Privacy Policy

1. What we collect

When you use follower.co.ke, we collect:

• Account data: email address, username, password (hashed)
• Order data: social media profile URLs/usernames you submit with orders
• Payment data: transaction reference numbers. We do not store card numbers — payments are handled by PCI-DSS compliant processors
• Usage data: IP address, browser type, pages visited, for security and analytics

2. How we use your data

• To create and manage your account
• To process and deliver your orders
• To send transactional emails (order confirmations, support replies)
• To detect and prevent fraud and abuse
• To improve the platform (anonymised analytics)

3. Data sharing

We do not sell your personal data. We share data only with:

• Payment processors (Safaricom/M-Pesa, Visa/Mastercard) — to process transactions
• Upstream SMM suppliers — only the social media URL/username needed to fulfil an order
• Legal authorities — if required by law

4. Cookies

We use strictly necessary cookies to keep you logged in and session cookies for security. No third-party advertising cookies.

5. Data retention

Account data is retained for the life of your account plus 2 years after deletion (for legal compliance). Order logs are retained for 5 years for financial record-keeping.

6. Your rights

You have the right to access, correct, or delete your personal data. To exercise these rights, open a support ticket or email privacy@follower.co.ke. We will respond within 30 days.

7. Security

We use HTTPS everywhere, bcrypt for password hashing, and industry-standard access controls. No system is 100% secure; please use a strong unique password.

8. Changes

We may update this policy. Material changes will be notified by email or dashboard banner. Continued use after changes constitutes acceptance.

9. Contact

Privacy questions: support ticket or privacy@follower.co.ke.