Privacy Policy

1. Who we are

XecureMind is a digital risk protection platform built for East African businesses. We monitor digital environments for brand impersonation, fake accounts, lookalike domains, and executive fraud — and take action to protect our clients.

Our registered address and primary place of operation is Nairobi, Kenya. For privacy-related enquiries, contact us at privacy@xecuremind.com.

2. What data we collect

Information you provide directly

• Name, email address, phone number, and company name when you register or contact us
• Brand information (social handles, domains, executive names) provided for monitoring purposes
• Communications you send us via email, WhatsApp, or the contact form
• Payment information processed via our payment provider (we do not store card details)

Information collected automatically

• IP address, browser type, device type, and operating system
• Pages visited, time spent, and actions taken on our website and dashboard
• Cookies and similar tracking technologies (see Section 7)

Information we collect on your behalf

• Publicly available data about threats impersonating your brand — fake social media accounts, lookalike domains, suspicious content referencing your brand name or executives
• This data is collected solely to deliver our monitoring and protection service to you

3. How we use your data

We use the information we collect to:

• Deliver and improve our digital risk protection services
• Monitor for threats targeting your brand as instructed by you
• Send you threat alerts, reports, and service notifications
• Respond to your enquiries and provide customer support
• Process payments and manage your subscription
• Comply with legal obligations applicable in Kenya and East Africa
• Improve and develop our platform based on usage patterns

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. How we share your data

We share your data only in the following limited circumstances:

• Service providers: We use Supabase for data storage and infrastructure. They process data on our behalf under strict confidentiality obligations.
• Platform operators: When filing takedown requests on your behalf, we share only the evidence necessary to process the removal request with the relevant platform (Meta, Google, TikTok, etc.).
• Legal requirements: We may disclose data if required by Kenyan law, court order, or regulatory authority.
• Business transfer: In the event of a merger or acquisition, your data may be transferred to the new entity under the same privacy protections.

5. Data storage and security

Your data is stored on secure servers provided by Supabase, with infrastructure located in accordance with their data residency policies. We implement industry-standard security measures including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Role-based access controls — only authorised XecureMind staff can access client data
• Regular security reviews and access audits
• Secure authentication for all platform access

While we take reasonable steps to protect your data, no system is completely immune to security risks. We will notify affected clients promptly in the event of a data breach that affects their information.

6. Data retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account and profile data: retained while your subscription is active, and for 12 months after termination
• Threat reports and case records: retained for 24 months to support legal escalation if needed
• Contact form submissions: retained for 12 months
• Payment records: retained for 7 years as required by Kenyan tax law

You may request deletion of your data at any time by contacting privacy@xecuremind.com.

7. Cookies

Our website uses cookies to improve your experience. We use:

• Essential cookies: Required for the platform to function — authentication, session management, security.
• Analytics cookies: Help us understand how visitors use our site so we can improve it. We use privacy-respecting analytics only.

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

8. Your rights

As a user of XecureMind, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request that we correct inaccurate or incomplete data
• Deletion — request that we delete your personal data, subject to legal retention requirements
• Portability — request your data in a structured, machine-readable format
• Objection — object to specific uses of your data
• Withdrawal of consent — withdraw consent for data uses based on consent at any time

To exercise any of these rights, contact us at privacy@xecuremind.com. We will respond within 30 days.

9. Children's privacy

XecureMind is a business-to-business service. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

10. Third-party links

Our platform and reports may contain links to third-party websites or platforms. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

11. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We will notify active clients of material changes via email at least 14 days before they take effect. The date at the top of this page reflects the most recent update.

12. Governing law

This Privacy Policy is governed by the laws of Kenya, including the Data Protection Act, 2019. Any disputes arising from this policy shall be subject to the jurisdiction of the courts of Kenya.