Privacy Policy

Effective date: 12th June 2026

Last updated: 12th June 2026

Controller: Makao Hive

1. Scope

This Privacy Policy explains how Makao Homes ("we", "our", "us") collects, uses, shares, and protects personal data when you use the Platform.

2. Data We Collect

Depending on your role and activity, we may collect:

2.1 Account and identity data

  • name and display name,
  • email address,
  • phone number,
  • role and permission assignments,
  • authentication/security settings.

2.2 Usage and workflow data

  • service requests, bids, statuses, assignments, notes,
  • payment workflow metadata and transaction references,
  • audit logs and security events.

2.3 Property and operational data

  • property/unit records,
  • media uploads and documents,
  • amenity/location data.

2.4 Device and technical data

  • IP-related request metadata,
  • browser/client metadata,
  • timestamps and diagnostic logs.

3. How We Use Personal Data

We use personal data to:

  • provide and operate Platform features,
  • authenticate users and secure accounts (including OTP/TOTP flows),
  • process payment workflow actions and confirmations,
  • send transactional emails/SMS notifications,
  • enforce role-based access and compliance controls,
  • investigate incidents, fraud, and abuse,
  • meet legal and regulatory obligations.

4. Legal Bases (example framework)

Depending on jurisdiction and processing context, we rely on:

  • contract performance,
  • legitimate interests (service security/operations),
  • legal obligation,
  • consent (where required).

5. Sharing and Processors

We may share data with service providers acting on our instructions, including:

  • payment processors/rails,
  • email and SMS providers,
  • cloud storage/media processors,
  • mapping/geocoding providers,
  • infrastructure and observability tools.

See SUBPROCESSORS_AND_RETENTION.md for processor disclosure.

6. Payment Data

Payment instructions are handled through integrated payment providers. We store workflow metadata and transaction references required for reconciliation, support, and compliance. We do not intentionally store sensitive credentials such as payment PINs.

7. Security Measures

We implement administrative, technical, and organizational controls, including:

  • authentication controls and token-based session security,
  • role-based permission checks,
  • logging and audit trails,
  • data minimization/redaction in external-service logs where applicable.

No system is fully risk-free; users should also maintain good account hygiene.

8. Data Retention

We retain data for as long as needed to:

  • provide services,
  • maintain audit and financial records,
  • resolve disputes,
  • comply with legal obligations.

Retention windows may vary by record type and jurisdiction.

9. International Transfers

Where processing involves providers outside your jurisdiction, we apply appropriate safeguards required by applicable law.

10. Your Rights

Subject to applicable law, you may have rights to:

  • access,
  • correction,
  • deletion,
  • objection/restriction,
  • portability,
  • withdrawal of consent (where consent is the basis),
  • complaint to the relevant regulator.

To exercise rights, contact us using details below.

11. Children

The Platform is not intended for children under the applicable age threshold in your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Revised versions are posted with updated dates.

13. Contact and Complaints

  • Privacy contact email: legal@makaohive.com
  • Address: Jubilee Exchange House, 4th Floor, 418A, Nairobi, Kenya
  • Support: info@makaohive.com
  • Regulator (if applicable): Makao Hive