Skip to Content

Privacy Policy

How Papohapo collects, uses, shares and protects your personal data — in line with the Data Protection Act, 2019 (Kenya).

Effective: 16 July 2026 • Version 1.0

1Who we are

Papohapo (“Papohapo”, “we”, “us”, “our”) is an event planning platform and event services marketplace operated by Ericsoft Technologies, with offices at Old Namanga Road, Kitengela, Kajiado County, Kenya (P.O. Box 1211 – 00241). We connect event organizers with verified event service providers and provide tools for event budgeting, requests for quotation (RFQs), agreements, guest management, contributions, ticketing, event websites and payments.

For the purposes of the Data Protection Act, 2019 (the “DPA”), Papohapo is the data controller for personal data we collect about our users, and in certain cases a data processor for personal data that organizers enter about their guests and contributors (see Section 6).

2Scope of this policy

This policy applies to personal data processed when you:

  • Visit www.papohapo.com or any Papohapo-hosted event webpage;
  • Create an account as an event organizer, service provider or professional event planner;
  • Plan an event, send or respond to RFQs, sign agreements, or make or receive payments;
  • RSVP to an event, contribute to an event, or buy an event ticket;
  • Contact our support team or interact with us on social media.

It does not apply to the independent practices of event organizers or service providers outside the platform, or to third-party websites linked from Papohapo.

3Information we collect

CategoryExamplesSource
Account data Name, email address, phone number, password (stored encrypted), profile photo You, at registration
Supplier verification (KYC) Business registration documents, tax compliance details, national ID or passport for identity verification, service portfolio Service providers, during onboarding
Event data Event type, date, location, budgets, tasks, RFQs, quotations, agreements, notes Organizers and suppliers, while using the platform
Guest & contributor data Guest names and contact details, RSVP responses, seating assignments, gift selections, contribution records Organizers, guests and contributors
Payment & transaction data Event Wallet balances, payment records, mobile money or card transaction references, ticket purchases You and our payment service providers
Communications Support tickets, messages exchanged through the platform, email correspondence You
Technical data IP address, device and browser type, pages visited, referral source, cookie identifiers Collected automatically (see Section 8)

We do not intentionally collect sensitive personal data (such as health data or biometric data) and ask that you do not enter it into free-text fields.

4How we use your information

  • Provide the platform — create and manage accounts, event plans, RFQs, quotations, agreements, guest lists, gift registries, event websites and tickets;
  • Verify service providers — conduct KYC checks (business registration, tax compliance, identity and portfolio review) so organizers can hire with confidence;
  • Process payments — operate the Event Wallet, record contributions, release milestone payments to suppliers and issue tickets;
  • Communicate with you — service notifications (e.g. a new quotation received, an RSVP confirmed), support responses, and — with your consent — marketing updates you can opt out of at any time;
  • Improve and secure the platform — analytics, debugging, fraud prevention and abuse detection;
  • Meet legal obligations — tax, accounting and lawful requests from competent authorities.

6Guest & third-party data entered by organizers

Event organizers may enter personal data about their guests, committee members and contributors (for example guest lists, RSVP contacts and contribution records). For this data, the organizer is responsible for having a lawful basis to share it with us, and Papohapo processes it only to provide the platform’s features — invitations, RSVP tracking, seating, gift registries and contribution records.

If you are a guest or contributor and want your data corrected or removed, you may contact the event organizer directly or reach us using the details in Section 16 and we will assist.

7How we share information

  • Between organizers and suppliers — when you send an RFQ, receive a quotation, sign an agreement or make a payment, the relevant details are shared with the other party to that transaction;
  • Public supplier profiles — service providers’ business names, service descriptions, packages and ratings are published on the marketplace; private KYC documents are not published;
  • Event webpages — information an organizer chooses to publish on an event webpage (schedule, venue, gallery) is visible to anyone with the link;
  • Service providers we use — hosting (Odoo S.A. cloud infrastructure), payment processors, email delivery, and the analytics providers listed in Section 8, each bound by contractual safeguards;
  • Legal and safety — where required by law, court order, or to protect the rights, property or safety of Papohapo, our users or the public.

We do not sell your personal data.

8Cookies & analytics

We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the platform is used. Our analytics providers are:

  • Google Analytics (Google LLC) — usage statistics such as pages visited, session duration and approximate location. Google may set cookies and process data outside Kenya. You can opt out via Google’s browser add-on;
  • Plausible Analytics — privacy-friendly, cookieless aggregate statistics;
  • Meta Platforms — if you interact with our Facebook presence or shared links, Meta may process data under its own policies; our website identifies itself to Facebook for share previews and analytics.

You can control cookies through your browser settings. Blocking essential cookies may prevent parts of the platform (such as signing in) from working.

9Payments & the Event Wallet

Payments on Papohapo — funding an event, contributing, buying tickets or paying suppliers — are processed by licensed third-party payment providers (including mobile money and card processors). We receive and store transaction references, amounts and statuses to maintain your Event Wallet records and payment history; we do not store full card numbers. Payment providers process your data under their own privacy policies.

10Data retention

  • Account and event data — kept while your account is active and for a reasonable period afterwards to allow reactivation and resolve disputes;
  • Transaction and agreement records — kept as required by Kenyan tax and accounting law (generally up to seven years);
  • KYC documents — kept while a supplier account is active and as required for fraud-prevention and legal purposes;
  • Analytics data — kept in aggregate form.

When data is no longer needed, we delete it or irreversibly anonymize it.

11Security

We protect your data with encryption in transit (HTTPS), encrypted password storage, role-based access controls, and the physical and organizational safeguards of our cloud hosting provider. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify the Office of the Data Protection Commissioner and affected users as required by the DPA.

12International transfers

Our platform is hosted on Odoo’s cloud infrastructure, and some service providers (such as analytics) process data on servers outside Kenya. Where personal data is transferred outside Kenya, we ensure appropriate safeguards consistent with the DPA, including contractual protections and transfers to jurisdictions with adequate data protection standards.

13Your rights

Under the Data Protection Act, 2019, you have the right to:

  • Be informed about how your data is used;
  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Request deletion of data we no longer have a lawful basis to keep;
  • Object to or restrict certain processing, including direct marketing;
  • Data portability, where technically feasible;
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us using the details in Section 16. We will respond within the timelines set by the DPA. If you are not satisfied, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.

14Children

Papohapo accounts are intended for persons aged 18 and above. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

15Changes to this policy

We may update this policy as the platform and the law evolve. Material changes will be announced on the website or by email, and the effective date above will be updated. Continued use of Papohapo after changes take effect constitutes acceptance of the updated policy.

16Contact us

For privacy questions, data requests or complaints, contact:

Papohapo — Data Protection Contact

Ericsoft Technologies

Old Namanga Road, Kitengela, Kajiado County, Kenya

P.O. Box 1211 – 00241

Email: info@papohapo.com

Phone: +254 720 241 334