← kiokolabs.com
Privacy Policy
Effective July 4, 2026 · Last updated July 4, 2026
Kioko Labs (Nairobi, Kenya) runs kiokolabs.com and the monitoring service behind it. This policy says what we collect, why, and what we never touch. Short version: we hold the minimum needed to watch your listings and email you.
1. What we collect
- Contact data — your name, email address, and anything you include when you write to us.
- Watch data — ASINs, marketplace/external URLs you ask us to monitor, your store or brand name, alert preferences.
- Monitoring output — public prices, availability, timestamps, and screenshots of publicly visible listing pages.
- Billing data — plan, invoice history, payment status. Card payments are handled by our merchant of record / payment provider; card numbers never touch our systems.
- Server logs — standard web/access logs (IP, user agent, timestamp) kept for security and debugging.
2. What we never collect
We never ask for and will not accept your Seller Central login, marketplace API tokens, or any account credentials. All monitoring is done on publicly visible, logged-out pages. Please don't email us passwords.
3. Cookies & analytics
The public site sets no cookies and runs no third-party analytics or ad trackers. Magic-link status pages use the unguessable token in the URL itself, not cookies.
4. How we use data
- To run your watches and send you alerts and summaries (service email via our email delivery provider).
- To invoice and account for payments.
- To answer your messages.
- Occasional product/pricing updates if you're a customer or pilot — every email carries an opt-out honored within 10 business days (usually same day).
We do not sell, rent, or share your data with advertisers. Ever.
5. Processors we rely on
Hosting/infrastructure (VPS + CDN/DNS), email delivery, and — when card checkout is live — a merchant of record for payments. Each receives only what it needs to do its job.
6. Retention & deletion
- Free-watch data that doesn't convert is deleted within 30 days of the watch ending.
- Customer watch data and evidence packs are kept while your plan is active and for 90 days after, then deleted.
- Invoices are kept as long as tax law requires.
- Email [email protected] and we'll delete your data ahead of those schedules within 10 business days, minus what the law makes us keep.
7. Security
TLS on every page, least-privilege access (one founder, no data-touching staff), encrypted-at-rest backups, and unguessable per-customer tokens instead of shared dashboards.
8. Your rights
Access, correction, export, deletion, objection — email us and it happens. If you're in the EU/UK we honor GDPR-style requests for our processing as described here; under Kenya's Data Protection Act you have equivalent rights.
9. Changes & contact
Material changes are emailed to active customers 14 days ahead. Questions: [email protected].