Privacy Policy

Effective Date: March 12, 2026

Lacesse Ventures ("Lacesse", "we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use Lacesse Duka storefronts, integrate Lacesse Fikra APIs, or interact with our hardware and Newsroom services (collectively, the "Services").

This policy complies with the Kenya Data Protection Act (2019) and aligns with international data protection standards, including the GDPR.

Important Role Distinction:
When you create a Lacesse account to sell products or use our API, Lacesse is the Data Controller of your information.
When a customer buys a product from your Lacesse Duka storefront, you (the Merchant) are the Data Controller of that customer's data, and Lacesse is merely the Data Processor. This relationship is governed by our Data Processing Agreement (DPA).

1. Information We Collect

A. Information from Merchants & Developers

If you register for a Lacesse account to use Duka or Fikra, we collect:

Account Information: Name, email address, phone number, and password.
Business Information: Business name, tax registration (if applicable), and physical address.
Financial Information: Payment processor IDs (e.g., Paystack subaccount details) and billing information for Lacesse platform fees.
API & AI Usage Data: Logs of your API calls to Lacesse Fikra, including timestamps, IP addresses, and payload sizes.

B. Information from End-Customers (Buyers)

When a buyer makes a purchase on a merchant's Lacesse Duka storefront, we process the following data on the merchant's behalf:

Transaction Data: Buyer's name, email, shipping address, and order details.
Note on Payment Data: Lacesse does not process or store raw credit card numbers or mobile money PINs. All financial processing is securely routed through our licensed third-party gateway (Paystack).

C. Information Collected Automatically

When you visit our website or use our Services, we automatically collect:

Device & Log Data: IP address, browser type, operating system, and diagnostic data.
Cookies: As detailed in our Terms of Use, we use strictly necessary, functional, and analytical cookies to maintain session security and monitor platform performance.

2. How We Use Your Information

We use the collected data for the following purposes:

To Provide the Services: Hosting Duka storefronts, routing transactions, and generating AI responses via Fikra.
Security & Fraud Prevention: Monitoring API usage for abuse, DDoS attacks, or violations of our Acceptable Use Policy.
Platform Improvement: Analyzing usage trends to improve system architecture and routing efficiency.
Compliance: Fulfilling our legal obligations regarding tax reporting and anti-money laundering (AML) laws.

Lacesse Fikra & AI Data Use: Lacesse Ventures does not use the private API payloads (prompts and completions) submitted by our developers and merchants to train foundational public AI models. API data is temporarily logged strictly for abuse monitoring, debugging, and rate-limiting purposes before being routinely purged.

3. Data Sharing & Subprocessors

Lacesse does not sell your personal data to data brokers. We only share information with third parties in the following circumstances:

Service Providers (Subprocessors): We utilize top-tier cloud infrastructure providers (e.g., Render, Neon, Cloudflare) and AI infrastructure partners (e.g., Groq) to run our platform.
Merchants: End-customer order data is shared directly with the Merchant the customer is purchasing from so they can fulfill the order.
Legal Requirements: If required by a valid subpoena, court order, or government request in Kenya or jurisdictions where our servers reside.

For a complete, transparent list of our infrastructure partners, please view our Subprocessors & Partners Page.

4. International Data Transfers

To provide enterprise-grade uptime and speed, Lacesse utilizes globally distributed servers. Your data may be transferred to, processed, and stored in Frankfurt, Germany and the United States. By using our Services, you consent to these cross-border transfers. We ensure our international partners employ robust security measures compliant with international standards.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Active Accounts: Retained for the lifetime of your account.
Financial Records: Transaction logs and billing history are retained for up to seven (7) years to comply with Kenyan tax and accounting laws.
End-Customer Data: Retained on behalf of the Merchant. Merchants may delete this data from their dashboards at any time.

6. Your Data Rights

Under the Kenya Data Protection Act, you have the right to:

Access: Request a copy of the personal data we hold about you.
Correction: Request that we correct inaccurate or incomplete data.
Erasure (Right to be Forgotten): Request the deletion of your account and personal data, subject to legal retention requirements.
Objection: Object to the processing of your data for direct marketing purposes.

To exercise these rights regarding your Lacesse Merchant or Developer account, please email us at [email protected]. (Note: If you are an end-customer who bought from a Duka store, you must contact the Merchant directly to exercise your data rights, and we will assist them in fulfilling the request.)

7. Security Measures

We implement commercially reasonable technical and organizational security measures—including encryption at rest (via our database providers), TLS/SSL encryption in transit, and edge-level DDoS protection—to protect your data. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Effective Date" at the top of this page and, where appropriate, notifying you via email or a dashboard alert.

Contact Us: If you have any questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at [email protected]. You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya.