Privacy Policy
Last updated: January 1, 2025
AWRA OpsHub System (“Aura”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring that your personal information is handled responsibly. This Privacy Policy explains in detail what information we collect, how we use it, how we secure it, and the rights you have regarding your data. Our goal is to be fully transparent about our practices and give you confidence in how your information is managed when you use our services. By accessing or using AWRA, you agree to the terms outlined here.
1. Scope of This Policy
This Privacy Policy applies to all platforms, products, and services offered under the AWRA Systems brand, including our web application, mobile applications, integrations, and related support services. It governs the collection, storage, use, disclosure, and transfer of personal and business data. It does not extend to third-party websites or applications that may be linked through our services, and we encourage you to review the privacy practices of those third parties separately, as they may differ significantly from our own. By continuing to use our services, you acknowledge that your interactions with third parties are outside the scope of this policy, and AWRA cannot be held responsible for their practices.
2. Information We Collect
We collect information in several ways: directly from you when you sign up or interact with our system, automatically when you use our services, and through integrations with third-party providers you choose to connect. The information we collect may include personal details such as your name, email address, phone number, and organization details. In a multi-tenant environment, all users are linked to a specific tenant using a unique ID to ensure that business data is securely partitioned between organizations. Beyond personal details, we also process business records including procurement requests, quotations, invoices, check-ins, checkouts, and transaction histories that form the core of your operational activities within AWRA. When payments are made, limited financial information may be collected, such as billing addresses and transaction details, but sensitive payment data is always handled securely by trusted third-party processors like MPESA, Paystack and PayPal, rather than stored on our servers. In addition, we capture communication data including messages exchanged within the system, email logs related to procurement activities, and discussions between vendors and clients. Finally, technical information such as IP addresses, device types, operating systems, and activity logs is collected to improve performance, enhance security, and troubleshoot system issues.
3. How We Use Information
The information we collect is used exclusively for purposes that support the delivery and improvement of our services. Specifically, we use your data to authenticate your identity, enable secure access to your organization’s workspace, and manage the multi-tenant architecture of our platform. Business data such as procurement requests, vendor quotations, and invoices are processed to automate workflows and enable efficient record keeping. Our AI-driven procurement engine analyzes quotations to recommend the best vendors and purchasing decisions, reducing inefficiencies and enhancing value for your organization. Communication records are stored to provide an auditable trail of vendor negotiations and internal approvals. Technical data is analyzed to detect suspicious activity, prevent fraud, optimize performance, and ensure that the system runs reliably for all users. Where required by law, we may also process your data to comply with legal and regulatory obligations. Overall, our use of data is focused on making AWRA reliable, intelligent, and responsive to the needs of your organization.
4. Legal Basis for Processing
If you are located in regions governed by strict data protection laws such as the European Economic Area (EEA), our processing of your information is based on clearly defined legal grounds. These include your explicit consent, which you provide when signing up or agreeing to connect third-party services; the necessity of processing to deliver services under the contract we establish with you; our legitimate business interests in maintaining, securing, and improving our system; and compliance with applicable laws and regulations. In situations where we rely on legitimate interests, we carefully balance these against your rights and freedoms to ensure that your privacy is respected. You may withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.
5. Data Sharing & Disclosure
AWRA does not sell your personal data under any circumstances. However, there are limited scenarios in which we may share your information. Within your organization, your data may be visible to other authorized users under the same tenant so that business workflows can operate effectively. During procurement, certain information such as RFQs, quotations, and purchase orders may be shared with vendors to facilitate transactions. We also engage third-party service providers to deliver essential services including hosting, data storage, payment processing, and email delivery. These providers act strictly on our behalf under binding confidentiality agreements. In addition, we may disclose information if required to do so by law, court order, or government regulation, or in cases where such disclosure is necessary to protect our rights, prevent fraud, or ensure system security. In the event of a merger, acquisition, or restructuring, your data may be transferred to ensure continuity of services.
6. Data Security
Protecting your data is one of our highest priorities. We implement industry-standard security measures such as encryption of data both in transit and at rest, role-based access controls that restrict sensitive information to authorized personnel, multi-factor authentication to strengthen account security, and real-time monitoring systems that detect unusual or unauthorized activity. All data is stored on secure servers with strict access controls, and regular audits are conducted to identify and address vulnerabilities. While we work diligently to protect your information, it is important to note that no system can be guaranteed to be 100% secure. Users are encouraged to follow security best practices, such as choosing strong passwords and avoiding credential sharing, to help maintain the integrity of their accounts.
7. Data Retention
We retain your personal and business data only for as long as it is necessary to provide the services you request and fulfill the purposes described in this policy. When your account is active, data is retained to ensure continuity of your operations. If you terminate your account, we may still retain certain information for a limited period to comply with legal requirements, resolve disputes, or enforce agreements. For example, financial records such as invoices and payment histories may be stored for compliance with tax or accounting regulations. Once retention periods expire, your data is either securely deleted or anonymized so that it can no longer be linked to you or your organization.
8. Cookies & Tracking Technologies
AWRA uses cookies and similar technologies to enhance your user experience. Cookies allow us to maintain your session when you log in, remember your preferences, and provide personalized features. We also use tracking technologies to understand how users interact with our platform, which helps us identify popular features, troubleshoot issues, and make informed improvements. You can control the use of cookies at the browser level, and disabling them may affect the functionality of certain features within the system. Our use of cookies is strictly for functional and analytical purposes; we do not use them to serve third-party advertisements.
9. International Data Transfers
AWRA operates in Kenya but serves users globally. As a result, your data may be transferred to and stored on servers located in jurisdictions outside of your country of residence. Where such transfers occur, we ensure that adequate safeguards are in place, including contractual obligations with our service providers and adherence to recognized data protection frameworks. By using our services, you consent to the transfer of your data to other countries where privacy laws may differ but where equivalent protections are maintained.
10. Your Rights
Depending on your location, you may have rights under applicable data protection laws, including the right to access the data we hold about you, correct inaccuracies, request deletion of your personal data, restrict or object to certain types of processing, and receive your data in a portable format that can be transferred to another service. You also have the right to withdraw your consent to processing where it is based on consent. To exercise these rights, you may contact us at [email protected]. We will respond to your request within a reasonable timeframe and in accordance with applicable laws. Please note that some requests, such as deletion, may be subject to legal or operational requirements.
11. Children’s Privacy
AWRA is intended for use by organizations and businesses and is not designed for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such information. If you believe that a minor has provided personal information through our services, please contact us immediately.
12. Updates to This Policy
From time to time, we may update this Privacy Policy to reflect changes in our practices, technology, or legal obligations. When significant updates are made, we will notify you either through email or via system notifications, and the updated version will always be posted on our website. Your continued use of our services after updates are posted constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy periodically to stay informed about how we are protecting your data.
13. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please reach out to us using the details below. We take privacy concerns seriously and will respond to inquiries promptly.