Privacy Policy

We are committed to protecting your business data and personal information.

Last updated: January 1, 2026

1. Overview

Qoba ("we", "our", "us") operates *.qoba.io: a cloud-based, multi-tenant business management platform, and the Qoba POS mobile application. This Privacy Policy explains how we collect, use, store, and protect the information you provide when using our services.

By creating an account, or accessing any Qoba service, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

Qoba is designed for businesses. When your organisation signs up, you are both an account holder and the controller of any personal data you enter about your customers, suppliers, or employees.

2. Data We Collect

We collect two categories of data:

Account & Business Data

  • Business name, address, country, currency and contact information
  • Owner/admin details: name, email address, phone number
  • User accounts you create within your business (name, email, assigned role)
  • Subscription and billing details

Operational Data (entered by you)

  • Customer and supplier contact details (name, email, phone, address)
  • Products / inventory items and stock levels
  • Sales, purchases, expenses, stock transactions and payment transactions
  • Reports and analytics generated from your business activity
  • Business location details and settings
Data Type Description
Account Info Name, email, phone numbers
Business Data Products, sales, purchases, stock
Usage Data Login activity, feature usage, audit trail
Device Info App version, OS, device type

3. How We Use Your Data

We use the data we collect to:

  • Create and manage your Qoba account and business workspace
  • Provide, operate, and improve the Qoba platform and mobile app
  • Authenticate users and enforce role-based access permissions
  • Generate reports, analytics and business insights within your account
  • Process subscription payments and send billing notifications
  • Send important service notices (security alerts, downtime notices, policy updates)
  • Provide customer support when you contact us
  • Comply with legal obligations and prevent fraud or misuse
We do not sell your data or use your business transactions for advertising purposes.

4. Data Sharing

We do not sell, rent, or trade your personal or business data. We may share data only in the following circumstances:

  • Legal Requirements: If required by applicable law, court order or governmental authority, we may disclose information after making reasonable efforts to notify you.
  • Business Transfer: In the event of a merger, acquisition or asset sale, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
  • With Your Consent: We will share data for any other purpose only with your explicit consent.

5. Data Storage & Security

Your data is stored on secure cloud infrastructure. We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted storage for sensitive credentials and authentication tokens
  • Role-based access controls: only authorised personnel can access your data
  • Regular security reviews and vulnerability assessments
While we take strong precautions, we encourage you to use a strong password and keep your login credentials confidential.

6. Data Retention

We retain your account and business data for as long as your account is active or as needed to provide our services or as mandated by law. If you close your account or your account remains inactive:

  • We will delete or anonymise your personal data within 90 days
  • Some data may be retained longer where required by applicable law (e.g. financial records)
  • Backups may retain data for up to 30 additional days after the deletion window

You may request deletion of your data at any time by contacting us at [email protected].

7. Your Rights

Depending on your location, you may have the following rights over your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we restrict the processing of your data
  • Objection: Object to certain processing activities
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

8. Mobile App (Qoba POS)

The Qoba POS mobile application connects to your Qoba account over HTTPS. The app:

  • Requires an internet connection to communicate with your business account
  • Stores your authentication token securely on the device using encrypted storage
  • Does not access your camera, microphone, contacts, SMS, or location
  • Does not collect data beyond what is needed to operate your business account
  • Does not include third-party advertising SDKs

Uninstalling the app removes locally stored credentials. Your business data remains in your account on the server and can be accessed again upon reinstallation.

9. Cookies

The Qoba web application (app.qoba.io) uses the following cookies:

  • Session cookies: Required to keep you signed in while using the platform
  • Performance diagnostics: Anonymous usage statistics to improve the platform (e.g. page access, feature usage: no personally identifiable data)

You can disable cookies in your browser settings, though some features may not function correctly without session cookies.

10. Children's Privacy

Qoba is a business-oriented platform intended for use by adults (18 years and over) operating legitimate businesses. We do not knowingly collect personal information from children under the age of 18. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to remove that information.

11. Prohibited Use & Termination

Qoba strictly prohibits the use of our platform for any illegal activities. You may not use Qoba to operate businesses that are unlawful, or to sell illegal goods, services, or items restricted by applicable regulations.

We reserve the right to monitor account activity. In the event of bad faith use, violation of these terms, or engagement in illegal operations, we maintain the immediate right to suspend or permanently ban the user and/or the business entity from the Qoba platform without prior notice.

12. Indemnity

By using the Qoba platform, you acknowledge that you are solely responsible for all data, operations, and transactions conducted within your account.

The business owner or entity agrees to indemnify, defend, and hold Qoba harmless from any claims, damages, liabilities, disruptions, or harm arising from your use of the system, any breach of these terms, or any violation of applicable laws. Qoba shall not be held liable for any data loss, operational disruption, or damages incurred as a result of your business operations or platform use.

13. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable laws. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify active account holders via email or an in-app notice

Your continued use of Qoba after any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

We're here to help

Our team will respond to all privacy inquiries within 30 days.

[email protected]

You can also write to us at:
Qoba
Nairobi, Kenya
https://qoba.io