1. Who we are

This privacy policy describes how Fayvad Geosolutions Ltd (“we”, “us”) collects, uses, stores, and shares personal information when you use the F-Kadiri Solution — including our web application and mobile application — and related services (together, the “Service”). The Service is operated for professional land valuation, field data capture, reporting, and organization-managed workflows.

Data controller / contact: Fayvad Geosolutions Ltd. Privacy-related questions: info@fayvad.com. If you access the Service through your employer or client organization, that organization may also process your data as a separate controller for its own purposes (for example user administration and billing).

2. Information we collect

Depending on how you use the Service, we may process:

• Account and profile data: identifiers such as username and email; authentication credentials (passwords are stored using industry-standard hashing on our servers); name; role; organizational affiliation; work contact details (e.g. phone); employee identifiers where your organization uses them; optional profile preferences; optional images such as a digital signature stored for your profile where enabled.
• Device and sync metadata: technical identifiers associated with your device or installation (for example to support secure sessions, diagnostics, or sync), timestamps such as last synchronization, and similar operational metadata needed to run offline-first and sync features.
• Field and valuation data you submit: property and parcel identifiers; location and boundary information (including GPS coordinates and mapped geometries); photographs and attachments; PDF and other documents; sketches and feature data (e.g. buildings, vegetation where captured); valuation inputs and outputs; signatures captured in workflows; notes and structured form data entered in the app or web UI. Photos and location-enabled capture may include embedded location or time metadata where permitted by your device settings.
• Payment-related data: when your organization purchases credits or pays through integrated flows, we and our payment partners process transaction references, amounts, status, and limited identifiers needed to confirm payment (for example M-Pesa / mobile money references via our payment integration). We do not ask the mobile app to collect full card numbers for these flows.
• Technical and security data: server and application logs (e.g. IP address, timestamps, error diagnostics), security tokens where you use API access, and similar data needed to protect the Service.
• Locally on your mobile device: the app may store authentication tokens, preferences, downloaded city bundles or help content, and a local database (including items queued before upload) in device storage. Some capture steps use on-device tools (for example document scanning assistance); processed assets you choose to save are synced to our servers according to your actions and permissions.

3. How we use your information

We use the above information to:

• Provide, operate, and improve the Service (including web and mobile).
• Authenticate users, enforce access controls, and associate activity with the correct organization and roles.
• Enable field capture, mapping, documentation, valuation workflows, reporting, and synchronization between devices and our servers.
• Process billing, credits, and payment confirmations where applicable.
• Maintain security, prevent abuse, debug issues, and comply with legal obligations.
• Communicate with you or your organization about the Service where necessary (e.g. support, important notices).

Where the Service is provided under contract with your organization, we also process data as necessary to perform that contract. Some processing may rely on legitimate interests (such as securing our systems and improving reliability), balanced against your rights. Where required by law, we will obtain consent (for example for optional communications or certain cookies on the website).

4. Sharing and subprocessors

We may share information with:

• Your organization: other users, supervisors, and administrators within the same customer organization may see property data, assignments, and reports according to permissions configured in the Service.
• Service providers: hosting, infrastructure, email, analytics, or support vendors who process data on our instructions under appropriate agreements.
• Payment providers: our integrated payment / mobile money partners (e.g. F-Pay and M-Pesa rails) receive the data required to initiate and confirm payments.
• Map and imagery providers: when you use map features, map tiles, routing, or geocoding may be provided by third parties (such as Google Maps on Android where configured, and other tile or basemap providers). Those providers may receive requests that include approximate map viewport or coordinates needed to render maps. Their use is subject to their own terms and privacy notices.
• Authorities: where required by law, court order, or to protect rights, safety, and integrity.

We do not sell your personal information. We do not use it for third-party advertising in the Service.

5. International transfers

Our servers and subprocessors may be located in Kenya or other countries. Where personal data is transferred across borders, we take steps consistent with applicable law (for example appropriate safeguards or contractual clauses where required).

6. Retention

We retain information for as long as needed to provide the Service, meet legal, tax, and accounting obligations, resolve disputes, and enforce agreements. Retention periods may depend on your organization’s contract and the nature of valuation records. Local copies on your device may remain until you uninstall the app or clear data; server-side deletion is governed by our retention rules and your organization’s instructions where applicable.

7. Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit (HTTPS) for connections to our API and web application, access controls, and secure handling of credentials. No method of transmission or storage is completely secure; please use strong passwords and protect your device.

8. Your rights

Depending on applicable law (including Kenya’s Data Protection Act and, where relevant, other frameworks), you may have rights to access, correct, delete, or restrict processing of your personal data, object to certain processing, or lodge a complaint with a supervisory authority. Because many accounts are managed by an employer, we may ask you to submit requests through your organization’s administrator where that reflects how your account was created. You may also contact us at info@fayvad.com.

Deletion requests: Instructions for asking us to delete your personal data (including a direct email link) are on our data deletion page.

9. Children

The Service is intended for professional use and is not directed at children. We do not knowingly collect personal information from children.

10. Mobile app permissions

The Android app requests only the permissions needed for its features. These may include network access, location (for mapping and geotagged capture), camera and storage (for photos and documents), phone identifiers where required by integrated plugins for device identification or telephony-related features, and other standard permissions declared in the app manifest. You can review or revoke permissions in your device settings; some features will not work without them.

11. Changes

We may update this policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may be communicated through the Service or by other appropriate means.