Privacy Policy

1. Introduction

Welcome to DukaSync. We provide an AI-powered commerce and messaging platform for merchants. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, mobile companion app, and integrated services, including our integrations with the Meta WhatsApp Business API.

By accessing or using our services, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

We collect information that identifies, relates to, or could reasonably be linked to you or your customers ("Personal Information").

A. Information from Merchants (Our Direct Users)

• Account Information: Name, email address, and authentication details (managed securely via Supabase).
• Business Information: Store details, product inventory, and pricing.
• Financial Data: M-Pesa phone numbers and transaction receipts used to process payments and credit top-ups.
• Device Data: Firebase Cloud Messaging tokens for delivering push notifications to your mobile device. We do not read, access, or store your SMS messages.

B. Information from End-Customers (Via WhatsApp Business API)

When a customer interacts with a merchant's store via WhatsApp, we collect:

• Contact Information:The customer's WhatsApp phone number and profile name.
• Communications: The contents of chat messages, order inquiries, and interactions processed by our AI Copilot.
• Order History: Products selected, order status, and total amounts.

3. How We Use Your Information

We use the collected information for the following business purposes:

• To provide, operate, and maintain the platform and AI chat routing.
• To facilitate the drafting and sending of replies to customers via the Meta WhatsApp Business API.
• To process M-Pesa payments and verify transaction status via Safaricom Daraja API webhooks.
• To send push notifications about new messages, payments, and order updates via Firebase Cloud Messaging.
• To manage merchant inventory, orders, and abandoned cart notifications.
• To improve our AI models and service functionality.

4. How We Share Information

We do not sell your personal data. We only share information with third-party service providers necessary to operate our platform:

• Meta Platforms, Inc. (WhatsApp): We share messaging data and customer phone numbers specifically to route chats and deliver AI-generated responses through the WhatsApp Business API.
• AI Providers: Anonymized or strictly scoped chat data may be processed by our underlying AI language models (e.g., OpenAI, Anthropic, or Google) to generate conversational responses.
• Database & Hosting: Data is stored securely on cloud infrastructure providers (e.g., Supabase, Vercel, Render).
• Payment Processors: Safaricom (Daraja API) for processing M-Pesa STK pushes and B2B/C2B transactions.
• Push Notifications: Google Firebase Cloud Messaging for delivering real-time notifications to merchant devices. Device tokens are stored securely and not shared with third parties.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Merchant data is kept while the account is active. End-customer chat histories and order details are retained to provide historical context for the AI Copilot and order management, subject to deletion requests.

6. Data Deletion & User Rights

Both Merchants and End-Customers have the right to request the deletion of their personal data.

• For Merchants: You may request account deletion and the purging of all associated store and customer data by contacting us at support@dukasynctech.com.
• For End-Customers: If you interacted with a merchant using our service via WhatsApp and wish to have your phone number and chat history removed from our database, please contact us directly at support@dukasynctech.com with the subject line "Data Deletion Request - WhatsApp" and include the phone number used.

We will process all verified deletion requests within 30 days.

7. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information, including end-to-end encryption for database connections and secure webhooks for API callbacks. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last Updated" date at the top of this document or via a prominent notice on our platform.

9. Contact Us

If you have questions or comments about this Privacy Policy or our data practices, please contact us at: