Privacy Policy
How Papohapo collects, uses, shares and protects your personal data — in line with the Data Protection Act, 2019 (Kenya).
Effective: 16 July 2026 • Version 1.0- Who we are
- Scope of this policy
- Information we collect
- How we use your information
- Legal bases for processing
- Guest & third-party data
- How we share information
- Cookies & analytics
- Payments & the Event Wallet
- Data retention
- Security
- International transfers
- Your rights
- Children
- Changes to this policy
- Contact us
1Who we are
Papohapo (“Papohapo”, “we”, “us”, “our”) is an event planning platform and event services marketplace operated by Ericsoft Technologies, with offices at Old Namanga Road, Kitengela, Kajiado County, Kenya (P.O. Box 1211 – 00241). We connect event organizers with verified event service providers and provide tools for event budgeting, requests for quotation (RFQs), agreements, guest management, contributions, ticketing, event websites and payments.
For the purposes of the Data Protection Act, 2019 (the “DPA”), Papohapo is the data controller for personal data we collect about our users, and in certain cases a data processor for personal data that organizers enter about their guests and contributors (see Section 6).
2Scope of this policy
This policy applies to personal data processed when you:
- Visit www.papohapo.com or any Papohapo-hosted event webpage;
- Create an account as an event organizer, service provider or professional event planner;
- Plan an event, send or respond to RFQs, sign agreements, or make or receive payments;
- RSVP to an event, contribute to an event, or buy an event ticket;
- Contact our support team or interact with us on social media.
It does not apply to the independent practices of event organizers or service providers outside the platform, or to third-party websites linked from Papohapo.
3Information we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email address, phone number, password (stored encrypted), profile photo | You, at registration |
| Supplier verification (KYC) | Business registration documents, tax compliance details, national ID or passport for identity verification, service portfolio | Service providers, during onboarding |
| Event data | Event type, date, location, budgets, tasks, RFQs, quotations, agreements, notes | Organizers and suppliers, while using the platform |
| Guest & contributor data | Guest names and contact details, RSVP responses, seating assignments, gift selections, contribution records | Organizers, guests and contributors |
| Payment & transaction data | Event Wallet balances, payment records, mobile money or card transaction references, ticket purchases | You and our payment service providers |
| Communications | Support tickets, messages exchanged through the platform, email correspondence | You |
| Technical data | IP address, device and browser type, pages visited, referral source, cookie identifiers | Collected automatically (see Section 8) |
We do not intentionally collect sensitive personal data (such as health data or biometric data) and ask that you do not enter it into free-text fields.
4How we use your information
- Provide the platform — create and manage accounts, event plans, RFQs, quotations, agreements, guest lists, gift registries, event websites and tickets;
- Verify service providers — conduct KYC checks (business registration, tax compliance, identity and portfolio review) so organizers can hire with confidence;
- Process payments — operate the Event Wallet, record contributions, release milestone payments to suppliers and issue tickets;
- Communicate with you — service notifications (e.g. a new quotation received, an RSVP confirmed), support responses, and — with your consent — marketing updates you can opt out of at any time;
- Improve and secure the platform — analytics, debugging, fraud prevention and abuse detection;
- Meet legal obligations — tax, accounting and lawful requests from competent authorities.
5Legal bases for processing
Under the DPA we rely on the following lawful bases:
- Performance of a contract — most processing is necessary to provide the services you sign up for;
- Consent — marketing communications and non-essential cookies; you may withdraw consent at any time;
- Legitimate interests — platform security, fraud prevention, service improvement and marketplace trust (including supplier verification);
- Legal obligation — record-keeping, tax and responses to lawful requests.
6Guest & third-party data entered by organizers
Event organizers may enter personal data about their guests, committee members and contributors (for example guest lists, RSVP contacts and contribution records). For this data, the organizer is responsible for having a lawful basis to share it with us, and Papohapo processes it only to provide the platform’s features — invitations, RSVP tracking, seating, gift registries and contribution records.
If you are a guest or contributor and want your data corrected or removed, you may contact the event organizer directly or reach us using the details in Section 16 and we will assist.
9Payments & the Event Wallet
Payments on Papohapo — funding an event, contributing, buying tickets or paying suppliers — are processed by licensed third-party payment providers (including mobile money and card processors). We receive and store transaction references, amounts and statuses to maintain your Event Wallet records and payment history; we do not store full card numbers. Payment providers process your data under their own privacy policies.
10Data retention
- Account and event data — kept while your account is active and for a reasonable period afterwards to allow reactivation and resolve disputes;
- Transaction and agreement records — kept as required by Kenyan tax and accounting law (generally up to seven years);
- KYC documents — kept while a supplier account is active and as required for fraud-prevention and legal purposes;
- Analytics data — kept in aggregate form.
When data is no longer needed, we delete it or irreversibly anonymize it.
11Security
We protect your data with encryption in transit (HTTPS), encrypted password storage, role-based access controls, and the physical and organizational safeguards of our cloud hosting provider. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify the Office of the Data Protection Commissioner and affected users as required by the DPA.
12International transfers
Our platform is hosted on Odoo’s cloud infrastructure, and some service providers (such as analytics) process data on servers outside Kenya. Where personal data is transferred outside Kenya, we ensure appropriate safeguards consistent with the DPA, including contractual protections and transfers to jurisdictions with adequate data protection standards.
13Your rights
Under the Data Protection Act, 2019, you have the right to:
- Be informed about how your data is used;
- Access the personal data we hold about you;
- Correct inaccurate or incomplete data;
- Request deletion of data we no longer have a lawful basis to keep;
- Object to or restrict certain processing, including direct marketing;
- Data portability, where technically feasible;
- Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, contact us using the details in Section 16. We will respond within the timelines set by the DPA. If you are not satisfied, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.
14Children
Papohapo accounts are intended for persons aged 18 and above. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.
15Changes to this policy
We may update this policy as the platform and the law evolve. Material changes will be announced on the website or by email, and the effective date above will be updated. Continued use of Papohapo after changes take effect constitutes acceptance of the updated policy.
16Contact us
For privacy questions, data requests or complaints, contact:
Papohapo — Data Protection Contact
Ericsoft Technologies
Old Namanga Road, Kitengela, Kajiado County, Kenya
P.O. Box 1211 – 00241
Email: info@papohapo.com
Phone: +254 720 241 334