Legal Document

Privacy Policy

We collect only what we need, use it only to run SarafuPay, and never sell your data to anyone.

Last updated: May 2026No advertising · No data selling
1

Overview

SarafuPay ("we", "us", "our") is committed to handling your personal information responsibly and transparently. This Privacy Policy explains what data we collect, why we collect it, and how it is used when you create an account, manage a collection, or contribute to one.

By using SarafuPay you agree to the collection and use of information in accordance with this policy. We do not ask for unnecessary sensitive data, we do not sell your personal data to third parties, and we do not use your data for advertising.

2

Information We Collect

We collect the following types of information:

Account information

  • Full name
  • Email address
  • Phone number (optional for Google sign-in users)
  • Password — stored as a secure bcrypt hash, never in plain text

Collection pages

  • Project title, description, type, target amount
  • Payment link slug and visibility settings
  • Contribution plans and schedules

Technical data

  • IP address via standard server logs
  • Browser and device type via HTTP headers
  • Timestamps of account actions and logins
3

Google Sign-In Data

If you choose to sign in or register using Google, we receive a limited set of information from Google as part of the OAuth 2.0 authentication process:

  • Your name (as set in your Google account)
  • Your verified email address
  • A unique Google account identifier (used to link your SarafuPay account to your Google account)

We do not request or receive access to your Google contacts, Gmail, Drive, Calendar, or any other Google service. We do not see your Google password.

Your Google password is handled entirely by Google. You can revoke SarafuPay's access to your Google account at any time by visiting Google Account Permissions.

Using Google Sign-In is optional. You can register with an email address and password at any time.

4

Payment Records

When a contributor pays through a SarafuPay collection link, we store the following payment record information:

  • Payer name, phone number, and email — as provided at the Snippe checkout
  • Payment amount, currency, and status (completed, failed, expired, or cancelled)
  • Payment reference numbers from Snippe
  • Timestamp of the payment
  • Optional message from the payer
  • The month or period the payment is for (for monthly contribution collections)
SarafuPay does not store card numbers, M-Pesa PINs, or any sensitive payment credentials. This information is handled entirely by Snippe and is subject to their security and privacy policies.
5

Cookies & Auth Tokens

SarafuPay uses a single HTTP-only session cookie to keep you logged in after authentication. This cookie:

  • Is set only after a successful login or Google sign-in
  • Is not accessible to JavaScript (HTTP-only flag prevents XSS theft)
  • Is transmitted only over HTTPS in production (Secure flag)
  • Expires automatically after 7 days of inactivity
  • Is immediately removed when you click Log Out

The only additional short-lived cookie used is a temporary state token during Google OAuth sign-in, which is deleted as soon as the sign-in is complete.

We do not use advertising cookies or marketing trackers. SarafuPay uses PostHog for product analytics, which may store an anonymous session identifier in your browser. See the Analytics & Tracking section for full details.

6

How We Use Your Data

We use your data only for the following purposes:

  • Creating and managing your account
  • Processing and tracking payment contributions to your collection pages
  • Displaying payment records in your dashboard and CSV exports
  • Linking your Google account to your SarafuPay account (if you use Google sign-in)
  • Detecting and preventing fraud or misuse of the platform
  • Responding to support requests
  • Sending essential service notifications, such as payment confirmations
  • Understanding how SarafuPay is used so we can improve it (via PostHog analytics — see section 8)

We do not use your data for marketing emails, targeted advertising, or profiling. We do not sell or rent your data to any third party.

7

Third-Party Services

SarafuPay relies on the following third-party services to operate. Each service has its own privacy policy and security practices:

Snippe (payment processing)

  • Handles all M-Pesa and card payments on behalf of SarafuPay
  • Receives payer checkout data (name, phone, email) during a transaction
  • Sends a verified webhook notification to SarafuPay once a payment is confirmed
  • Governs refunds, disputes, and payment credential security

Google OAuth (optional sign-in)

  • Used only when you choose 'Continue with Google'
  • Shares your name, email, and account ID with SarafuPay
  • Does not share passwords, contacts, or other Google data

PostHog (product analytics)

  • Used to understand page visits, traffic sources, and product usage
  • Configured with autocapture disabled — we control exactly what is tracked
  • All form inputs are masked — PostHog never sees what you type
  • No passwords, payment credentials, or personal identifiers are sent to PostHog
  • See section 8 for full details

MongoDB Atlas (database)

  • Stores all SarafuPay account, collection, and payment data
  • Access-controlled, encrypted at rest, hosted on secure cloud infrastructure

DigitalOcean App Platform (backend hosting)

  • Runs the SarafuPay server application
  • Processes API requests and webhook events

Vercel (frontend hosting)

  • Serves the SarafuPay web application
  • Does not store or process personal data beyond standard CDN and edge caching
8

Analytics & Tracking

We use PostHog (posthog.com) to understand how SarafuPay is used — for example, which pages are visited, where visitors come from, and which features are most used. This helps us improve the product for everyone.

What PostHog may collect:

  • Page URLs visited and the order in which they were visited
  • Traffic source — for example, whether you arrived from a link, search, or social media
  • Browser type, device type, and approximate location (country level only)
  • An anonymous session identifier stored in your browser (cookie or local storage)
  • Which features or buttons were clicked — only those we explicitly choose to track

What PostHog never collects on SarafuPay:

  • Passwords or password hashes
  • Payment credentials, M-Pesa PINs, or card numbers
  • Session tokens, auth cookies, or any authentication secrets
  • Form input values — all inputs are masked before any data is sent
  • Your email address, phone number, or full name
  • Any personally identifiable information beyond an anonymous internal ID

Session replay:

Session replay (a recording of how you navigate the screen) may be used to help us understand usability issues. When active, all input fields are automatically masked. Session replay is completely disabled on the following pages:

  • /pay/** — all payment checkout pages
  • /payment/** — all payment processing pages
  • /dashboard/profile — your profile and settings
  • /login — the sign-in page
  • /register — the account creation page
PostHog analytics is configured with autocapture disabled — this means PostHog does not automatically record every click or keystroke on the page. Only specific events that we deliberately choose to track are ever sent.

PostHog may store an anonymous session identifier in your browser using a cookie or local storage entry. This identifier is used for analytics purposes only and is not linked to your SarafuPay account or any personal data we hold about you.

If you have any questions about what analytics data is collected or how it is used, please contact us at support.sarafupay@gmail.com.

9

Data Protection

We take reasonable technical and organisational measures to protect your data:

  • All data is transmitted over HTTPS (TLS encryption in transit)
  • Passwords are hashed using bcrypt — we cannot retrieve your plain-text password
  • The session cookie is HTTP-only and Secure-flagged to prevent interception
  • Database access is restricted by role-based access controls
  • No sensitive payment credentials (card numbers, PINs) are stored by SarafuPay
  • Admin accounts have separate access controls from regular member accounts
  • Analytics is configured to mask all inputs and exclude sensitive pages

No system can guarantee absolute security. If you believe your account has been compromised, please contact us immediately at the address below so we can take action.

10

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your account and associated personal data
  • Withdraw consent for data processing where consent is the legal basis
  • Revoke Google sign-in access at any time via Google Account settings

We retain your account and payment data for as long as your account is active. If you request account deletion, your personal information will be removed within 30 days, except where retention is required by law (for example, financial transaction records).

To exercise any of these rights, contact us using the details in the next section.

11

Contact

For any privacy-related questions, requests, or concerns — including questions about analytics data — please contact us:

We aim to respond to all privacy enquiries within 3 business days. For urgent security concerns, please include "Security" in your email subject line.