PrintShopKE Paper Supplies

Privacy Policy

Effective date: 1 April 2026 · Last updated: 1 April 2026

PrintShopKE Paper Supplies (“we”, “us”, “our”) operates the website supplies.printshop.ke(the “Website”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit the Website or place an order. We are committed to protecting your privacy in accordance with the Kenya Data Protection Act, 2019(the “Act”) and subsidiary regulations.

By using the Website, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Website.

1. Information We Collect

1.1 Personal Data You Provide

When you create an account, place an order, or contact us, we may collect:

  • Full name
  • Email address
  • Phone number (mobile/M-Pesa number)
  • Delivery address (street, town/city, county, and any delivery instructions)
  • Company or organisation name (optional)
  • KRA PIN (for trade/wholesale customers requesting tax invoices)

1.2 Order & Transaction Data

  • Order history, items purchased, and order totals
  • Payment confirmation details (transaction IDs from M-Pesa, Airtel Money, or card payments). We do notstore full card numbers — all card processing is handled by iPay Africa.
  • Delivery tracking information

1.3 Usage & Analytics Data

We automatically collect certain technical data when you browse the Website, including:

  • IP address and approximate geolocation (country/city level)
  • Browser type and version, operating system, and device type
  • Pages visited, time spent on pages, and referral source
  • Click patterns and search queries on the Website

1.4 Cookies & Similar Technologies

We use cookies and local storage for the following purposes:

  • Essential cookies: Authentication tokens, session management, shopping cart persistence, and CSRF protection. These are necessary for the Website to function and cannot be disabled.
  • Analytics cookies: We may use privacy-friendly analytics tools to understand aggregate usage patterns. No personally identifiable information is shared with analytics providers.

You can manage cookie preferences through your browser settings. Disabling essential cookies may impair Website functionality.

2. How We Use Your Information

We process your personal data for the following lawful purposes under the Act:

  • Fulfilling orders: Processing payments, dispatching deliveries, and providing order status updates via email, SMS, or WhatsApp.
  • Customer support: Responding to your queries, processing returns and refunds, and resolving complaints.
  • Account management: Maintaining your account, order history, and saved delivery addresses.
  • Improving our service: Analysing usage patterns to enhance Website performance, product range, and user experience.
  • Legal compliance: Maintaining records as required by KRA for VAT purposes, and complying with court orders or regulatory requests.
  • Marketing (with consent): Sending promotional offers, new product alerts, and newsletters. You can unsubscribe at any time by clicking the link in any marketing email or by contacting us.

3. Data Sharing & Third Parties

We do not sell your personal data. We share information only with the following categories of trusted service providers, strictly to the extent necessary:

  • iPay Africa (payment gateway): Receives payment details to process M-Pesa, Airtel Money, Visa, and Mastercard transactions securely.
  • Delivery partners:Courier companies receive your name, phone number, and delivery address to fulfil shipments across Kenya's 47 counties.
  • Supabase (database hosting): Our application data is hosted on Supabase infrastructure with encryption at rest and in transit.
  • Vercel(website hosting): The Website is deployed on Vercel's global edge network. Server logs may contain IP addresses and are retained per Vercel's privacy policy.
  • Government authorities: We may disclose information if required by law, regulation, legal process, or governmental request.

All third-party providers are contractually required to handle your data securely and use it solely for the services they provide to us.

4. Data Security

We implement reasonable technical and organisational measures to protect your personal data, including:

  • HTTPS/TLS encryption for all data transmitted between your browser and our servers.
  • Encryption at rest for database records stored on Supabase.
  • Row-level security policies to prevent unauthorised access to account data.
  • Secure password hashing; we never store passwords in plain text.
  • Access controls limiting employee access to personal data on a need-to-know basis.

While we strive to protect your information, no method of electronic transmission or storage is 100 % secure. We cannot guarantee absolute security.

5. Data Retention

  • Account data:Retained for as long as your account is active, plus 12 months after deletion to resolve any outstanding queries.
  • Order & transaction records:Retained for a minimum of 7 years as required for KRA tax compliance.
  • Analytics data: Aggregated, non-identifiable analytics data may be retained indefinitely.
  • Marketing data:Removed within 30 days of your opt-out request.

6. Your Rights Under the Data Protection Act 2019

As a data subject under Kenyan law, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to our legal retention obligations.
  • Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing of your data for direct marketing purposes.

To exercise any of these rights, contact us at orders@printshop.ke. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya.

7. Children's Privacy

The Website is not directed at children under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete the information promptly.

8. Third-Party Links

The Website may contain links to third-party websites (e.g., our parent site www.printshop.co.ke, social media pages, or payment provider pages). We are not responsible for the privacy practices of external sites. We encourage you to review their privacy policies before submitting any personal information.

9. International Data Transfers

Some of our service providers (Supabase, Vercel) may process data on servers located outside Kenya. Where this occurs, we ensure appropriate safeguards are in place as required by the Data Protection Act 2019, including contractual obligations that provide an equivalent level of data protection.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this page periodically. Material changes may be communicated via email or a prominent notice on the Website.

11. Contact Us

If you have questions or concerns about this Privacy Policy, or wish to exercise your data protection rights, please contact us: