Data Security
Privacy Policy
Your security and privacy are our top priorities. Last updated: April 10, 2026
RentLynk ("we," "us," "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, "the Platform").
RentLynk is registered with the Office of the Data Protection Commissioner (ODPC) under registration number 9745465464. We comply with the Kenya Data Protection Act (DPA), 2019 and all applicable data protection regulations.
1. Definitions
|
Term |
Meaning |
|
"Personal Data" |
Any information relating to an identified or identifiable natural person |
|
"Data Controller" |
RentLynk determines the purpose and means of processing personal data |
|
"Data Processor" |
Third parties who process data on our behalf (e.g., Paystack) |
|
"Data Subject" |
You — the person using the Platform |
|
"ODPC" |
Office of the Data Protection Commissioner of Kenya |
|
"DPA" |
Kenya Data Protection Act, 2019 |
|
"Paystack" |
Our third-party payment processing partner |
2. Data Controller Information
RentLynk
RentLynk Property Management
Registered in Kenya — Registration No: 46641212121
ODPC Registration No: 45474454554
Physical Address: Delta Corner Annex, Ring Rd
Westlands Ln, Westlands, Nairobi, Kenya.
Email: dpo@rentlynk.co.ke
Phone: +254 (768) 226669
3. What Personal Data We Collect
3.1 Information You Provide Directly
|
Category |
Examples |
|
Identity Data |
Full name, national ID number, passport number, KRA PIN |
|
Contact Data |
Email address, phone number, physical address |
|
Financial Data |
Bank account details, payment transaction history (note: full card details are never stored by RentLynk — see Section 6.1) |
|
Property Data |
Property addresses, lease agreements, rental amounts |
|
Tenant Data (if you are a Landlord) |
Tenant names, contact info, payment records, maintenance requests |
|
Verification Data |
ID photos, selfies, digital signatures |
3.2 Information Collected Automatically
|
Category |
Examples |
|
Usage Data |
Pages visited, features used, time spent on Platform |
|
Device Data |
IP address, browser type, operating system, device ID |
|
Location Data |
Approximate location based on IP address |
|
Cookies & Tracking |
See Section 8 (Cookies Policy) below |
3.3 Information from Third Parties
- Payment Partner: Paystack – Payment processing, fraud detection, transaction verification
- Communication Services: SMS providers, email services
- Analytics Providers: Google Analytics, crash reporting tools
4. How We Use Your Personal Data
We process your data only for lawful purposes under the DPA (Section 4(c)):
|
Purpose |
Legal Basis |
|
To create and manage your account |
Contract performance |
|
To process rent payments and withdrawals via Paystack |
Contract performance |
|
To enable Lipa Mdogo Rent (installments) |
Contract performance |
|
To send Smart Alerts (SMS/email reminders) |
Legitimate interest |
|
To verify your identity and prevent fraud |
Legal obligation |
|
To improve and optimize the Platform |
Legitimate interest |
|
To comply with tax and financial regulations (e.g., KRA reporting) |
Legal obligation |
|
To respond to customer support requests |
Contract performance |
|
To send marketing communications (with your consent) |
Consent |
5. Legal Basis for Processing (Kenya DPA 2019)
Under Section 4(c) of the DPA, we process your personal data only if one or more of the following applies:
- Consent – You have given clear consent for us to process your data for a specific purpose.
- Contract – Processing is necessary for a contract you have with us (e.g., using RentLynk to collect rent).
- Legal Obligation – Processing is required by Kenyan law (e.g., KRA reporting, anti-money laundering).
- Vital Interests – Processing is necessary to protect someone's life (rare).
- Public Task – Processing is necessary for a public function (not applicable to RentLynk).
- Legitimate Interests – Processing is necessary for our legitimate business interests (e.g., improving the Platform) and does not override your rights.
6. Data Sharing & Disclosure
We do not sell your personal data. We may share your data in the following circumstances:
6.1 Payment Processing – Paystack (Important)
All payment transactions on RentLynk (rent collection, withdrawals, Lipa Mdogo Rent deposits) are processed by Paystack, a PCI-DSS Level 1 certified payment gateway.
What Paystack processes:
- Payment card details (encrypted directly on Paystack's systems)
- M-Pesa transactions
- Bank account information for withdrawals
- Transaction amounts and timestamps
What RentLynk does NOT store:
- Full credit/debit card numbers
- Card CVV codes
- Card PINs
Paystack's role: Paystack acts as an independent Data Processor under the DPA. Your payment data is subject to Paystack's own privacy policy, which we encourage you to review:
Paystack Privacy Policy: https://paystack.com/privacy
Paystack's compliance: Paystack is compliant with:
- PCI-DSS Level 1 (highest security standard for payment processing)
- GDPR
- Kenyan data protection laws as a data processor
6.2 Other Service Providers (Data Processors)
|
Partner |
Purpose |
|
Paystack |
Payment processing, fraud detection, disbursements |
|
Safaricom (M-Pesa) |
Mobile money integration (via Paystack) |
|
Banks & Card Processors |
Withdrawal processing (via Paystack) |
|
SMS/Email Providers |
Sending Smart Alerts |
|
Cloud Hosting Providers |
Data storage (servers) |
|
Analytics Providers |
Platform improvement |
All Data Processors sign Data Processing Agreements (DPAs) and comply with the DPA.
6.3 Legal Disclosures
We may disclose your data if required by:
- A court order or search warrant
- The Kenya Revenue Authority (KRA) for tax compliance
- The Directorate of Criminal Investigations (DCI) for fraud investigations
- The Communications Authority of Kenya (CA) for security purposes
6.4 Business Transfers
If RentLynk is acquired or merges with another company, your data may be transferred. You will be notified via email and/or a prominent notice on the Platform.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy, plus any legal retention requirements under Kenyan law.
|
Data Type |
Retention Period |
|
Account information |
Until you delete your account + 30 days grace period |
|
Financial transaction records (via Paystack) |
7 years (per KRA and Tax Procedures Act) |
|
Lease agreements & tenant data |
5 years after lease ends |
|
Communication logs (support tickets) |
3 years |
|
Cookies & usage analytics |
12-24 months (depending on cookie type) |
Note: Paystack may retain transaction records according to their own retention policy (typically 7 years for compliance). Please refer to Paystack's privacy policy for details.
After the retention period ends, your data will be securely deleted or anonymized.
8. Cookies Policy
8.1 What Are Cookies?
Cookies are small text files stored on your device (computer, phone, tablet) when you visit a website or use an app. They help the Platform remember your preferences and improve your experience.
8.2 Types of Cookies We Use
|
Cookie Type |
Purpose |
Duration |
|
Strictly Necessary Cookies |
Essential for Platform functionality (login, payments, security). Cannot be disabled. |
Session / Persistent |
|
Preference Cookies |
Remember your settings (language, dashboard layout). |
Up to 12 months |
|
Analytics Cookies |
Track how you use the Platform (pages visited, time spent). Helps us improve. |
Up to 24 months |
|
Marketing Cookies |
Used to show relevant ads (optional). Only with your consent. |
Up to 24 months |
8.3 Your Cookie Choices
When you first visit RentLynk, you will see a Cookie Consent Banner where you can:
- Accept all cookies
- Reject non-essential cookies (strictly necessary cookies will still work)
- Customize your cookie preferences
You can also manage cookies through your browser settings. However, disabling strictly necessary cookies may break Platform functionality.
8.4 Third-Party Cookies
We use third-party services that may place their own cookies:
- Google Analytics – For usage analytics
- Paystack – For payment fraud prevention and security
- Facebook/Meta – For marketing (if consented)
We do not control third-party cookies. Please review their privacy policies.
9. Your Rights Under the Kenya Data Protection Act (DPA)
As a Data Subject, you have the following rights under Sections 26-32 of the DPA:
|
Right |
What It Means |
|
Right to be Informed |
You have the right to know what data we collect and how we use it (this Privacy Policy). |
|
Right to Access |
You can request a copy of all personal data we hold about you. |
|
Right to Rectification |
You can correct inaccurate or incomplete data. |
|
Right to Erasure ("Right to be Forgotten") |
You can request deletion of your data, subject to legal retention requirements (e.g., KRA). |
|
Right to Restrict Processing |
You can ask us to stop processing your data in certain circumstances. |
|
Right to Data Portability |
You can request your data in a structured, machine-readable format. |
|
Right to Object |
You can object to processing based on legitimate interests or direct marketing. |
|
Rights Related to Automated Decision-Making |
You can challenge decisions made solely by automated means (e.g., fraud detection by Paystack). |
Important note on Paystack data: For payment data held solely by Paystack, you may need to direct your request to Paystack directly. We will assist you in facilitating this where possible.
How to Exercise Your Rights
Submit a request to: dpo@rentlynk.co.ke
We will respond within 30 days (per DPA Section 35). If your request is complex, we may extend by a further 30 days and inform you.
There is no fee for reasonable requests. Excessive or repetitive requests may incur a small administrative fee.
10. Data Security
We implement bank-grade security measures to protect your data:
- Encryption: 256-bit SSL/TLS encryption for data in transit
- At Rest: AES-256 encryption for stored data
- Access Controls: Role-based access; only authorized personnel can access sensitive data
- Regular Audits: Quarterly security assessments
- Breach Notification: We will notify you and the ODPC within 72 hours of discovering a data breach (per DPA Section 43)
Paystack Security: Paystack is PCI-DSS Level 1 certified, the highest level of security in the payment industry. RentLynk never stores full card details on its servers.
11. International Data Transfers
RentLynk primarily stores data on servers located in Europe.
Paystack Data: Paystack processes payments on servers that may be located outside Kenya (e.g., Nigeria, Europe, or the United States). Paystack ensures compliance with applicable data protection laws through:
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules (where applicable)
- PCI-DSS certification
By using RentLynk, you acknowledge that your payment data may be transferred to and processed in countries outside Kenya through Paystack.
12. Children's Privacy
RentLynk is not intended for persons under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes become effective when posted on this page.
We will notify you of material changes via:
- Email to your registered address
- In-app notification
- A notice on our website
The "Last Updated" date at the top of this policy will reflect the latest changes.
14. How to Lodge a Complaint with the ODPC
If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) :
Office of the Data Protection Commissioner
P.O. Box 3097 – 00100, Nairobi, Kenya
Email: info@odpc.go.ke
Website: https://www.odpc.go.ke
Phone: +254 (0) 111 042 900
We encourage you to contact us first at dpo@rentlynk.co.ke so we can attempt to resolve your concern.
15. Contact Us
For any questions about this Privacy Policy, your data rights, or to submit a data request:
RentLynk
RentLynk Property Management
Registered in Kenya — Registration No: 46641212121
ODPC Registration No: 45474454554
Physical Address: Delta Corner Annex, Ring Rd
Westlands Ln, Westlands, Nairobi, Kenya.
Email: dpo@rentlynk.co.ke
Phone: +254 (768) 226669
By using RentLynk, you acknowledge that you have read, understood, and agreed to this Privacy Policy.