Privacy Policy

Data Protection Act, 2019 (Cap. 411C) · Effective date: 19 April 2026

Sheria Digital ("we," "us," or "our") is committed to protecting the personal data of individuals who use our services. This Privacy Policy describes how we collect, use, store, and protect your personal data in compliance with the Data Protection Act, 2019 (Cap. 411C) and its subsidiary regulations, as enforced by the Office of the Data Protection Commissioner (ODPC).

In accordance with Section 29 of the Act, we are required to inform you, before collecting your personal data, of the matters set out in this policy.

1. Data Controller

The data controller responsible for your personal data is Sheria Digital, operated as a sole proprietorship in Nairobi, Kenya.

For all data protection inquiries, contact us at: hello@sheriadigital.ke

2. Personal Data We Collect

We collect the following categories of personal data, in accordance with the data minimisation principle under Section 25(d) of the Act:

Email address — collected through our notification signup form (powered by Tally) when you opt to receive updates about new documents
Business information you enter into the generator — company name, address, entity type, registration number, DPO name and email, website URL, and ODPC registration number. This data is processed entirely in your browser and is not transmitted to or stored on our servers.

We collect personal data directly from you, in accordance with Section 28 of the Act.

3. Purposes of Processing

We process your personal data for the following purposes, as required by Section 25(c) and Section 29(c) of the Act:

To send you notifications about new document types and product updates (email address only)
To generate your compliance documents (business information — processed locally in your browser, not stored by us)

4. Legal Basis for Processing

We process your personal data on the following legal grounds, as set out in Section 30 of the Act:

Your consent (Section 30(1)(a)) — you provide your email address voluntarily when you sign up for notifications

You have the right to withdraw your consent at any time, in accordance with Section 32(2). To unsubscribe, contact us at hello@sheriadigital.ke.

5. Third-Party Processors

We use the following third-party services that may process your personal data:

Tally (tally.so) — processes email addresses submitted through our notification form. Tally stores data on servers in the European Union. We use Tally as a data processor in accordance with Section 42 of the Act.
Umami Cloud (umami.is) — provides privacy-friendly website analytics. Umami does not use cookies, does not collect personal data, and does not track individual users. No personal data is processed by Umami.
Hostinger — provides website hosting. Hostinger may process server access logs (IP addresses) as part of standard hosting operations.

6. International Data Transfers

Email addresses submitted through the Tally notification form are transferred to and stored on servers in the European Union. This transfer is carried out in accordance with Section 48 of the Act, on the basis that the EU provides commensurate data protection through the General Data Protection Regulation (GDPR).

Business information entered into the document generator is processed entirely in your browser and is not transferred to any server.

7. Data Retention

We retain email addresses only for as long as you wish to receive notifications. You may request deletion at any time by contacting hello@sheriadigital.ke, in accordance with Section 39 of the Act.

Business information entered into the generator is not retained by us. It exists only in your browser session and is lost when you close the page.

8. Security Measures

In accordance with Section 41 of the Act (data protection by design and by default), we have implemented the following measures:

The document generator processes all data locally in your browser — no business data is transmitted to our servers
The website is served over HTTPS with a valid SSL certificate
We use privacy-friendly analytics (Umami) that do not track individual users

In the event of a personal data breach affecting the email addresses we hold, we will notify the Data Commissioner within seventy-two hours in accordance with Section 43(1)(a).

9. Your Rights Under the Act

As a data subject, you have the following rights under the Data Protection Act 2019:

The right to be informed of the use to which your personal data is put (Section 26(a))
The right to access your personal data in our custody (Section 26(b))
The right to object to the processing of your personal data (Section 26(c))
The right to correction of false or misleading data (Section 26(d))
The right to deletion of false or misleading data (Section 26(e))

To exercise any of these rights, contact us at hello@sheriadigital.ke. We will respond within thirty days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner in accordance with Section 56 of the Act at complaints@odpc.go.ke.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by publishing the updated policy on this page and updating the effective date above.

11. Contact Us

For any questions about this Privacy Policy or our data protection practices:

Email: hello@sheriadigital.ke
Website: sheriadigital.ke

You may also contact the Office of the Data Protection Commissioner at complaints@odpc.go.ke or visit www.odpc.go.ke.