Privacy Policy

Compliance Dira Ltd ("Dira", "we", "our") is a data controller registered in Kenya. We operate the Dira compliance platform at compliancedira.com. Contact: team@compliancedira.com | Data Protection Officer: dpo@compliancedira.com

We collect personal data that you provide when you: • Create a Dira account (name, email address, company name) • Use our platform (usage data, compliance records you create) • Contact us (name, email, message content) • Subscribe to communications (email address) We also collect technical data automatically: IP address (anonymised), browser type, pages visited, and session duration via Vercel Analytics.

We process your personal data to: • Provide and maintain the Dira platform (contractual necessity) • Send product and compliance update communications (legitimate interest / consent) • Respond to your support and sales enquiries (legitimate interest) • Improve our products through anonymised usage analytics (legitimate interest) • Comply with our legal obligations under Kenya law

We share your data only where necessary: • Vercel Inc - platform hosting and analytics (US, with adequate safeguards) • Resend Inc - transactional email delivery (US, with adequate safeguards) We do not sell your personal data. We do not share it for third-party marketing purposes.

We retain your account data for the duration of your Dira subscription plus 12 months following account closure. Anonymised analytics data is retained for 24 months. Contact form data is retained for 6 months.

Under the Kenya Data Protection Act 2019, you have the right to: • Access the personal data we hold about you (s.26) • Request correction of inaccurate data (s.29) • Request erasure of your data (s.27) • Request data portability (s.28) • Object to processing (s.29) • Lodge a complaint with the ODPC at odpc.go.ke To exercise any of these rights, contact: dpo@compliancedira.com. We respond within 7 business days.

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews - in accordance with s.41 of the DPA 2019.

We use strictly necessary cookies for platform functionality and anonymised analytics cookies via Vercel Analytics. For full details, see our Cookie Policy.

We will notify you of material changes to this policy by email or via an in-platform notification. The effective date of the current version is shown below.

Data Protection Officer: dpo@compliancedira.com General enquiries: team@compliancedira.com Postal: Compliance Dira Ltd, Upper Hill, Nairobi 00100, Kenya