Logo

eutopiantech PRIVACY POLICY

Date: October 2025

1. INTRODUCTION

eutopiantech Limited and its representatives from time to time (together, and each of them

as the context may require,

"eutopiantech,

" "we,

" or "us") are a forward-thinking software

development company based in Kenya. Our mission is to bridge ideas with powerful,

scalable, and elegant digital solutions. We provide services ("Services") including custom

Web and Mobile Application Development, System Integration, and Dashboard/Admin

Panel creation for individuals, businesses, institutions, and any other user of our Services

("Users" or "you").

This Privacy Policy is intended for individuals using our Services and provides information

about how we process your personal information. Additional information on the use of our

Services is provided in our Terms of Service. By using our Services, you acknowledge and

agree to have read, understood, and accepted this statement.

Please refer to the relevant section(s) of this policy to get the information applicable to the

Services you are using—see the Table of Contents.

eutopiantech PRIVACY POLICY

1. INTRODUCTION

2. WHAT IS PERSONAL DATA?

3. eutopiantech’s COMMITMENT

5. eutopiantech’S PRODUCTS AND SERVICES

A. Our Websites and Digital Communication

B. Custom Software Development Services

C. Account Management and Authentication

6. WHERE IS PLATFORM DATA PROCESSED?

7. WHO DO WE SHARE DATA WITH?

8. WHAT RIGHTS DO YOU HAVE?

9. CONTACT AND COMPLAINTS

10. UPDATES TO THIS POLICY

2. WHAT IS PERSONAL DATA?

Personal Data is any information that can be traced back to an individual User who is a

natural person. Examples include your name, email address, phone number, and IP

address.

Sensitive Personal Data is information considered "special" in certain jurisdictions (e.g.,

racial/ethnic origin, religious beliefs, health data, or biometric data). We strictly DO NOT

collect or process Sensitive Personal Data. To safeguard personal data, it may be

pseudonymized or anonymized where possible.3. eutopiantech’s COMMITMENT

We recognize our responsibilities regarding the privacy, confidentiality, and transparency of

personal data processing. eutopiantech endeavors to process your personal data carefully,

securely, and confidentially.

eutopiantech endorses the Kenya Data Protection Act, 2019 (KDPA) and further observes

the principles of the European General Data Protection Regulation (GDPR) and other

applicable international data protection laws (together the “Data Protection Laws”). We

design our Services to ensure we process personal data with a legal basis and in

accordance with the purpose for processing, while respecting your right to privacy.

We are the Data Controller for the personal data collected via our website and marketing

channels. We act as a Data Processor when developing custom solutions for our clients, in

which case the client is the Data Controller.

4. HOW DO WE PROTECT YOUR DATA?

Your personal data will be treated confidentially and will only be processed for the purpose of

providing and improving our Services. We use industry-standard technical and

organizational measures to secure the information we store.

We use (sub)processors (like cloud hosting providers) who have privacy/security

policies and offer a data processing agreement safeguarding data privacy.

We only retain data for as long as is necessary for the purposes outlined in this policy

or as legally required (e.g., for tax or accounting).

While we implement safeguards designed to protect your information, no security system is

impenetrable. Transmission of personal information to and from our Services is at your

own risk. We encourage Users to take responsibility for securing their login credentials and

devices.

5. eutopiantech’S PRODUCTS AND SERVICES

A. Our Websites and Digital Communication

This section applies when you visit our website (www.eutopiantech.com), engage with our

sales/marketing content, or contact us via email.

Item Details

Our Role Data ControllerData

Processed &

Why

Contact Data: Names, email addresses, phone numbers, and

company information provided via forms or direct inquiry. Purpose:

To respond to your inquiries, provide information about our Services,

and manage sales leads. Usage Data: IP address, browser type,

operating system, and pages viewed. Purpose: To monitor website

performance, ensure security, and improve user experience.

Legal Basis Our Legitimate Interest in running and improving our marketing

channels and performing pre-contractual steps in response to your

request.

Data

Retention

For as long as you have an active relationship with us, and

thereafter as necessary for our business records or legal

compliance. Marketing preferences are retained for a reasonable

period after you opt out.

B. Custom Software Development Services

This section applies when you engage us to develop a custom solution (web app, mobile

app, system integration, etc.).

Item Details

Our Role Data Processor on behalf of our client (the Data Controller).

Data

Processed &

Why

We process data as instructed by our client per the service

agreement. This may include user identifiers (names, emails) and

transactional data related to the client's system. Purpose: To build,

test, deploy, and maintain the custom digital solution for our client.

Legal Basis Our Contractual Obligation (to the client) and the client's legal

basis (which they must provide to you).

Data

Retention

As instructed by the client, the Data Controller.C. Account Management and Authentication

This section applies if you register an account on a platform provided by eutopiantech.

Item Details

Data

Processed &

Why

Account Data: Names, email addresses, usernames, and

passwords (stored securely/hashed). Purpose: To facilitate account

creation, authentication, and access to services. Social Login Data:

If you use social media to log in (e.g., Facebook, X), we receive

profile information (name, email) as described in Section 6.

Legal Basis Performance of a Contract (Terms of Service) and our Legitimate

Interest in securing user accounts.

6. WHERE IS PLATFORM DATA PROCESSED?

We utilize modern cloud hosting and development tools.

We host our internal systems and client solutions primarily on secure cloud servers like AWS

(Amazon Web Services) utilizing a range of database technologies including SQL, MongoDB,

Firebase, and PostgreSQL for reliable and scalable data management. We aim to use servers

located in the European Union (EU) or other secure jurisdictions. We utilize third-party

services (like payment processors and analytics tools) that may process data in various

locations, including the United States of America. In all cases involving international data

transfers, we implement Standard Contractual Clauses (SCCs) or other legal mechanisms

to ensure data privacy is protected in line with Data Protection Laws.

7. WHO DO WE SHARE DATA WITH?

We may share your personal information in specific situations and with specific third parties:

Service Providers: We share data with third-party vendors, consultants, and service

providers (e.g., hosting providers like AWS, payment processors like Paystacks)

who perform services for us or on our behalf.

Business Transfers: We may share or transfer your information in connection with

any merger, sale of company assets, financing, or acquisition.

Legal Compliance: We may disclose your information where we are legally required

to do so to comply with applicable law, governmental requests, a judicial proceeding,

court order, or legal process.We DO NOT sell or share your personal information with third parties for their direct

marketing purposes.

8. WHAT RIGHTS DO YOU HAVE?

Depending on your geographical location (e.g., Kenya, EU/UK, Canada, or certain US

States), you have specific rights concerning your personal data.

Jurisdiction Right Action

All Users Right to Access Request a copy of the data we hold

about you.

All Users Right to

Rectification

Request correction of inaccurate or

incomplete data.

Kenya (KDPA) &

EU/UK (GDPR)

Right to Erasure Request deletion of your personal data

under certain circumstances (e.g., data

is no longer necessary).

EU/UK & Canada Right to Withdraw

Consent

Withdraw any consent you previously

gave us at any time.

EU/UK Right to Data

Portability

Receive your data in a portable format.

Certain US

States

Right to Opt-Out Opt out of the processing of your

personal data for targeted advertising,

sale, or profiling.

To exercise any of these rights, please contact us using the details in Section 9. We will

respond to your request in accordance with applicable Data Protection Laws.

9. CONTACT AND COMPLAINTSIf you have questions or comments about this policy or wish to exercise your rights, you may

contact us via:

Method Details

Email support@eutopiantech.com

Post eutopiantech, Nairobi, 16350, Kenya

If you are located in Kenya and believe we are unlawfully processing your personal

information, you have the right to lodge a complaint with the Office of the Data Protection

Commissioner (ODPC). If you are in the EU/UK, you may file a complaint with your

Member State's Data Protection Authority or the UK Information Commissioner's Office

(ICO).

10. UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated

by an updated "Date" at the top of this document. If we make material changes, we may

notify you either by prominently posting a notice of such changes or by directly sending you

a notification. We encourage you to review this policy frequently.

DRAWN BY:

CLARET AMASAKHA,

Email: kioi@kioilaw.africa

P105 NUMBER: P.105/25357/25

NAIROBI.