Privacy Policy

Last updated: January 1, 2025

Our Commitment to Privacy

At AWRA Systems, we recognize that in the modern digital economy, data is your most valuable asset. Our architecture is built on a foundation of 'Privacy by Design,' ensuring that your organizational intelligence—from granular stock movements to high-level financial reconciliations—remains strictly within your control. We don't just secure your data; we prioritize operational sovereignty, empowering you to leverage Awra Intelligence Insights without compromising the confidentiality of your supply chain.

AWRA OpsHub System (“Aura”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring that your personal information is handled responsibly. This Privacy Policy explains in detail what information we collect, how we use it, how we secure it, and the rights you have regarding your data. Our goal is to be fully transparent about our practices and give you confidence in how your information is managed when you use our services. By accessing or using AWRA, you agree to the terms outlined here.

1. Scope of This Policy

This Privacy Policy applies to all platforms, products, and services offered under the AWRA Systems brand, including our web application, mobile applications, integrations, and related support services. It governs the collection, storage, use, disclosure, and transfer of personal and business data. It does not extend to third-party websites or applications that may be linked through our services, and we encourage you to review the privacy practices of those third parties separately, as they may differ significantly from our own. By continuing to use our services, you acknowledge that your interactions with third parties are outside the scope of this policy, and AWRA cannot be held responsible for their practices.

2. Information We Collect

We collect information in several ways: directly from you when you sign up or interact with our system, automatically when you use our services, and through integrations with third-party providers you choose to connect. The information we collect may include personal details such as your name, email address, phone number, and organization details. In a multi-tenant environment, all users are linked to a specific tenant using a unique ID to ensure that business data is securely partitioned between organizations. Beyond personal details, we also process business records including procurement requests, quotations, invoices, check-ins, checkouts, and transaction histories that form the core of your operational activities within AWRA. When payments are made, limited financial information may be collected, such as billing addresses and transaction details, but sensitive payment data is always handled securely by trusted third-party processors like MPESA, Paystack and PayPal, rather than stored on our servers. In addition, we capture communication data including messages exchanged within the system, email logs related to procurement activities, and discussions between vendors and clients. Finally, technical information such as IP addresses, device types, operating systems, and activity logs is collected to improve performance, enhance security, and troubleshoot system issues.

3. How We Use Information

The information we collect is used exclusively for purposes that support the delivery and improvement of our services. Specifically, we use your data to authenticate your identity, enable secure access to your organization’s workspace, and manage the multi-tenant architecture of our platform. Business data such as procurement requests, vendor quotations, and invoices are processed to automate workflows and enable efficient record keeping. Our Awra Intelligence Insights-driven procurement engine analyzes quotations to recommend the best vendors and purchasing decisions, reducing inefficiencies and enhancing value for your organization. Communication records are stored to provide an auditable trail of vendor negotiations and internal approvals. Technical data is analyzed to detect suspicious activity, prevent fraud, optimize performance, and ensure that the system runs reliably for all users. Where required by law, we may also process your data to comply with legal and regulatory obligations. Overall, our use of data is focused on making AWRA reliable, intelligent, and responsive to the needs of your organization.

4. Legal Basis for Processing

If you are located in regions governed by strict data protection laws such as the European Economic Area (EEA), our processing of your information is based on clearly defined legal grounds. These include your explicit consent, which you provide when signing up or agreeing to connect third-party services; the necessity of processing to deliver services under the contract we establish with you; our legitimate business interests in maintaining, securing, and improving our system; and compliance with applicable laws and regulations. In situations where we rely on legitimate interests, we carefully balance these against your rights and freedoms to ensure that your privacy is respected. You may withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.

5. Data Sharing & Disclosure

AWRA does not sell your personal data under any circumstances. However, there are limited scenarios in which we may share your information. Within your organization, your data may be visible to other authorized users under the same tenant so that business workflows can operate effectively. During procurement, certain information such as RFQs, quotations, and purchase orders may be shared with vendors to facilitate transactions. We also engage third-party service providers to deliver essential services including hosting, data storage, payment processing, and email delivery. These providers act strictly on our behalf under binding confidentiality agreements. In addition, we may disclose information if required to do so by law, court order, or government regulation, or in cases where such disclosure is necessary to protect our rights, prevent fraud, or ensure system security. In the event of a merger, acquisition, or restructuring, your data may be transferred to ensure continuity of services.

6. Data Security

Protecting your data is one of our highest priorities. We implement industry-standard security measures such as encryption of data both in transit and at rest, role-based access controls that restrict sensitive information to authorized personnel, multi-factor authentication to strengthen account security, and real-time monitoring systems that detect unusual or unauthorized activity. All data is stored on secure servers with strict access controls, and regular audits are conducted to identify and address vulnerabilities. While we work diligently to protect your information, it is important to note that no system can be guaranteed to be 100% secure. Users are encouraged to follow security best practices, such as choosing strong passwords and avoiding credential sharing, to help maintain the integrity of their accounts.

7. Data Retention

We retain your personal and business data only for as long as it is necessary to provide the services you request and fulfill the purposes described in this policy. When your account is active, data is retained to ensure continuity of your operations. If you terminate your account, we may still retain certain information for a limited period to comply with legal requirements, resolve disputes, or enforce agreements. For example, financial records such as invoices and payment histories may be stored for compliance with tax or accounting regulations. Once retention periods expire, your data is either securely deleted or anonymized so that it can no longer be linked to you or your organization.

8. Cookies & Tracking Technologies

AWRA uses cookies and similar technologies to enhance your user experience. Cookies allow us to maintain your session when you log in, remember your preferences, and provide personalized features. We also use tracking technologies to understand how users interact with our platform, which helps us identify popular features, troubleshoot issues, and make informed improvements. You can control the use of cookies at the browser level, and disabling them may affect the functionality of certain features within the system. Our use of cookies is strictly for functional and analytical purposes; we do not use them to serve third-party advertisements. For more detailed information on how we use these technologies, please see our Cookies Policy.

9. International Data Transfers

AWRA operates in Kenya but serves users globally. As a result, your data may be transferred to and stored on servers located in jurisdictions outside of your country of residence. Where such transfers occur, we ensure that adequate safeguards are in place, including contractual obligations with our service providers and adherence to recognized data protection frameworks. By using our services, you consent to the transfer of your data to other countries where privacy laws may differ but where equivalent protections are maintained.

10. Your Rights

Depending on your location, you may have rights under applicable data protection laws, including the right to access the data we hold about you, correct inaccuracies, request deletion of your personal data, restrict or object to certain types of processing, and receive your data in a portable format that can be transferred to another service. You also have the right to withdraw your consent to processing where it is based on consent. To exercise these rights, you may contact us at [email protected]. We will respond to your request within a reasonable timeframe and in accordance with applicable laws. Please note that some requests, such as deletion, may be subject to legal or operational requirements.

11. Children’s Privacy

AWRA is intended for use by organizations and businesses and is not designed for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such information. If you believe that a minor has provided personal information through our services, please contact us immediately.

12. Operational Transparency and Public Trust Resources

We maintain public trust documentation so buyers and administrators can evaluate our operational posture before and after onboarding. This includes our Trust Center, Security Whitepaper, SLA & Uptime, and Data Processing Addendum. We publish these resources to make governance conversations faster, more factual, and easier to map to internal policy checklists.

13. Privacy-by-Design Practices in Product Delivery

We apply privacy-by-design practices during planning, implementation, and release cycles. New features are evaluated for data minimization, role-bound visibility, retention behavior, and supportability under customer deletion or correction requests. We also prioritize practical controls that support real-world operations such as tenant separation, audit logging, and least-privilege access in sensitive workflows. These controls are not static; they are reviewed as product complexity grows and as regulatory expectations evolve.

14. Updates to This Policy

From time to time, we may update this Privacy Policy to reflect changes in our practices, technology, or legal obligations. When significant updates are made, we will notify you either through email or via system notifications, and the updated version will always be posted on our website. Your continued use of our services after updates are posted constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy periodically to stay informed about how we are protecting your data.

Last updated: January 1, 2025