Legal
Privacy Policy
Last updated: 2 May 2026
This policy explains what personal data is collected, why it is used, who may receive it, how long it may be kept, and what rights you may have under Kenyan data protection law.
1. Who controls this data
This Privacy Policy explains how Imran Shiundu handles personal data collected through imranisdev.top, project forms, emails, bookings, questionnaires, files, and professional communications.
For general website enquiries and direct business communications, Imran Shiundu is the data controller. For some client projects, Imran Shiundu may act as a data processor where personal data is processed under the client instructions.
2. Kenyan data protection baseline
This policy is designed around the Kenya Data Protection Act, 2019, the related Data Protection Regulations, guidance from the Office of the Data Protection Commissioner, and other applicable Kenyan laws.
Where another law or a signed agreement gives you stronger rights, that law or agreement will apply to the extent required.
3. Personal data collected directly from you
You may provide your name, email address, phone or WhatsApp number, company name, role, country, project budget, project timeline, project description, attachments, brand assets, reference links, technical requirements, and messages.
If you use the project questionnaire, you may also provide business goals, competitors, target audience details, desired features, integrations, preferred style, content status, resource links, legacy technology notes, decision-maker details, and maintenance preferences.
4. Data collected automatically
The website may collect basic technical and usage data such as pages visited, device type, browser type, approximate location derived from network data, referring page, time of visit, performance data, and analytics events.
This data is used to understand site performance, improve content, diagnose errors, and keep the website useful.
5. Data you should not submit
Do not submit payment card numbers, government ID images, health records, private family information, regulated employee records, confidential third-party data, or highly sensitive personal data unless there is a clear written reason and a suitable transfer method has been agreed.
Do not submit access credentials or production system access details through ordinary contact forms unless specifically requested through a safer project process.
6. How personal data is used
Personal data may be used to respond to enquiries, evaluate projects, prepare quotes, schedule calls, send confirmations, plan technical work, provide services, manage invoices, maintain records, improve the website, prevent misuse, and comply with legal obligations.
Project information may also be used to understand technical feasibility, estimate timelines, identify risks, and decide whether a project is suitable.
7. Lawful basis for processing
Depending on the situation, personal data may be processed because it is necessary to take steps before entering a contract, perform a contract, comply with a legal obligation, pursue legitimate business interests, protect rights, prevent misuse, or because you have given consent.
Where consent is used, you may withdraw it, but withdrawal will not affect processing that already happened lawfully before withdrawal.
8. Communications
If you contact Imran Shiundu, your details may be used to reply by email, phone, WhatsApp, calendar invite, or another channel you used or requested.
Transactional and project-related messages are not marketing spam. If marketing updates are introduced later, you will be given a reasonable way to opt out.
9. Files and attachments
Attachments may be reviewed for project evaluation and planning. Examples include pitch decks, PDFs, images, briefs, screenshots, specifications, or design references.
You are responsible for ensuring that attachments do not contain unnecessary personal data, confidential third-party data, or materials you do not have permission to share.
10. Local storage and form recovery
Some interactive forms may save draft answers in your browser local storage to help you continue later. This information stays on your device unless you submit the form.
You can clear this information by clearing your browser storage or cache.
11. Cookies and analytics
The website may use necessary cookies, local storage, analytics tools, hosting logs, and similar technologies to run the website, measure traffic, improve pages, and detect errors.
Analytics data is used in an aggregated or limited way where possible. The website does not need advertising tracking to function.
12. Sharing of data
Personal data may be shared only where reasonably necessary with service providers such as hosting providers, email delivery providers, analytics providers, calendar tools, form handlers, cloud storage providers, payment or accounting providers, and professional advisers.
Data may also be shared where required by law, court order, regulator, tax authority, law enforcement, or to protect legal rights. Personal data is not sold.
13. International transfers
Some service providers may process data outside Kenya. Where this happens, reasonable steps will be taken to use reputable providers and apply safeguards required by applicable data protection law.
By using the website or submitting information, you understand that technical service providers may operate in different jurisdictions.
14. Retention
Personal data is kept only as long as reasonably necessary for the purpose it was collected, including project communication, service delivery, accounting, tax, legal, dispute, backup, and legitimate business record purposes.
Unsuccessful project enquiries may be deleted or archived after they are no longer useful. Active client records may be kept for longer where needed for contracts, tax, accounting, legal, and professional history.
15. Security
Reasonable technical and organisational measures are used to protect personal data from accidental loss, misuse, unauthorised access, disclosure, alteration, or destruction.
No internet system is perfectly secure. You should avoid sending unnecessary sensitive information and use secure transfer methods where appropriate.
16. Your rights
Subject to applicable law, you may have rights to request access to your personal data, correction of inaccurate data, deletion, restriction, objection to processing, data portability, and information about how your data is used.
You may also have the right to complain to the Office of the Data Protection Commissioner in Kenya if you believe your data protection rights have been violated.
17. Children
This website and professional services are not directed at children. Children should not submit personal data through this website without appropriate parent or guardian involvement.
Projects involving children data require a separate written review before work begins.
18. Client project data
If a client provides personal data for a project, the client is responsible for having a lawful basis to provide that data, giving required notices, obtaining required consents, and instructing how the data should be handled.
For higher-risk projects, a separate data processing agreement, security schedule, retention plan, or privacy review may be required before work begins.
19. Changes to this policy
This Privacy Policy may be updated from time to time. The latest version will be posted on this page with the updated date.
Material changes will not reduce rights under an existing signed agreement unless permitted by law or agreed in writing.
20. Contact
Questions, privacy requests, correction requests, or deletion requests should be sent to imranshiundu@gmail.com.
To protect privacy, identity or authority may need to be verified before action is taken on a request.