Privacy Policy

This Privacy Policy explains how EnglishCompanion ("we", "us", or "our"), a product operated by Wazo Smart Systems Ltd ("the Company"), collects, uses, and protects information about you when you use our website at app.englishcompanion.co.ke and related services (collectively, "the Service").

We are committed to protecting your personal data in accordance with the Kenya Data Protection Act, 2019.

1. Who We Are

Wazo Smart Systems Ltd is a limited company registered in Kenya. EnglishCompanion is an online exam preparation platform helping students prepare for IELTS, NCLEX-RN, and similar standardised examinations.

2. What Information We Collect

2.1 Information you provide directly

• Account information: name, email address, and password (encrypted) when you register
• Profile information: optional details such as your target exam date, study goals, and preferred track (IELTS or NCLEX)
• Payment information: when you purchase a course, we collect payment confirmation through our payment processors (M-Pesa, Stripe). We do not store your card numbers or full M-Pesa transaction details on our servers
• Study activity: your answers to practice questions, quiz scores, lesson progress, and time spent on the platform
• Communications: messages you send us, support requests, and feedback

2.2 Information collected automatically

• Device information: device type, browser type, operating system
• Usage data: pages visited, features used, time of access, IP address (used only for security and abuse prevention)
• Cookies and similar technologies: see Section 6

2.3 Information from third parties

If you sign in using Google, we receive your name, email address, and profile picture from Google. We do not access your contacts, Drive, calendar, or any other Google services. You can revoke this access at any time via your Google Account permissions.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process enrolments, payments, and refunds
• Personalise your study experience (e.g., showing you questions you haven't seen, adapting difficulty)
• Communicate with you about your account, purchases, course updates, and support requests
• Send you optional marketing communications (which you can unsubscribe from at any time)
• Detect, prevent, and address fraud, abuse, security issues, and technical problems
• Comply with our legal obligations under Kenyan law

We do not sell your personal data. We do not share your information with third parties for advertising purposes.

4. Legal Basis for Processing

Under the Kenya Data Protection Act, 2019, our legal bases for processing your data are:

• Contractual necessity: to provide the Service you signed up for
• Consent: where you've explicitly agreed (e.g., to marketing emails)
• Legitimate interests: to improve our Service, prevent fraud, and ensure security
• Legal obligation: where required by Kenyan law

5. Where Your Data Is Stored

Your data is stored using Supabase, a database hosting provider whose servers are located in the European Union (Ireland). This means your data crosses international borders. Supabase complies with international data protection standards, including GDPR.

By using the Service, you consent to this international transfer. We use industry-standard encryption (TLS in transit, encryption at rest) to protect your data.

6. Cookies and Tracking

We use the following types of cookies:

• Essential cookies: required for authentication, session management, and security (cannot be disabled)
• Analytics cookies: anonymous data about how users interact with the Service, used to improve features. We use Vercel Analytics, which does not track individual users

We do not use third-party advertising cookies or tracking pixels.

7. How We Share Your Information

We share your information only in these limited situations:

• Service providers: with companies that help us operate the Service (Supabase for hosting, Vercel for deployment, Stripe and M-Pesa for payments, Anthropic and OpenAI for AI features). These providers are contractually required to protect your data and use it only for our purposes.
• Legal requirements: if required by court order, subpoena, or to comply with Kenyan law
• Business transfers: if Wazo Smart Systems Ltd is acquired or merges with another entity, your data may be transferred (you will be notified)
• With your consent: in any other case, only with your explicit permission

8. AI and Automated Decision-Making

EnglishCompanion uses artificial intelligence (AI) services from Anthropic and OpenAI to provide features such as essay feedback, speaking response evaluation, and study coaching. When you submit content for AI feedback:

• Your submission is sent to the AI provider's servers for processing
• The AI providers may store the data temporarily as part of their normal operations, but do not use it to train their models when accessed via our API integration
• The feedback you receive is generated automatically and should not be considered a substitute for professional advice from a qualified educator

You can opt out of using AI features by not submitting content to them. Your account will still function normally.

9. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to keep it for legal, accounting, or tax purposes (typically up to 7 years in Kenya).

Anonymous, aggregated data (e.g., overall question statistics) may be retained indefinitely as it does not identify you personally.

10. Your Rights

Under the Kenya Data Protection Act, 2019, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data ("right to erasure"), subject to our legal obligations
• Restrict how we process your data
• Object to certain types of processing (e.g., marketing)
• Data portability: receive your data in a structured, machine-readable format
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with the Office of the Data Protection Commissioner of Kenya (odpc.go.ke)

To exercise any of these rights, contact us at privacy@englishcompanion.co.ke. We will respond within 30 days.

11. Children's Privacy

The Service is intended for users 16 years and older. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us immediately and we will delete it.

12. Security

We use industry-standard measures to protect your data, including:

• HTTPS/TLS encryption for all data in transit
• Encrypted database storage
• Hashed passwords (bcrypt)
• Regular security updates and dependency monitoring
• Access controls limiting who in our team can see user data

No system is completely secure, however. If we become aware of a data breach affecting your information, we will notify you within 72 hours as required by the Kenya Data Protection Act.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If the changes are significant, we will notify you by email or through a notice on the Service.

14. Contact Us

→ Read our Terms of Service

← Back to EnglishCompanion