Legal

Privacy Policy

How PoultryDesk handles personal and Organization data, and the rights you have over it.

This is a review-ready draft aligned to our regulatory posture. It is not final legal advice and is pending counsel sign-off before production use.

Last updated: 2 July 2026

Who this covers

This policy applies to PoultryDesk, the poultry operations platform, and to the people who use it: Organization owners, members, and the visitors to our public pages. Where your Organization is the data controller for its farm records, PoultryDesk acts as the processor under your instructions.

What we collect

  • Account details: name, email, role, and the Organization and subdomain you belong to.
  • Operational records you capture: Lots, rounds, mortality, feed, eggs, health treatments, inventory, sales, and expenses.
  • Technical data needed to run the service: device and session identifiers, sync state, and security and audit logs.
  • Billing data for paid plans, handled by our payment provider - we do not store full card numbers.

How we use it

We use your data to run the service you signed up for: to store and sync your records, enforce access control and plan entitlements, produce your reports, keep an audit trail for traceability, and contact you about your account. We do not sell personal data.

Tenant isolation

Each Organization’s operational data lives in its own database schema. There is no shared table through which one Organization can read another’s records. Access within an Organization is governed by roles and permissions that you control.

Data retention

We keep operational records for as long as your Organization is active so your traceability and audit history stay intact. If a subscription lapses, data enters a defined grace and retention window before removal, in line with our subscription lifecycle. Some records, such as audit and food-safety trails, may be retained longer where regulation requires it.

Your rights

Under the GDPR and the Kenya Data Protection Act, you can request access to your personal data, correction of inaccurate data, deletion where the law allows, a portable export, and restriction or objection to certain processing. To exercise any of these, contact us using the details below and we will respond within the statutory timeframe.

Security

We protect data in transit and at rest, enforce role-based access and two-factor authentication for sensitive actions, and keep an append-only audit log of who did what and when. No system is perfectly secure, but security is a first-class constraint, not an add-on.

Contact

For any privacy question or to exercise a data right, reach us through the contact page and choose the data and privacy route.