Privacy Notice

Effective Date: December 19, 2025

Last Updated: December 26, 2025

Covered Applications

This policy applies to all applications powered by the Pixel Point ERP Platform, including:

• Hula Market (Consumer Marketplace)
• Pixel Point POS (Merchant Point-of-Sale Application)
• Pixel Point Terminal (Store Checkout Application)
• Other current and future Pixel Point-powered applications

At the Pixel Point ERP Platform (operated by Continuum Technologies), we take your privacy very seriously. This Privacy Notice explains how we collect, use, process, and protect your personal and business data when you use applications powered by our platform, including e-commerce marketplaces, point-of-sale systems, terminals, and related services. We are committed to maintaining transparency and complying with international data protection regulations including GDPR, CCPA, and local privacy laws.

1. Information We Collect

A. Personal Information

Name and contact details (email, phone, physical address)
Account login credentials and security questions
Date of birth and government-issued ID (for verification)
Shipping and billing addresses
Payment information (processed securely via PCI-DSS compliant systems)

B. Business Information (For Sellers)

Business name, registration number, and tax identification
Business address and phone number
Bank account details for payout processing
Seller agreement documentation and terms acceptance

C. Transaction and Order Data

Purchase history and order details
Product browsing and wishlist activity
Payment transaction history and invoice records
Customer reviews and ratings submitted by users
Support tickets and communication records

D. Technical and Usage Data

IP address, device type, operating system, and browser information
Cookies, pixel tags, and similar tracking technologies
Pages visited, time spent, clicks, and interactions
Device identifiers and mobile analytics data
Referral source and attribution data

E. Optional Information

Product images, descriptions, and marketing materials you upload
Customer feedback and communication preferences
Social media profiles (if you link your account to social platforms)

2. How We Use Your Information

A. Service Provision and Operations

We use your information to:

Create and maintain your platform account
Process purchases and deliver orders
Process payments and handle refunds/disputes
Manage seller inventory, orders, and fulfillment
Provide customer support and resolve complaints

B. Communication and Marketing

We may send you:

Order confirmations, shipping updates, and delivery notifications
Account security alerts and password reset requests
Promotional emails and marketing communications (with your consent)
Product recommendations based on your browsing history
Newsletters and updates about new features or services

C. Analytics and Improvement

We use your data to:

Analyze how users interact with platform applications
Personalize your shopping experience
Improve our platform, features, and services
Conduct A/B testing and user research
Generate anonymized market insights and trends

D. Security and Legal Compliance

We use your information to:

Detect, prevent, and address fraud and unauthorized transactions
Protect against malware, security breaches, and cyber attacks
Enforce our Terms and Conditions and other agreements
Comply with legal obligations, court orders, and government requests
Tax reporting and regulatory compliance

2B. Biometric Data & Facial Recognition

⚠️ Biometric Data Notice

Some platform applications may collect biometric data for security and authentication purposes. This collection is STRICTLY OPTIONAL and requires your explicit consent.

What Biometric Data We May Collect

Facial Recognition Data
For secure login, identity verification, and fraud prevention (Pixel Point POS seller authentication)
Fingerprint Data
For biometric authentication on supported devices (optional)
Voice Patterns
For voice-activated commands and customer service verification (if enabled)

How We Use Biometric Data

• Secure account access and authentication
• Fraud prevention and seller verification
• Age verification for restricted products (alcohol, tobacco)
• Contactless checkout experiences (Pixel Point Terminal)

Your Rights Regarding Biometric Data

✓ Biometric data collection is OPTIONAL - you can decline without losing access to basic platform services
✓ You can delete your biometric data at any time via Account Settings → Privacy → Biometric Data
✓ Biometric data is stored encrypted and never shared with third parties
✓ Data is deleted automatically after 3 years of inactivity or upon account closure

2C. Location Data & Geolocation

We collect location data to provide location-based services, optimize delivery, and improve your experience.

Types of Location Data Collected

Precise GPS Location
With your explicit permission (for delivery tracking, nearby stores, local products)
Approximate Location
Based on IP address (for regional pricing, currency, language)
Shipping and Billing Addresses
Provided during checkout for order fulfillment
Store Location Data
For Pixel Point POS/Terminal users (to route orders to nearest fulfillment center)

How We Use Location Data

• Calculate accurate shipping costs and delivery estimates
• Show nearby pickup points and physical stores
• Display region-specific products, pricing, and availability
• Fraud detection (flagging unusual location patterns)
• Delivery driver navigation and route optimization
• Compliance with regional tax and regulatory requirements

Controlling Location Permissions

You can manage location permissions through your device settings (iOS: Settings → Privacy → Location Services | Android: Settings → Location). Disabling location may limit certain features like local product search and accurate delivery estimates.

2D. Artificial Intelligence & Machine Learning

We use AI and machine learning technologies to enhance your experience, improve security, and optimize platform operations.

AI-Powered Features

Personalized Product Recommendations
ML models analyze your browsing history, purchases, and preferences to suggest relevant products
Dynamic Pricing Optimization
AI adjusts pricing based on demand, inventory, and market conditions
Fraud Detection & Prevention
ML algorithms detect suspicious patterns, unusual transactions, and account takeovers
Search & Discovery Enhancement
Natural language processing (NLP) improves search accuracy and product discovery
Chatbot Customer Support
AI-powered chatbots handle common queries and route complex issues to human agents
Image Recognition
Visual search, automatic product tagging, and content moderation
Demand Forecasting
Predicting inventory needs and optimizing supply chain logistics

Data Used in AI/ML Models

• Browsing patterns, clicks, and session data
• Purchase history and cart activity
• Product views, ratings, and reviews
• Search queries and filters applied
• Device information and network data
• Aggregated, anonymized user behavior data

Your Control Over AI Processing

You have the right to:

✓ Opt out of personalized recommendations (Account Settings → Privacy → Personalization)
✓ Request human review of automated decisions that significantly affect you
✓ Understand the logic behind automated decisions (subject to trade secret protections)
✓ Object to profiling for direct marketing purposes

2E. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. For full details, see our Cookie Policy.

Types of Cookies We Use

Essential Cookies (Required)
Session management, authentication, shopping cart, security
Performance Cookies (Optional)
Analytics, user behavior tracking, A/B testing (Google Analytics, Mixpanel)
Functional Cookies (Optional)
Preferences, recently viewed items, language settings
Advertising Cookies (Optional)
Personalized ads, retargeting, conversion tracking (Facebook Pixel, Google Ads)

Managing Cookie Preferences

You can manage your cookie preferences through our cookie consent banner (shown on first visit) or via Account Settings → Privacy → Cookie Preferences. You can also control cookies through your browser settings, though this may limit platform functionality.

3. How We Share Your Data

A. Service Providers

We share data with third-party service providers who help us operate the platform, including:

Payment processors and financial institutions
Shipping and logistics partners
Email and communication service providers
Cloud hosting and storage providers
Analytics and fraud detection services

B. Sellers and Buyers

To complete transactions, we share:

Buyer names, email, and shipping address with sellers (for order fulfillment)
Seller business information with buyers (upon request)
Customer reviews and ratings are public on product pages

C. Legal Requirements

We may disclose your information if required by law, such as responding to court orders, government requests, or law enforcement inquiries. We will provide notice when legally permitted.

3B. Third-Party Vendors & Subprocessors List

We work with trusted third-party vendors and subprocessors to deliver platform services. All vendors sign Data Processing Agreements (DPAs) and comply with GDPR, CCPA, and applicable data protection laws.

Payment Processing

Stripe, Inc.
Payment processing, fraud detection | Data: payment card info, transaction details | Location: USA (Privacy Shield certified)
Safaricom M-Pesa
Mobile money transactions | Data: phone number, transaction amount | Location: Kenya
PayPal Holdings, Inc.
Alternative payment method | Data: email, payment info | Location: USA/EU

Cloud Infrastructure & Hosting

Amazon Web Services (AWS)
Cloud hosting, database, file storage | Data: all platform data | Locations: EU (Ireland), USA
Cloudflare, Inc.
CDN, DDoS protection, DNS | Data: IP address, cookies | Location: Global network

Analytics & Monitoring

Google LLC (Google Analytics)
Website analytics, user behavior | Data: cookies, IP address, device info | Location: USA
Mixpanel, Inc.
Product analytics, funnel tracking | Data: user actions, events | Location: USA
Hotjar Ltd.
Heatmaps, session recordings | Data: mouse movements, clicks | Location: EU (Malta)

Communication & Email

SendGrid (Twilio Inc.)
Transactional emails, order notifications | Data: email address, name | Location: USA
Twilio Inc.
SMS notifications, 2FA codes | Data: phone number, messages | Location: USA
Intercom, Inc.
Customer support chat | Data: email, messages, browsing history | Location: USA

Advertising & Marketing

Meta Platforms, Inc. (Facebook/Instagram Pixel)
Ad targeting, conversion tracking | Data: cookies, browsing behavior | Location: USA/EU
Google LLC (Google Ads)
Display advertising, remarketing | Data: cookies, ad interactions | Location: USA
TikTok Pte. Ltd.
Video ad campaigns | Data: device ID, ad engagement | Location: Singapore/USA

Logistics & Shipping

DHL Express
International shipping | Data: name, address, phone, package details | Location: Germany/Global
Kenya Courier Services Ltd.
Local delivery | Data: delivery address, phone | Location: Kenya
Posta Kenya
Standard mail delivery | Data: postal address | Location: Kenya

Security & Fraud Prevention

Sift Science, Inc.
Fraud detection, risk scoring | Data: transaction patterns, device fingerprints | Location: USA
reCAPTCHA (Google LLC)
Bot detection | Data: IP address, mouse movements | Location: USA

ℹ️ Vendor List Updates

This list is current as of the "Last Updated" date above. We may add, remove, or change vendors as needed to improve platform services. For the most current vendor list, visit: hulamarket.co.ke/legal/vendor-list

4. Data Security and Protection

A. Security Measures

The platform implements comprehensive security measures including:

256-bit SSL/TLS encryption for data in transit
PCI-DSS compliance for payment card data handling
AES-256 encryption for data at rest
Regular security audits and penetration testing
Multi-factor authentication (MFA) for account access
Intrusion detection and prevention systems
Regular security patches and updates

B. Limitations

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security and you use platform applications at your own risk. We recommend:

Using a strong, unique password for your account
Never sharing your login credentials with others
Enabling two-factor authentication
Immediately reporting suspicious activity

5. Your Privacy Rights

A. Access and Portability

You have the right to request a copy of all personal data we hold about you in a portable, machine-readable format.

B. Correction and Deletion

You can request to correct inaccurate information or delete your account and associated data. We will honor deletion requests unless we are required to retain data for legal or regulatory reasons.

C. Opt-Out

You can opt-out of marketing communications by clicking "Unsubscribe" in any email or managing preferences in your account settings. Opting out will not affect transactional communications.

D. Cookies and Tracking

You can control cookie settings in your browser. Note that disabling cookies may affect platform application functionality. We respect "Do Not Track" signals where feasible.

6. Data Retention

We retain your data for the following periods:

Account data: For the duration of your account + 2 years after termination
Transaction records: 7 years (for tax and audit requirements)
Marketing communications: Until you unsubscribe or delete account
Support tickets: 3 years for reference and dispute resolution
Cookies: Up to 2 years depending on type

7. Children's Privacy

Platform applications are not intended for children under 13 years old. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will delete it immediately. Parents or guardians who believe their child has provided information through platform applications should contact us at privacy@hulamarket.co.ke.

8. International Data Transfers

Your data may be transferred, stored, and processed in countries other than your country of residence. We ensure that international transfers comply with applicable data protection laws, including adequacy decisions or standard contractual clauses.

9. Third-Party Links and Services

Platform applications may contain links to third-party websites and services. This Privacy Notice does not apply to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies before sharing information.

10. Changes to This Privacy Notice

The Pixel Point ERP Platform reserves the right to update this Privacy Notice at any time. Changes will be effective immediately upon posting. We will notify you of significant changes via email or a prominent notice on our website. Your continued use of platform applications following changes constitutes your acceptance of the updated Privacy Notice.

12. GDPR and CCPA Rights

A. GDPR Rights (for EU residents)

If you are located in the EU, you have the following rights:

Right to Access: Request a copy of your personal data and how it's being used
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure (Right to be Forgotten): Request deletion of your personal data under certain circumstances
Right to Restrict Processing: Limit how we use your data in certain situations
Right to Data Portability: Receive your data in a portable, machine-readable format
Right to Object: Object to our processing of your data for marketing, analytics, or other purposes
Right to Lodge a Complaint: Contact your local data protection authority if you believe we've violated your rights

B. CCPA Rights (for California residents)

If you are a California resident, you have the following rights:

Right to Know: Request what personal information we collect, use, and share
Right to Delete: Request deletion of personal information collected from you
Right to Opt-Out: Opt-out of the sale or sharing of your personal information
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use: Limit how we use your sensitive personal information

C. How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@hulamarket.co.ke with "Data Subject Request" in the subject line. Include details about your request and proof of identity. We will respond within the timeframe required by applicable law (typically 30 days).

D. Kenya Data Protection Act Compliance (for Kenyan residents)

As a platform operating in Kenya, we comply with the Kenya Data Protection Act, 2019. Kenyan residents have rights including:

Right to Access: Request information about your personal data we hold
Right to Correction: Request correction of inaccurate personal data
Right to Deletion: Request deletion of your personal data (subject to legal retention requirements)
Right to Object: Object to processing of your data for direct marketing or other purposes
Right to Data Portability: Request transfer of your data to another service provider
Right to Withdraw Consent: Withdraw consent for data processing at any time
Right to Lodge Complaint: File a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe your rights have been violated

🇰🇪 Kenya Data Protection Commissioner Contact

Office of the Data Protection Commissioner (ODPC)

Email: complaints@odpc.go.ke

Website: www.odpc.go.ke

Phone: +254 (0) 20 2962222

13. Data Breach Notification

In the event of a security breach that affects your personal data, we will:

Notify you without unreasonable delay (typically within 72 hours of discovery)
Provide information about the breach, affected data, and steps we're taking to remediate it
Notify relevant regulatory authorities as required by law
Offer credit monitoring or identity theft protection services if appropriate

14. Automated Decision-Making and Profiling

We use automated systems for certain decisions, including:

Fraud detection and prevention
Seller account verification and risk assessment
Personalized product recommendations
Credit evaluation for Hula financing options

If you believe an automated decision has been made about you, you have the right to request human review and contestation of such decisions. Contact us at privacy@hulamarket.co.ke for more information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Notice or our privacy practices:

Privacy Team

Email: privacy@hulamarket.co.ke

Data Protection Officer: dpo@hulamarket.co.ke

Address: Continuum Technologies, 11011-00111 GPO Nairobi

Support Portal: support.hulamarket.co.ke

We aim to respond to all data privacy requests within 30 days.