Eshabiki
MarketplaceChallengesShopTournamentsRank Push
Marketplace Challenges Shop Tournaments Rank Push
Eshabiki
MarketplaceSell AccountTermsPrivacyRefund Policy

© 2026 Eshabiki. All rights reserved.

Privacy Policy

Last updated: April 2025

1. Information We Collect

  • Account data: name, email address, and password (hashed).
  • Transaction data: purchase history, listing data, and encrypted account credentials you upload as a seller.
  • Payment data: M-Pesa phone number and transaction reference numbers. We do not store full M-Pesa PINs or card numbers.
  • Usage data: IP address, browser type, and pages visited, collected via server logs.

2. How We Use Your Information

  • To operate and provide the marketplace service.
  • To process M-Pesa payments and manage escrow.
  • To send transactional notifications (order confirmations, dispute updates).
  • To detect fraud and enforce our Terms of Service.
  • To improve the Platform through aggregated, anonymised analytics.

3. Credential Encryption

Account credentials (usernames and passwords) uploaded by sellers are encrypted at rest using AES-256-GCM encryption. The encryption key is never stored in the database. Decrypted credentials are only revealed to the verified buyer of a transaction once delivery has been confirmed.

4. Sharing of Information

We do not sell your personal data. We share information only:

  • With NCBA Bank/M-Pesa as required to process payments.
  • With Google Cloud Storage to store listing images.
  • Where required by Kenyan law or a valid court order.

5. Data Retention

We retain your account data for as long as your account is active. Transaction records are retained for 7 years to comply with Kenyan financial regulations. You may request deletion of your account at any time by contacting support.

6. Cookies

We use a single session cookie (JWT) to keep you logged in. We do not use third-party advertising or tracking cookies.

7. Your Rights

You have the right to access, correct, or delete your personal data. Email us at support@eshabiki.com to make a request. We will respond within 30 days.

8. Security

We use industry-standard security practices including HTTPS, encrypted credentials, bcrypt password hashing, and rate limiting. No system is completely secure — if you believe your account has been compromised, contact us immediately.

9. Changes

We may update this Privacy Policy. We will notify registered users of material changes via email. Continued use of the Platform constitutes acceptance.

10. Contact

Privacy concerns? support@eshabiki.com