Logo

Little Gifter

Privacy Policy

LITTLE GIFTER LIMITED – PRIVACY POLICY

Last Updated: 10th April 2026

Registered Office: Nairobi, Kenya

1. Introduction

Welcome to Little Gifter. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website, join our waitlist, or use our platform.

Little Gifter Limited is the Data Controller under the Data Protection Act, 2019 (Kenya) and complies with the General Data Protection Regulation (GDPR) for users within the European Economic Area (EEA).

2. Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: Name, username.
  • Contact Data: Email address (waitlist/account), phone number (for M-Pesa/Payment transactions).
  • Behavioral & Preference Data (“Taste Graph”): Wishlists, gifting preferences, and interaction history.
  • Transaction Data: Details of gift contributions and pooling (processed via third-party providers).
  • Technical Data: IP address, browser type, cookies, and usage analytics.

3. Legal Basis for Processing

We process your data under the following lawful bases:

  • Consent: Email collection for waitlist/marketing and non-essential cookies.
  • Contractual Necessity: Account management, “Gift Room” coordination, and contribution tracking.
  • Legitimate Interest: Improving platform AI, personalizing recommendations via the Taste Graph, and fraud prevention.
  • Legal Obligation: Compliance with Kenyan financial and tax regulations.

4. The Taste Graph & Automated Processing

Little Gifter uses automated processing to build a Taste Graph, which predicts relevant gift ideas.

This involves profiling based on your interactions.

You may opt-out of personalized recommendations at any time in your settings.

We do not engage in automated decision-making that produces legal or similarly significant effects (as defined under GDPR Article 22).

5. Data Sharing & Third Parties

We do not sell your personal data. We may share data with:

  • Service Providers: Secure cloud hosting, analytics, and communication tools.
  • Payment Aggregators: Licensed partners processing M-Pesa and card contributions.
  • Merchant Partners: When you choose to purchase a gift through a third-party retailer linked on our platform, that merchant’s own privacy policy will apply.

Security Note: Little Gifter does not store or process your M-Pesa PIN or bank credentials. All payments are handled by licensed third-party providers.

6. International Data Transfers

Your data may be stored on servers located outside Kenya. For users in the EEA, we implement Standard Contractual Clauses (SCCs) or ensure transfers are to jurisdictions with adequate data protection laws to maintain GDPR compliance.

7. Data Retention

  • Waitlist Data: Deleted 6 months after launch unless you transition to a full account.
  • Account Data: Retained while your account is active.
  • Transaction Records: Retained as required by Kenyan financial laws.

8. Your Rights

Under the DPA 2019 and GDPR, you have the right to: Access, Rectify, Erase (Right to be Forgotten), Restrict Processing, Object to Marketing, and Data Portability.

To exercise these rights or lodge a complaint with the ODPC (Kenya) or your local EU authority, contact: [Insert Email].

9. Security & Breach Notification

We use SSL/TLS encryption and strict access controls. In the event of a data breach, we will notify affected users and relevant authorities (ODPC) within the statutory timelines required by law.

10. Cookies & Tracking

We use cookies to improve user experience. Where required by law, we will obtain your consent before placing non-essential cookies.