Privacy Policy
This policy explains how Sehpa collects, uses, stores, and protects data when treasurers use our WhatsApp-based fundraising and ledger tools.
1. Information We Collect
- Treasurer details: Name and phone number for managing fundraisers.
- Fundraiser data: Names, targets, statuses, and contribution history.
- Contribution data: Amounts, contributor names (if provided), source (manual/MPESA), transaction references.
- WhatsApp metadata: Phone number ID, access tokens, and verify tokens you configure to connect to Meta’s WhatsApp Cloud API.
- M-Pesa STK data: Shortcode, consumer key/secret, passkey, callback URL, and M-Pesa environment (sandbox/production).
- Logs: Application logs for troubleshooting (may include IPs, request metadata).
2. How We Use Information
- Operate and secure the fundraising platform and public ledgers used by treasurers.
- Process contributions and pledges, generate reports, and calculate totals.
- Send and receive WhatsApp messages for fundraiser setup, status, and confirmations.
- Initiate and track M-Pesa STK requests when enabled.
- Detect and prevent fraud, misuse, or unauthorized access.
- Improve reliability, performance, and user experience.
3. Data Sharing & Storage
- Third parties: Meta (WhatsApp Cloud API) and Safaricom (M-Pesa) receive the data you submit to those services. We do not sell personal data.
- Storage: Data is stored in our application database; secrets (access tokens, keys, passkeys) are stored in environment variables and are not shown publicly.
- Public ledgers: Fundraiser public pages may show contribution names/amounts you choose to share. Avoid entering sensitive personal data in public notes.
4. Security
- Use strong, unique credentials and restrict access to treasurer tools.
- Rotate and protect Meta/M-Pesa tokens and keys; avoid sharing them in chat or email.
- We employ access controls and server security best practices; no method is 100% secure.
5. Data Retention
- Contribution and fundraiser records are retained for audit/history unless a treasurer requests deletion.
- Logs are retained for troubleshooting and may be periodically rotated.
6. Your Choices
- Request removal of specific contributions or fundraiser data via your treasurer channel.
- Disable M-Pesa/WhatsApp integrations by clearing the related credentials in Settings.
- Limit public display by avoiding sensitive info in names/notes shown on public ledgers.
7. Contact
If you have questions or want to request data changes/removal, contact us via your Sehpa admin channel.