Privacy Policy

We collect several types of information from and about users of our Service, including: **Personal Information** • Email address • Name (if provided) • Payment information (processed securely by our payment providers) • Account credentials **Usage Information** • Log data including IP address, browser type, and access times • Device information including hardware model and operating system • Usage patterns and feature interactions • Performance data and error logs **Automatically Collected Information** • Cookies and similar tracking technologies • Analytics data through privacy-focused analytics tools • Session information for security purposes

We use the information we collect for various purposes: **Service Provision** • To create and manage your account • To process transactions and send related information • To provide customer support • To operate, maintain, and improve our Service **Communication** • To send you technical notices and updates • To respond to your comments and questions • To send promotional communications (with your consent) • To send security alerts and administrative messages **Security & Analytics** • To detect, prevent, and address technical issues • To monitor and analyze usage patterns • To protect against fraudulent or unauthorized activity • To enforce our Terms of Service

We do not sell, trade, or rent your personal information to others. We may share your information only in the following situations: **Service Providers** We may share information with third-party vendors who perform services for us, such as: • Payment processing (Flutterwave) • Email delivery (Resend) • Analytics services • Cloud hosting providers These providers are contractually obligated to use your information only to provide services to us. **Legal Requirements** We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court order, government request). **Business Transfers** In the event of a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy. **With Your Consent** We may share your information with other parties when we have your explicit consent to do so.

We implement appropriate technical and organizational measures to protect your personal information: **Encryption** • All data is encrypted in transit using TLS 1.3 • Sensitive data is encrypted at rest using AES-256 **Access Control** • Strict access controls limit employee access to personal data • Multi-factor authentication is required for system access • Regular access audits and reviews **Infrastructure Security** • Regular security assessments and penetration testing • Intrusion detection and prevention systems • Automated security monitoring and alerting **Incident Response** • Documented incident response procedures • Prompt notification in case of data breaches • Regular backup and disaster recovery testing While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We retain your personal information for as long as necessary to: • Provide you with our Service • Comply with legal obligations • Resolve disputes and enforce agreements • Maintain security and prevent fraud **Retention Periods** • Account information: Retained while your account is active and for 30 days after deletion request • Transaction records: Retained for 7 years for tax and legal purposes • Usage logs: Retained for 90 days • Marketing preferences: Retained until you withdraw consent **Data Deletion** You may request deletion of your account and personal data at any time by contacting us at privacy@kelaax.com. Some information may be retained as required by law or for legitimate business purposes.

Depending on your location, you may have certain rights regarding your personal information: **Access and Portability** • Request access to your personal data • Receive a copy of your data in a portable format **Correction and Deletion** • Request correction of inaccurate information • Request deletion of your personal data **Restriction and Objection** • Object to processing of your data • Request restriction of processing **Marketing Communications** • Opt-out of marketing emails at any time • Manage notification preferences in your account **Cookie Preferences** • Adjust cookie settings through your browser • Use our cookie consent tool to manage preferences To exercise these rights, contact us at privacy@kelaax.com. We will respond within 30 days.

We use cookies and similar technologies to enhance your experience: **Essential Cookies** Required for the website to function properly. These cannot be disabled. **Performance Cookies** Help us understand how visitors interact with our website to improve user experience. **Functional Cookies** Remember your preferences and settings across sessions. **Analytics Cookies** Used to analyze website traffic and usage patterns. We use privacy-focused analytics. **Managing Cookies** Most browsers allow you to control cookies through settings. However, disabling cookies may affect website functionality.

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place: • Standard contractual clauses approved by relevant authorities • Adequacy decisions where applicable • Other legally recognized transfer mechanisms By using our Service, you consent to the transfer of your information to countries outside your residence.

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and become aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by: • Posting the new Privacy Policy on this page • Updating the "Last updated" date • Sending you an email notification (for significant changes) We encourage you to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

If you have any questions about this Privacy Policy or our data practices, please contact us: **Privacy Inquiries** Email: privacy@kelaax.com **General Support** Email: support@kelaax.com **Data Protection Officer** Email: dpo@kelaax.com We aim to respond to all privacy-related inquiries within 30 days.