Privacy

Privacy Policy

Effective date: September 6, 2025

Hirall respects your privacy. This policy explains what information we collect, why we collect it, how we use it, and the choices you have. It applies to Hirall's website, apps, and services ("Services"). We aim to be transparent: we collect only what we need to operate and improve the Services, we don't sell personal data, and you can request access, correction, or deletion of your personal information. Below are details and examples so you know exactly how we handle data.

Information we collect

Personal information. Information you give us when creating an account, subscribing, purchasing, or contacting support — for example, name, email address, phone number, billing and shipping details. Payment data is processed by our payment partners; we retain limited metadata (transaction IDs, timestamps) for support and compliance.

Usage & device data. Automatically-collected information such as IP address, device and browser type, operating system, pages visited, actions taken, referral source, and timestamps. This helps us debug issues, analyze trends, and improve performance.

Cookies & tracking. We use cookies, local storage, and pixels to remember preferences, keep you signed in, measure performance, and serve basic analytics. Browser controls let you limit cookies, but some features may be affected.

Third party data. If you connect through a social login or integration, we may receive profile information you've allowed the provider to share.

How we use information

We use personal data only for limited purposes:

  • Deliver & operate the Services: authenticate accounts, process transactions, deliver digital products, and manage subscriptions.
  • Improve the product: run analytics, A/B tests, and product research to prioritize features and fix bugs.
  • Communicate: send transactional messages (receipts, security notifications) and optional marketing messages when you opt in.
  • Safety & compliance: detect abuse, enforce our Terms, and respond to lawful requests.

We minimize storing sensitive fields and use aggregated or anonymized data for reporting whenever possible.

Sharing

We do not sell personal information. We share data only with:

  • Service providers: companies that help run our Services (payments, hosting, email, analytics, and support).
  • Legal & safety: authorities when required by law or to protect people and property.
  • Business transfers: in connection with a sale, merger, or reorganization — purchasers will be bound to honor the privacy commitments in place.

We use contracts and technical safeguards to protect data shared with third parties and prefer vendors who meet recognized privacy and security standards.

Security

We maintain industry-standard safeguards: TLS for data in transit, access controls, logging, and periodic security reviews. Sensitive data is encrypted where feasible. Staff access is limited by role and necessity.

If a security incident occurs, we will investigate, contain the issue, and notify affected users and regulators as required. Tips to stay safe: enable strong passwords, consider a password manager, and be cautious of phishing messages.

International transfers

Hirall operates globally and uses providers that may store or process data in other countries. We implement contractual safeguards (e.g., standard contractual clauses) and other measures as required to protect personal data transferred across borders. Using the Services implies consent to these transfers where applicable.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data. You can also withdraw consent where processing is based on it. To exercise these rights, email hirallblog@gmail.com. We will verify requests as necessary and respond within applicable legal timeframes.

Data retention

We retain personal data only as long as needed to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Transaction records are kept for accounting purposes; support conversations are retained for reasonable service continuity. When data is no longer needed we delete or anonymize it.

Children

Our Services are not directed at children under 13. We do not knowingly collect personal information from children under 13; if we learn we have collected such data without parental consent, we will promptly delete it. Contact hirallblog@gmail.com if you believe a child under 13 has provided information.

Third-party links & services

We may link to third-party sites or embed third-party features. Those services have separate privacy policies and practices — review them before sharing personal information. Examples include social logins, analytics platforms, and embedded content.

Changes to this policy

We may update this policy to reflect operational, legal, or technical changes. When changes are material, we will notify users by email or via the Services and update the effective date. Continued use constitutes acceptance of the new policy.

Governing law

This Privacy Policy is governed by the laws of Kenya. Disputes will be resolved in Kenya's courts, subject to any non-waivable rights under applicable law.

Contact

Questions, requests, or privacy concerns? Email our privacy team at hirallblog@gmail.com. For urgent security matters, include "URGENT: Security" in the subject line to help us prioritize.

© 2025 Hirall. All rights reserved.