Privacy Policy

Effective date: 1 June 2026

This Privacy Policy explains how Stampr (“we”, “us”, “our”) collects, uses, and protects information when you use our Service. It applies to managers, business owners, and — through the WhatsApp integration — the employees whose attendance is recorded.

We are committed to handling personal data responsibly and in accordance with applicable data protection laws, including Kenya’s Data Protection Act 2019 and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Who We Are

Stampr is operated as a data controller in respect of account holder data, and as a data processor in respect of employee attendance data collected on behalf of our business customers. Contact: hello@getstampr.com.

2. Data We Collect

Account holders (managers & owners)

  • Name, email address, and password (hashed).
  • Business name, country, and WhatsApp Business number.
  • Billing information (handled by Paystack — we do not store full card numbers).
  • Usage data: login timestamps, dashboard activity, feature usage.

Employees (via WhatsApp)

  • WhatsApp phone number.
  • Name and role (entered by the manager).
  • Attendance events: timestamps of IN/OUT messages, computed status (on time, late, absent).
  • Message content is limited to the attendance keywords — we do not read or store other WhatsApp conversations.

Technical data

  • IP addresses, browser type, and device identifiers for security and analytics purposes.
  • Cookies and similar technologies (see Section 7).

3. How We Use Your Data

  • Service delivery: processing attendance messages, updating the live dashboard, sending alerts and reports.
  • Billing: managing subscriptions and processing payments.
  • Communication: sending transactional emails (receipts, alerts, account notices).
  • Security: detecting fraud, abuse, and unauthorised access.
  • Improvement: aggregated, anonymised analytics to improve the product. We do not sell personal data.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following lawful bases:

  • Contract: processing necessary to provide the Service to account holders.
  • Legitimate interests: security, fraud prevention, and product improvement.
  • Legal obligation: compliance with applicable laws.
  • Consent: where we send optional marketing communications (you may withdraw at any time).

For employee attendance data, the legal basis is the legitimate interest of the employing business (our customer) in managing workforce attendance. Business customers are responsible for ensuring an appropriate basis exists under their local employment law.

5. Data Sharing

We share data only where necessary:

  • WhatsApp / Meta: messages pass through the WhatsApp Business API. Meta’s own privacy policy applies to the messaging infrastructure.
  • Paystack: payment processors who handle billing data under their own privacy frameworks.
  • Cloud infrastructure: we use managed cloud services (servers, databases, storage) whose providers are bound by data processing agreements.
  • Legal requirements: we may disclose data if required by law or court order.

We do not sell, rent, or trade personal data to third parties for marketing purposes.

6. Data Retention

  • Attendance records are retained for as long as your account is active, plus 30 days after closure.
  • Billing records are kept for 7 years as required by financial regulations.
  • You may export or delete employee data at any time from your dashboard.
  • Backups may retain data for up to 90 days after deletion.

7. Cookies & Analytics

We use:

  • Essential cookies: session management and authentication. Required for the Service to function.
  • Google Analytics (GA4): we use Google Analytics to understand how visitors interact with our website (pages visited, session duration, general location). Data is anonymised — we do not enable Google Signals or cross-site tracking. Google’s privacy policy applies: policies.google.com/privacy. You may opt out via the Google Analytics Opt-out Browser Add-on or your browser’s cookie settings.

We do not use advertising, remarketing, or cross-site tracking cookies.

8. Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise these rights, email hello@getstampr.com. We will respond within 30 days.

If you are in the EU or UK and believe we have not handled your data correctly, you have the right to lodge a complaint with your local supervisory authority.

9. Security

We use industry-standard measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No system is perfectly secure; if you discover a vulnerability please report it responsibly to hello@getstampr.com.

10. Children

The Service is not directed at individuals under 18. We do not knowingly collect data from minors. If you believe a minor’s data has been submitted, contact us and we will delete it.

11. International Transfers

Data may be processed outside your country of residence. Where transfers occur from the EEA or UK, we rely on appropriate safeguards (standard contractual clauses or adequacy decisions).

12. Changes to This Policy

We may update this policy. Material changes will be communicated by email or in-app notice at least 14 days before they take effect. The effective date at the top of this page reflects the latest revision.

13. Contact

Privacy questions or requests: hello@getstampr.com
General enquiries: hello@getstampr.com