Legal

Privacy Policy

Last updated: May 18, 2026

Effective date: January 1, 2025 · Last revised: May 18, 2026

1. Information We Collect 2. How We Use Your Information 3. Information Sharing 4. Data Storage & Security 5. Cookies & Tracking 6. Your Rights 7. Data Retention 8. Children's Privacy 9. Changes to This Policy 10. Contact Us

Plain-language summary: BnBFlows collects the data you provide and data generated by your use of the platform. We use it to operate the service, not to sell to third parties. You can request deletion of your data at any time.

1. Information We Collect

Information you provide directly

Account data — name, email address, phone number, business name and password when you register.
Property data — property names, addresses, room details, pricing and availability you enter into the platform.
Guest data — names, emails, phone numbers, nationality and stay preferences of guests you add to the system.
Payment data — billing details processed securely through our payment partners (M-Pesa, Pesapal, DPO Pay). We do not store raw card numbers.
Communications — messages you send via our contact form or support channels.

Information collected automatically

Usage data — pages visited, features used, session duration and click patterns within the platform.
Device & browser data — IP address, browser type, operating system, screen resolution and referring URL.
Log data — server logs, error reports and API call metadata for debugging and performance monitoring.
Cookies — see Section 5 for full details.

2. How We Use Your Information

We use the information we collect to:

Provide, operate and improve the BnBFlows platform and its features.
Process bookings, payments and access code generation for smart locks.
Send transactional communications — booking confirmations, access codes, payment receipts and system alerts via email, SMS and WhatsApp.
Respond to support requests and provide customer service.
Monitor platform security, detect fraud and prevent abuse.
Comply with legal obligations and enforce our Terms of Service.
Send product updates and promotional communications (you may opt out at any time).
Generate anonymised, aggregated analytics to understand usage trends.

We do not sell, rent or trade your personal data. We share data only with:

Service providers — third-party tools that help us operate the platform (hosting, email delivery, SMS, WhatsApp, analytics). These providers are contractually bound to protect your data and use it only for the services they provide us.
Payment processors — M-Pesa (Safaricom), Pesapal, DPO Pay and MTN MomoPay process transactions under their own privacy policies.
Communication providers — Africa's Talking (SMS) and Meta (WhatsApp) receive phone numbers to deliver messages. Their policies apply to their handling of that data.
Legal requirements — we may disclose data if required by law, court order or to protect the rights, property or safety of BnBFlows, our users or the public.
Business transfers — in the event of a merger, acquisition or sale of assets, your data may be transferred to the successor entity under the same privacy protections.

4. Data Storage & Security

Your data is stored on servers hosted in secure cloud infrastructure. We implement the following safeguards:

TLS/HTTPS encryption for all data in transit.
Encryption at rest for sensitive data fields.
Role-based access controls — staff see only what their role permits.
Regular security audits and penetration testing.
Automated backups with point-in-time recovery.
Multi-factor authentication available for all accounts.

No method of transmission or storage is 100% secure. If you become aware of any security issue, please contact security@bnbflows.com immediately.

5. Cookies & Tracking

We use cookies and similar technologies to operate the platform. See our full Cookie Policy for details. In summary:

Essential cookies — required for login sessions and security. Cannot be disabled.
Analytics cookies — help us understand how the platform is used (anonymised data).
Preference cookies — remember your settings and UI preferences.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access — request a copy of the personal data we hold about you.
Rectification — correct inaccurate or incomplete data.
Erasure — request deletion of your data ("right to be forgotten").
Portability — receive your data in a machine-readable format.
Objection — object to certain processing, including marketing communications.
Restriction — request that we limit how we process your data in certain circumstances.

To exercise any of these rights, contact us at privacy@bnbflows.com. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

Account and property data — retained for the life of your subscription plus 90 days after cancellation.
Booking and financial records — retained for 7 years to comply with accounting and tax regulations.
Guest data — retained as long as your account is active. You can delete individual guest records at any time.
Server logs — retained for 90 days for security purposes.
Anonymised analytics — retained indefinitely.

8. Children's Privacy

BnBFlows is a business platform intended for use by adults (18+). We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal data, contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and, where appropriate, by email. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the platform after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions, data requests or concerns, contact our Data Protection Officer:

Email: privacy@bnbflows.com
Address: BnBFlows Ltd, Nairobi, Kenya