Legal

Privacy Policy.

How we collect, use, and protect your data. Transparent and straightforward.

Last updated: July 5, 2026

1. Who We Are

Taifa Mail is an email delivery platform operated by RCFI ("we", "us"), part of the GovConnect Kenya organisation. We build software for Kenyan government ministries, counties, agencies, and public institutions.

This policy covers Taifa Mail and the services we operate under govconnect.ke, including any subdomains or applications associated with the platform.

2. Information We Collect

Information you provide

  • Account information: name, email address, and profile picture when you sign in via OAuth.
  • Sending data: sender addresses, domains, templates, and message content you submit through the dashboard, SMTP relay, or API.
  • Recipient data: contact lists, email addresses, and related fields you upload in order to send email through the platform.

Information collected automatically

  • Usage data: pages visited, features used, and interaction patterns.
  • Device information: browser type, operating system, and screen resolution.
  • Network information: IP address and approximate location.
  • Delivery events: sends, deliveries, bounces, opens, clicks, and complaints, which we record to provide analytics and protect sender reputation.

3. How We Use Your Information

  • To provide and maintain our services.
  • To deliver email on your behalf and report on delivery outcomes.
  • To send transactional emails (account notices, billing receipts, alerts).
  • To authenticate your identity and secure your account.
  • To prevent abuse, spam, and fraud on our sending infrastructure.
  • To improve our products and user experience.
  • To communicate with you about your account or our services.

4. Data Sharing

We do not sell your personal data. We share information only in these cases:

  • OAuth providers: We use OAuth for authentication. The provider's privacy policy applies to data processed by that provider.
  • Service providers: We use infrastructure providers to host our services. Data is stored on secured cloud infrastructure with industry-standard access controls and encryption at rest.
  • Payment processors: Billing is handled by our payment partners. We do not store raw card numbers or mobile money PINs.
  • Legal requirements: We may disclose information if required by law or to protect our rights.

5. Data Storage and Security

Your data is stored in PostgreSQL databases hosted on secured servers. We use industry-standard security measures including:

  • TLS/SSL encryption for all data in transit.
  • Hashed credentials where applicable.
  • Session tokens stored in HTTP-only, secure cookies.
  • Regular security audits of our infrastructure.

6. Your Rights

In line with the Kenya Data Protection Act, 2019, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for data processing.

To exercise any of these rights, contact us at support@govconnect.ke.

7. Cookies

We use essential cookies only, specifically an HTTP-only authentication cookie to maintain your login session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes via email or through our platforms.

10. Contact

For privacy-related questions or requests: