprise-grade software engineering company, Xfix Global Limited implements comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Our infrastructure is powered by TrueHost, a premier hosting provider utilizing Linux-based (Ubuntu, AlmaLinux, Rocky Linux, Debian) and Windows 2019 servers to deliver reliable, high-performance hosting services across our global network.

🌍 Global Data Center Infrastructure
  • Strategic Data Center Locations: Distributed across Tier III and Tier IV data centers in Europe, USA, and Kenya
  • Cloudoon Nameservers: DNS management through ns2.cloudoon.net and ns3.cloudoon.org
  • Server Architecture: Dedicated servers and Virtual Private Servers (VPS)
  • Operating Systems: Ubuntu, AlmaLinux, Rocky Linux, Debian, Windows 2019
  • Geographic Redundancy: Data replicated across multiple geographic regions
πŸ” Encryption & Infrastructure Security
  • In-Transit Encryption: TLS 1.2/1.3 protocols
  • At-Rest Encryption: AES-256 encryption
  • Network Security: Enterprise-grade firewalls, DDoS protection, IDS
  • Physical Security: 24/7 security personnel, biometric access controls
  • Key Management: Hardware security modules (HSMs)
πŸ‘₯ Access Controls & Authentication
  • Role-Based Access Control (RBAC): Least privilege principle
  • Multi-Factor Authentication: Required for administrative access
  • Secure Shell (SSH) Access: Key-based authentication
  • Session Management: Automatic session timeouts
  • Access Reviews: Quarterly audits and recertification
πŸ” Monitoring & Incident Response
  • 24/7/365 Security Monitoring: Real-time threat detection
  • Centralized Log Management: 12-month retention
  • Vulnerability Management: Weekly scans, quarterly penetration tests
  • Intrusion Detection: HIDS/NIDS monitoring
  • Incident Response Team: Dedicated 24/7 security team
πŸ”„ Backup & Disaster Recovery
  • Automated Backups: Daily backups with 90-day retention
  • Geographic Distribution: Backups replicated across Europe, USA, and Kenya
  • Recovery Time Objective (RTO): 4 hours for critical systems
  • Recovery Point Objective (RPO): 24-hour maximum data loss
  • Regular Testing: Quarterly disaster recovery drills
Important Security Notice: While we implement industry-leading security measures across our TrueHost-powered infrastructure, no system is 100% secure. We encourage you to take active steps to protect your account by using strong, unique passwords, enabling multi-factor authentication where available, logging out after each session, and promptly reporting any suspicious activity to security@xfixglobal.com.
5

International Data Transfers & Data Center Locations

As a global company with operations in Kenya and clients worldwide, your information may be transferred to and processed in countries outside your residence. Xfix Global Limited leverages TrueHost's global data center infrastructure with facilities strategically located across three continents:

🌍
Europe

GDPR-compliant data centers with enhanced privacy protections for EU residents

πŸ‡ΊπŸ‡Έ
USA

North American data centers with robust security certifications and compliance frameworks

πŸ‡°πŸ‡ͺ
Kenya

Local African data centers ensuring low-latency access and compliance with Kenya Data Protection Act

We ensure appropriate safeguards for international data transfers including:

  • Standard Contractual Clauses (SCCs): EU-approved contractual provisions for data transfers from the European Economic Area
  • Data Residency Options: Upon request, we can configure data storage to specific geographic regions to meet local data residency requirements
  • Kenya Data Protection Act Compliance: Full compliance with Kenya's data protection regulations for data processed within Kenyan data centers
  • Cross-Border Data Transfer Mechanisms: Appropriate safeguards for transfers to countries without adequacy decisions
  • Data Processing Agreements: Contractual commitments from all infrastructure providers ensuring compliance with applicable data protection laws
6

Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance functionality, analyze usage, and personalize experiences across all Xfix platforms.

Cookie Categories: Essential (required), Functional (preferences), Analytics (performance), and Advertising (marketing). You can manage cookie preferences through browser settings or our cookie consent tool.

7

Data Retention Policy

We retain personal information for as long as your account is active or as needed to provide services. Retention periods vary by data type: account data (duration of active account + 30 days), transaction data (7 years for legal compliance), logs (12 months), and backups (90 days on our TrueHost infrastructure). After retention periods expire, data is securely deleted or anonymized.

8

Your Privacy Rights

Depending on your jurisdiction (GDPR, CCPA, Kenya Data Protection Act, etc.), you may have rights to access, correct, delete, restrict processing, data portability, object to processing, and withdraw consent. To exercise rights, contact privacy@xfixglobal.com. We respond within 30 days.

9

Children's Privacy

Our platforms are not intended for children under 13 years of age (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we learn we have inadvertently collected such information, we will delete it promptly. Parents or guardians may contact us to request removal.

10

Policy Updates & Notifications

We may update this Privacy Policy periodically. Material changes will be notified via email (30 days advance notice), platform notifications, and website updates. The "Last Updated" date at the top reflects the latest revision. Continued use after changes constitutes acceptance of the updated policy.

πŸ“§

Contact Xfix Global Limited

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, our dedicated privacy team is here to help.

πŸ“§ Privacy & Data Protection

Email: privacy@xfixglobal.com

Data Protection Officer: dpo@xfixglobal.com

πŸ’¬ General Support

Email: support@xfixglobal.com

Phone: +254 (740) 95 - 7657

πŸ“ Physical Address

Xfix Global Limited, Nairobi, Kenya | Remote Global Operations

🌐 Online Resources

Website: https://xfixglobal.com

Security Reports: security@xfixglobal.com

For privacy-related complaints, you may also contact your local data protection authority. We are committed to resolving any concerns promptly and transparently.