Privacy policy

1. INFORMATION COLLECTION AND USE

I. Personal Information

While using our platform, we may ask you to provide us with certain personally identifiable information that can be used to set up your business/personal account or reach out to you in case you need any support. Personally identifiable information may include, but is not limited to your name, email address, phone number and payment information - this includes your mpesa STK push phone number or your card details. Crystalapp does not sell or share user personal data with third parties for their direct marketing, except with users’ consent.

II. Business Information

While using our crystalBusiness, we will collect and store your business data. Business identifiable information may include, but is not limited to your sales, expenses, payments, stock inventory and product catalogue. Crystalapp uses the data we collect to provide, personalize, maintain, and improve our products and services. We may use the data we collect for support, testing, research, analysis, product development, and machine learning to improve the user experience. This helps us to improve and enhance the safety and security of our services, improve our ability to prevent the use of our services for illegal or improper purposes, develop new features and products, and facilitate insurance and finance solutions in connection with our services. Crystalapp does not sell or share user business data with third parties for their direct marketing, except with users’ consent or if applicable to our business data usage policy.

III. Non-Personal Information

In order to show adverts that are likely to be of greater interest to users our third-party advertising providers may collect certain information, specifically Android Advertising ID, Browser, IP address, Phone model, Language and Android version (User Agent). This information may be combined with tracking and anti-fraud technologies, such as pixels, hashed identifiers, timestamp and subject of advertisements clicked or scrolled over.

IV. Third-Party Links

Crystalapp may contain links to other websites or applications. We are not responsible for the privacy practices of these third parties.

2. COMMUNICATIONS

I. Marketing

We may use your personal and business Information to contact you with marketing or promotional materials and other information that may be of benefit to you. We may also send communications to our users about products and services offered by Crystalapp vendors. For example, if a user has placed an order from Crystalapp, we may provide recommendations, promotions, or ads about similar products offered by other Crystalapp vendors. Although we may send users communications about Crystalapp vendors’ products and services, we do not sell users’ personal data to, or share it with, such vendors or others for purposes of their own direct marketing or advertising, except with users’ consent.

II. Non-Marketing

We may use the data we collect in case a user creates a support ticket that needs Crystalapp team intervention, generate and provide users with receipts; inform them of changes to our terms, services, or policies; or send other communications that aren’t for the purpose of marketing the services or products of Crystalapp or its partners and vendors.

3. SECURITY

We recognizes the importance of protecting the privacy of all the information provided to us by our customers. We do not share your personal information with unauthorized persons and adequate safeguard have been put in place to prevent unauthorized access and to ensure confidentiality of your personal information. We take seriously the security of any information stored on our servers and take all reasonable precautions to protect this information. This includes any information you send us as part of a support ticket, including screenshots, contact numbers etc. Incase you suspect someone else is accessing your account without your consent please immediately send us an email.

4. BUSINESS DATA USAGE

We provide data to our clients (you), consultants, marketing partners, research firms, and other service providers or business partners. This may include, but is not limited to Cloud storage providers, Google, in connection with the use of Google Maps in Crystalapp (see Google’s privacy policy for information on their collection and use of data), Marketing partners and marketing platform providers, including social media advertising services, Data analytics providers, Research partners, Insurance and financing partners, Consultants, lawyers, accountants, and other professional service providers. We do not sell or share personalized business data. Only an aggregation in an analytics perspective regarding certain business categories and products stated as “standard” on the Crystalapp.

5. WITH CONSENT

We may share a user’s personal data other than as described in this notice if we notify the user and they consent to the sharing.

6. DATA RETENTION AND DELETION

Users may request deletion of their accounts at any time by sending us an email at support@crystalapp.net. We may retain user data after a deletion request due to legal or regulatory requirements or for the reasons stated in this policy. We retain user data for as long as necessary for the purposes described above. This means that we retain different categories of data for different periods of time depending on the category of user to whom the data relates, the type of data, and the purposes for which we collected the data. Following an account deletion request, we delete the user’s account and data, unless they must be retained due to legal or regulatory requirements, for purposes of safety, security, and fraud prevention, or because of an issue relating to the user’s account such as an outstanding credit or an unresolved claim or dispute. Because we are subject to legal and regulatory requirements relating to businesses, this generally means that we retain their account and data for a minimum of 2 years after a deletion request. For users using Crystalapp, their data is generally deleted within 60 days of a deletion request, except where retention is necessary for the above reasons.

7. GENERAL DATA PROTECTION REGULATION (GDPR)

The General Data Protection Regulation (GDPR) 2016/679 EU law is a regulation on data protection and privacy for all individuals within the European Economic Area (EEA). For all users that reside in the EEA or travel to the EEA, Crystalapp will display (once only) a Privacy Consent regarding our third-party ad providers' use of information that falls under the GDPR legislation. An unambiguous agreement is required by users to continue to use Crystalapp. Users also have a right to be forgotten. This can be achieved by resetting their Android Advertising identifier (Android Settings > Google > Ads > Reset advertising ID).

8. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is effective as of 1st June, 2020 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page. We reserve the right to update or change our privacy policy at any time and you should check this privacy policy periodically. Your continued use of the service after we post any modifications to the privacy policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified privacy policy. If we make any material changes to this privacy policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website and mobile apps.