LEGAL

Privacy Policy

How Michael Thuita Limited collects, uses, and protects your data across all Thuita products and services. Last updated: March 2026.

1. Who We Are

Michael Thuita Limited (“Thuita”, “we”, “us”, “our”) is a technology company registered in Kenya that builds agentic products, AI workflow engines, and automation tools for founders, creators, and organisations. Our products are operated through thuita.com and its associated subdomains.

For any privacy-related enquiries, contact us at: admin@thuita.com

2. What We Collect

Depending on the product you use, we may collect the following categories of data:

  • Identity data — name, phone number, email address
  • Business data — business type, preferences and context you share during onboarding or within a product
  • Financial data (Thuita Finance / WhatsApp Accountant) — expense descriptions, amounts, income records, and categories that you enter into the system. This data is provided entirely by you.
  • Conversation data — messages you send to our AI agents via WhatsApp or other interfaces, processed in real time to deliver the service
  • Payment data — subscription status, payment reference numbers. We do not store card numbers or payment credentials — these are handled directly by our payment processor.
  • Technical data — IP address, browser type, device type, usage logs, and performance metrics
  • Communications — emails, support messages, or other direct communications you send us

We collect only what is necessary to deliver and improve our services. We do not collect data passively through advertising trackers.

3. How We Use Your Data

  • To deliver, maintain, and improve our products and services
  • To process payments and manage your subscription
  • To send service-related communications (e.g. verification codes, OTP, payment receipts, product updates)
  • To analyse usage patterns and improve AI accuracy — always in aggregate, never at the individual level for advertising
  • To detect, prevent, and address fraud or security issues
  • To comply with legal and regulatory obligations

We do not sell your data to third parties. Ever.

4. Third-Party Service Providers

We work with third-party infrastructure and service providers to operate our products. These providers process only the data strictly necessary for their specific function (e.g. messaging delivery, payment processing, hosting). We do not share your data with third parties for advertising or marketing purposes.

All providers we engage are contractually required to handle data securely and in accordance with applicable privacy laws. We review and update our provider relationships as our infrastructure evolves.

5. Data Retention

  • Account and profile data is retained while your account is active
  • Financial records (expenses, income) are retained until you request deletion
  • Conversation history with AI agents uses a rolling active-memory window; we do not maintain indefinite logs of all messages
  • Session and cache data expires automatically (typically within 24 hours)
  • After account deletion, personal data is removed within 30 days. Some data may be retained longer where required by law (e.g. accounting records).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data — see our Data Deletion page
  • Restrict or object to certain processing
  • Withdraw consent at any time where processing is consent-based
  • Lodge a complaint with your relevant data protection authority

To exercise any of these rights, contact admin@thuita.com.

7. Security

We take security seriously, particularly given that our products handle financial data. Measures we apply include:

  • Encryption in transit (TLS) for all data
  • Cryptographically hashed one-time codes for statement and sensitive page access
  • Role-based database access controls — only the minimum necessary access is granted
  • Short-lived session tokens that expire automatically
  • Multi-factor verification for accessing financial statement views

No system is 100% secure. If you believe your account has been compromised, contact us immediately at admin@thuita.com.

8. Children

Our services are not directed to anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has provided data to us, please contact us and we will remove it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the product interface or by email where we have your contact details. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

10. Contact

Michael Thuita Limited
Nairobi, Kenya
admin@thuita.com