Privacy Policy

Dewlon Systems is a technology company based at Imara Daima, Nairobi, Kenya. We specialise in custom software development, mobile application development, web design and development, cloud solutions, API development, DevOps, UI/UX design, quality assurance, IT consulting, and related digital services. We serve businesses across Kenya and East Africa, as well as international clients who engage us for Kenya-market technology projects.

For the purposes of applicable data protection law, including the Kenya Data Protection Act of 2019, Dewlon Systems is the data controller responsible for your personal information collected through this website and through the delivery of our services. This means we are the organisation that determines the purposes and means by which your personal data is processed.

Our registered address is Imara Daima, Nairobi County, Kenya. Our primary contact email for privacy matters is contact@dewlons.com. Our telephone number is +254 728 722 746. We are committed to handling all personal data in accordance with the Kenya Data Protection Act, the General Data Protection Regulation (GDPR) as a best practice standard for international clients, and any other applicable law.

We collect personal information only when it is necessary to provide our services or improve our website. Below is a detailed account of the categories of data we may collect from you, along with the circumstances in which each category is gathered.

Information You Give Us Directly

When you fill in a contact form, send us an email, request a quote, subscribe to communications, or engage us for a project, you may provide us with the following:

• Your full name
• Your email address
• Your phone number or WhatsApp number
• The name of your business or organisation
• Your job title or role
• The nature and scope of your project or enquiry
• Your preferred budget range or timeline
• Any supporting documents, briefs, or attachments you voluntarily submit
• Payment and billing information when you engage us commercially (processed securely through our payment partners and not stored on our servers)

Information We Collect Automatically

When you visit our website, certain data is collected automatically by our servers and third-party analytics tools. This information is used to understand how visitors use our site and to improve the experience. It includes:

• Your IP address (which may indicate your approximate geographic location at the city or region level)
• The type of browser you are using (for example, Chrome, Firefox, or Safari) and its version
• The operating system on your device (for example, Android, iOS, or Windows)
• The device type (desktop, laptop, smartphone, or tablet)
• The pages you visit on our site and the sequence in which you visit them
• The time and date of your visit
• The amount of time you spend on each page
• The external website or search engine that referred you to our site (the referring URL)
• Whether you clicked on any internal or external links on our pages

Information from Third Parties

In some cases we may receive information about you from third parties. This typically occurs in the following situations:

• If a business partner, referral contact, or existing client provides your details in order to introduce us for a potential project
• If you engage with our social media profiles on platforms such as LinkedIn, Twitter (X), or Facebook and those platforms share limited data with us about that interaction
• If you use a third-party scheduling tool that has been linked to our contact process

We handle all third-party-sourced data with the same standard of care as data you provide directly to us, and we use it only for the purpose for which it was shared.

We use the personal information we collect only for legitimate, specific, and clearly defined purposes. We do not use your data for any purpose that conflicts with the reason you provided it in the first place. The following table explains each use of your data, why we need it, and the legal basis on which we rely.

We will never use your personal data for automated decision-making that has a legal or similarly significant effect on you without your explicit consent. We will never sell your personal information to marketers, data brokers, or any other commercial entity for profit.

A cookie is a small text file placed on your device by a website you visit. Cookies help websites function correctly, remember your preferences, and gather analytical data about how the site is used. We use cookies and similar tracking technologies on our website for the purposes described below.

Essential Cookies

These cookies are strictly necessary for our website to function. They cannot be switched off without breaking the site. They do not collect any personal information and are set in response to actions you take such as navigating between pages or submitting a form.

Analytics Cookies

We use Google Analytics to understand how visitors interact with our site. This service collects information such as pages visited, time on site, browser type, and approximate location (at the city level only). This data is aggregated and anonymised wherever possible. Google Analytics uses its own cookies to track sessions. You can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.

Functional Cookies

These cookies remember choices you make on our site, such as your preferred language or whether you have dismissed a notification. They improve your experience but are not essential to core functionality.

How to Control Cookies

Most modern browsers allow you to view, manage, delete, and block cookies through their settings. Be aware that blocking all cookies will affect the functionality of many websites, including ours. For detailed instructions on managing cookies in your browser, refer to the help section of your specific browser.

On first visit to our website, we display a cookie consent notice that allows you to accept or decline non-essential cookies. You may update your cookie preferences at any time by clearing your browser cookies and revisiting the site.

We treat your personal information with care and discretion. We do not sell, trade, rent, or otherwise transfer your personal data to third parties for their own commercial purposes under any circumstances. We may share limited data only in the specific situations described below.

Service Providers and Subcontractors

To deliver our services effectively, we work with a small number of trusted technology providers. These include cloud hosting providers such as Amazon Web Services, email and communication tools such as Google Workspace, project management platforms, and payment processing services. Each of these providers is contractually bound to handle your data only for the purposes we instruct them on, and to maintain appropriate security standards.

Legal Requirements

We may disclose your personal information if we are required to do so by law, court order, or a legitimate request from a government authority in Kenya or another applicable jurisdiction. In such cases, we will disclose only the minimum information necessary to satisfy the legal obligation, and where legally permissible we will notify you of the request before complying.

Business Transfers

In the event that Dewlon Systems undergoes a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity as part of that transaction. Should this occur, we will notify you via email or a prominent notice on our website prior to the transfer, and the acquiring entity will be required to honour the commitments made in this Privacy Policy.

With Your Consent

We may share your information with a third party for a specific purpose if you have given us your explicit consent to do so. For example, if you request that we introduce you to a partner organisation for a service we do not offer directly, we will ask for your permission before sharing your contact details.

We retain your personal information only for as long as it is necessary to fulfil the purpose for which it was collected, unless a longer retention period is required by law or justified by a legitimate business need such as resolving disputes or enforcing agreements.

• Enquiry and contact form data: retained for up to 24 months from the date of last contact, or until you request deletion
• Client project records: retained for 7 years from project completion in accordance with Kenyan company and tax law requirements
• Invoice and billing records: retained for 7 years in compliance with the Kenya Revenue Authority requirements for financial record-keeping
• Analytics and website usage data: retained in aggregated, anonymised form indefinitely; identifiable session data is retained for no more than 14 months
• Marketing communication preferences: retained until you unsubscribe or request removal, at which point your details are removed from mailing lists within 30 days
• Security and server logs: retained for up to 90 days and then automatically purged, unless they form part of an active security investigation

When personal data is no longer required, we delete it securely from our systems and instruct any data processors we work with to do the same. Where deletion is not immediately possible (for example, because data exists in backup systems), we isolate the data from further processing until deletion is achievable.

Protecting your personal data is a responsibility we take seriously. We have implemented a range of technical and organisational measures to safeguard the information we hold against unauthorised access, accidental loss, destruction, or disclosure.

Technical Measures

• All data transmitted between your browser and our website is encrypted using TLS (Transport Layer Security), indicated by the padlock icon in your browser address bar
• Our website and client systems are hosted on AWS infrastructure, which provides enterprise-grade physical and network security
• Access to client data and internal systems is restricted to authorised Dewlon Systems personnel only, using role-based access controls
• Passwords and sensitive credentials are stored using strong cryptographic hashing and are never stored in plaintext
• We conduct regular software updates and security patches on all systems under our management
• All contact form submissions are protected by reCAPTCHA to prevent automated abuse

Organisational Measures

• All team members with access to client data are subject to confidentiality obligations
• We conduct periodic internal reviews of our data handling practices
• Third-party service providers are evaluated for security standards before being engaged
• In the event of a data breach that is likely to result in risk to your rights or freedoms, we will notify affected individuals and the relevant authority within 72 hours of becoming aware of it, in accordance with applicable law

Under the Kenya Data Protection Act 2019 and related regulations, you have a number of important rights in relation to your personal data. These rights apply to any personal information that Dewlon Systems holds about you. We explain each right below, along with how to exercise it.

To exercise any of the rights listed above, please contact us at contact@dewlons.com with the subject line "Data Rights Request." We will verify your identity before processing the request and will respond within 30 days. In some cases we may need to extend this period by a further 60 days if the request is complex or if we receive a number of requests simultaneously. We will notify you if this extension is necessary and explain the reason.

We will not charge a fee for handling a rights request unless the request is manifestly unfounded or excessive. In such cases, we may charge a reasonable administrative fee or refuse to comply with the request, and we will explain why.

Our website may contain links to external websites and resources operated by third parties, including our technology partners, social media platforms, and organisations mentioned in our portfolio or blog. These links are provided for your convenience and information only.

When you click on a link to an external site, you leave our website and your visit becomes subject to that site's own privacy policy and terms of use. Dewlon Systems has no control over and accepts no responsibility for the content, privacy practices, or security of any third-party website. We encourage you to read the privacy policy of any external site before submitting personal information to it.

Third-party services that may be embedded or referenced in our website include Google Analytics (analytics), Google reCAPTCHA (spam prevention), Google Maps (location display on our contact page), WhatsApp (communication), and social media platforms including LinkedIn, Twitter (X), and Facebook. Each of these services is subject to its own data practices.

Our website and services are directed exclusively at adults and at businesses. We do not knowingly collect, process, or store personal information from any individual under the age of 18.

If you are a parent or guardian and you believe that a minor has provided us with personal information without your knowledge or consent, please contact us immediately at contact@dewlons.com and we will take prompt steps to delete the information from our systems.

If we become aware at any point that we have inadvertently collected personal information from a person under the age of 18, we will delete it from our records as quickly as practicable and will not use it for any purpose.

Dewlon Systems is based in Kenya and primarily processes personal data within Kenya. However, some of the third-party services we use, such as AWS cloud hosting and Google Analytics, may store or process data on servers located outside Kenya, including in the United States and the European Union.

Where personal data is transferred outside Kenya, we ensure that appropriate safeguards are in place to protect your information. These safeguards may include relying on an adequacy decision (where the destination country is recognised as providing an adequate level of protection), standard contractual clauses approved by the relevant authority, or the service provider's own certification under an internationally recognised privacy framework.

If you are based in the European Union or United Kingdom and engage our services, we will handle your personal data in accordance with the General Data Protection Regulation (GDPR) as a best practice standard, even though Dewlon Systems is not an EU-based organisation. This means you benefit from the same rights and protections described in Section 08 of this policy.

We review and update this Privacy Policy periodically to reflect changes in our practices, changes in applicable law, changes in the services we offer, or changes in the technology we use. The "Last updated" date at the top of this page will always indicate when the policy was most recently revised.

If we make changes that materially affect your rights or the way we use your personal data, we will notify you by one of the following means: by posting a prominent notice on our homepage, by sending an email to the address you have provided to us, or by displaying an updated notice on this page for a reasonable period before the changes take effect.

Your continued use of our website or services after a material change to this policy constitutes acceptance of the updated terms. If you do not accept the changes, you should discontinue use of our services and contact us to request deletion of your data.

Archived versions of previous Privacy Policies are available on request. Please email contact@dewlons.com if you wish to review a prior version.

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please do not hesitate to get in touch. We aim to respond to all privacy-related enquiries within five business days.