Download PDF

BEATBNK PRIVACY POLICY

YOUR LIFE. YOUR STYLE. YOUR BEAT.

Last Updated: November 28, 2025

TABLE OF CONTENTS

  1. Introduction
  2. Data Controller Information
  3. Information We Collect
  4. How We Use Your Information
  5. Legal Basis for Processing
  6. How We Share Your Information
  7. Data Security
  8. Data Retention
  9. Your Rights Under Kenyan Law
  10. Cookies and Tracking Technologies
  11. Children's Privacy
  12. Changes to This Privacy Policy
  13. Contact Information

1. INTRODUCTION

1.1 Our Commitment to Privacy

At BeatBnk, we take your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Super Lifestyle App - including both the Black App (for consumers) and the Purple App (for partners).

Core Privacy Principles:

  • Transparency: We're clear about what data we collect and why
  • Control: You decide how your data is used
  • Security: We protect your information with industry-leading measures
  • Trust: We never sell your personal data to third parties

1.2 Compliance

This Privacy Policy complies with:

  • Data Protection Act, 2019 (Kenya)
  • International data protection best practices
  • Apple App Store and Google Play Store requirements
  • Payment Card Industry Data Security Standards (PCI-DSS)

1.3 Scope

This policy applies to:

  • BeatBnk Black App (Consumer App)
  • BeatBnk Purple App (Partner App)
  • BeatBnk website (www.beatbnk.com)
  • All related services and features

1.4 Acceptance

By using BeatBnk, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use, and sharing of your information as described.

2. DATA CONTROLLER INFORMATION

2.1 Who Controls Your Data

Data Controller:

BeatBnk Limited
Jahazi Building, James Gichuru, Lavington
Nairobi, Kenya
Registration No: PVT-DLUPA85G

Data Protection Officer:

Email: privacy@beatbnk.com

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

3.1.1 Account Information

For All Users:

  • Full legal name
  • Email address
  • Mobile phone number
  • Date of birth
  • Password (encrypted)
  • Profile picture
  • Gender
  • Location/city
  • ID/Passport

For Partners (Purple App):

Venues:

  • Business registration details
  • Tax identification number (KRA PIN)
  • Business licenses and permits
  • Insurance certificates
  • Banking information (for payouts)
  • Authorized representative details

Artists/DJs:

  • Artist/stage name
  • Real name
  • Portfolio and work samples
  • Performance history
  • Government-issued ID (for verification)
  • Banking details (for payouts)

Event Organizers:

  • Organization details
  • Business licenses and permits
  • Contact information
  • Payment details

3.1.2 Transaction Information

  • Booking Details: Event tickets, table reservations, travel bookings, venue stays
  • Payment Information: Card details (tokenized), M-Pesa numbers, transaction history
  • Tipping Data: Tip amounts, recipients, timestamps, optional messages
  • Song Requests: Request details, artist names, song titles, attached tips

3.1.3 Content You Create

  • Reviews and Ratings: Text reviews, photos, videos
  • Posts and Social Content: Stories, reels, photos, videos, captions
  • Comments and Messages: Public comments, chat conversations
  • Venue Check-ins: Location tags, timestamps

3.1.4 Communications

  • Customer support inquiries
  • Feedback and surveys
  • Email correspondence
  • In-app chat messages

3.2 Information Collected Automatically

3.2.1 Device Information

  • Device Identifiers: Device ID, advertising ID
  • Device Type: Phone model, manufacturer, operating system version
  • Network Information: IP address, mobile carrier, connection type

3.2.2 Usage Data

  • App Interactions: Features used, screens viewed, buttons clicked, time spent
  • Search Queries: Keywords, filters applied, search results clicked
  • Browse History: Events viewed, venues visited, content interactions
  • Performance Data: App crashes, errors, load times, responsiveness

3.2.3 Location Data

With Your Permission:

  • Precise Location (GPS): Real-time latitude/longitude coordinates
  • Approximate Location (IP-based): City-level location data

Location Uses:

  • Show nearby venues, events, and experiences
  • Enable DJ check-ins for live sessions
  • Provide location-based recommendations
  • Analyze popular areas and trends
  • Improve venue search accuracy
  • Facilitate user connection through the match-making feature

You can disable location services in your device settings, but this may limit certain features.

3.2.4 Cookies and Similar Technologies

  • Session Cookies: Maintain logged-in state
  • Preference Cookies: Remember your settings and choices
  • Analytics Cookies: Understand how you use BeatBnk
  • Advertising Cookies: Deliver relevant ads (with consent)

See Section 10 for detailed cookie information.

3.3 Information from Third Parties

3.3.1 Payment Providers

  • Transaction confirmation status
  • Payment method verification
  • Fraud prevention data

Payment Partners: M-Pesa (Safaricom), Visa, Mastercard, Paystack – a licensed payments provider by the Central Bank of Kenya, bank partners

3.3.2 Identity Verification Services

  • Government ID verification results
  • Biometric verification (where applicable)
  • Business registration confirmations

3.3.3 Analytics and Advertising Partners

  • Aggregated usage statistics
  • Campaign performance data
  • Audience insights
  • Attribution data

Partners: Google Analytics, Firebase

3.4 Sensitive Personal Data

We generally do NOT collect sensitive personal data such as:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Health information

4. HOW WE USE YOUR INFORMATION

4.1 Provide and Improve Our Services

4.1.1 Core Platform Functions

  • Account Management: Create and maintain your account
  • Bookings: Process event tickets, table reservations, and travel bookings
  • Payments: Process transactions, tips, and payouts
  • Tipping: Facilitate tips to artists, DJs, MCs
  • Song Requests: Manage requests during live DJ sessions
  • Communications: Send booking confirmations, receipts, and service updates

4.1.2 Personalization and Recommendations

  • Personalized Feed: Show events and venues matching your interests
  • Smart Recommendations: Suggest events based on your history and preferences
  • Targeted Notifications: Alert you to relevant events and offers
  • Customized Experience: Tailor app interface to your preferences

4.1.3 Platform Improvement

  • Analytics: Understand how users interact with features
  • Bug Fixes: Identify and resolve technical issues
  • Performance Optimization: Improve app speed and reliability
  • New Features: Develop and test new functionality
  • A/B Testing: Compare different versions to improve user experience

4.2 Safety and Security

  • Fraud Prevention: Detect and prevent fraudulent transactions
  • Account Security: Monitor for unauthorized access
  • Identity Verification: Confirm identity of users and partners
  • Content Moderation: Remove inappropriate or harmful content
  • Dispute Resolution: Investigate and resolve user disputes
  • Legal Compliance: Comply with laws and legal processes in Kenya

4.3 Marketing and Communication

With Your Consent:

  • Promotional Emails: Event recommendations, special offers, new features
  • SMS Notifications: Last-minute deals, booking reminders
  • Push Notifications: Real-time updates about events and tips
  • Targeted Advertising: Show relevant ads on BeatBnk and partner platforms

Transactional Communications (Always Sent):

  • Booking confirmations and receipts
  • Payment notifications
  • Account security alerts
  • Service announcements
  • Legal notices

You can opt out of marketing but will still receive essential transactional messages.

4.4 Analytics and Research

  • Usage Trends: Understand popular events, venues, and features
  • Demographic Insights: Aggregate data on user preferences by age, location
  • Market Research: Identify opportunities for new features or partnerships
  • Business Intelligence: Help partners understand their audiences

Analytics are typically anonymized or aggregated to protect individual privacy.

4.5 Partner-Specific Uses

4.5.1 For Venues

  • Booking Management: Track reservations and event approvals
  • Analytics Dashboard: Provide insights on bookings, reviews, and engagement
  • Audience Insights: Show demographic data of venue visitors
  • Performance Metrics: Track content engagement and visibility

4.5.2 For Artists/DJs/MCs

  • Live Session Management: Enable song requests and tips during performances
  • Earnings Tracking: Calculate and display tip income
  • Performance Summaries: Provide post-session statistics
  • Portfolio Display: Showcase work to potential fans and clients

4.5.3 For Event Organizers

  • Event Management: Create, edit, and publish events
  • Ticketing: Manage ticket sales and inventory
  • Revenue Tracking: Monitor ticket sales and earnings
  • Booking Requests: Facilitate venue booking communications

Under Kenya's Data Protection Act, 2019, we process your personal data based on:

When You Explicitly Agree:

  • Marketing communications
  • Location tracking for recommendations
  • Optional data collection (e.g., preferences surveys)

You can withdraw consent at any time through app settings or by contacting us.

5.2 Contract Performance

To Provide Services You've Requested:

  • Processing your bookings and payments
  • Managing your account
  • Facilitating tips and song requests
  • Fulfilling partner obligations

Processing is necessary to perform our contractual obligations to you.

To Comply with Laws:

  • Tax reporting and withholding
  • Anti-money laundering (AML) checks
  • Know Your Customer (KYC) verification
  • Responding to lawful government requests
  • Court orders and legal processes

5.4 Legitimate Interests

For Our Business Purposes:

  • Fraud prevention and security
  • Platform improvement and analytics
  • Direct marketing (where permitted)
  • Network and information security
  • Business development and partnerships

We balance our interests against your rights and freedoms, ensuring processing is fair and proportionate.

6. HOW WE SHARE YOUR INFORMATION

6.1 With Other Users

6.1.1 Public Information

Visible to All Users:

  • Display name and profile picture
  • Public reviews and ratings
  • Posts, stories, and reels
  • Comments on public content
  • Follower/following lists

6.1.2 Booking Information

Shared with Venues/Organizers:

  • Your name (for guest list)
  • Contact information (for booking communications)
  • Number of tickets/seats
  • Special requests or notes

6.1.3 Tipping Information

Shared with Tip Recipients:

  • Your display name (unless you tip anonymously)
  • Tip amount
  • Optional message
  • Timestamp

Artists/DJs/MCs can see who tipped them (unless anonymous) to thank supporters.

6.2 With Service Providers

We share data with trusted third-party service providers who help us operate BeatBnk:

6.2.1 Payment Processors

  • M-Pesa (Safaricom): Mobile money transactions
  • Payment Gateways: Card processing (Paystack)
  • Banking Partners: Bank transfers and payouts

Payment data is encrypted and tokenized. We do not store your full card details.

6.2.2 Cloud Hosting and Storage

  • Amazon Web Services (AWS): Data storage and hosting
  • Google Cloud Platform: Backup and redundancy
  • Content Delivery Networks (CDNs): Fast content delivery

Data is encrypted in transit and at rest.

6.2.3 Communication Services

  • Email Services: Mailchimp (transactional and marketing emails)
  • SMS Providers: Twilio (booking confirmations, OTP)
  • Push Notifications: Firebase Cloud Messaging (in-app alerts)

6.2.4 Analytics and Insights

  • Google Analytics and Firebase: App usage statistics

Analytics data is often anonymized or aggregated.

6.2.5 Customer Support

  • Live Chat: Real-time customer assistance

All service providers are bound by strict confidentiality agreements and data protection obligations.

6.3.1 Law Enforcement and Government

We may disclose information when legally required:

  • In response to court orders or subpoenas
  • To comply with lawful government requests
  • To investigate potential legal violations
  • To protect against legal liability

6.3.2 Kenya Revenue Authority (KRA)

  • Transaction records as required by tax laws

6.3.3 Office of the Data Protection Commissioner

  • Upon lawful request for compliance audits
  • In response to data protection inquiries

6.4 Business Transfers

After consent, in the event of:

  • Merger or acquisition
  • Sale of company assets
  • Bankruptcy or reorganization

6.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you:

  • Industry reports and trends
  • Market research
  • Academic studies
  • Business development partnerships

This data does not identify individual users.

6.6 What We DO NOT Do

We NEVER:

  • Sell your personal data to third parties
  • Share your data with advertisers in identifiable form
  • Provide your data to data brokers

7. DATA SECURITY

7.1 Security Measures

We implement industry-standard security measures to protect your data:

7.1.1 Technical Safeguards

Encryption:

  • In Transit: SSL 256-bit encryption for all data transmissions
  • At Rest: AES-256 encryption for stored data

Secure Payment Processing:

  • PCI-DSS Level 1 compliant payment gateways
  • Fully licensed payments processing partner (Paystack)
  • Tokenization of card information
  • No storage of full card details

Access Controls:

  • Role-based access permissions
  • Multi-factor authentication (MFA) for staff
  • Regular access audits

Network Security:

  • Firewalls and intrusion detection systems
  • DDoS protection
  • Regular security patching

7.1.2 Organizational Safeguards

  • Staff Training: Data protection and security training for all employees
  • Confidentiality Agreements: All staff and contractors sign NDAs
  • Background Checks: Screening for employees with data access
  • Incident Response Plan: Procedures for handling security breaches
  • Regular Audits: Internal and external security assessments

7.1.3 Physical Security

  • Data Centers: Secure, access-controlled facilities
  • Video Surveillance: Monitoring of physical premises
  • Environmental Controls: Fire suppression, climate control

7.2 Your Security Responsibilities

You can help protect your account by:

  • Using a strong, unique password (at least 8-16 characters, mixed case, numbers, symbols)
  • Enabling two-factor authentication (2FA)
  • Not sharing your login credentials
  • Logging out of shared devices
  • Keeping your device and apps updated
  • Being cautious of phishing attempts

7.3 Data Breach Notification

If a data breach occurs:

  • We will notify you within 72 hours of discovery
  • Notification will include:
    • Nature of the breach
    • Data affected
    • Potential consequences
    • Actions we're taking
    • Steps you should take
  • We will notify the Office of the Data Protection Commissioner as required
  • We will provide ongoing updates as we learn more

8. DATA RETENTION

8.1 How Long We Keep Your Data

We retain personal data to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

8.2 Retention Periods

Data TypeRetention PeriodReason
Account InformationActive account + 1 year after closureCustomer service, legal compliance
Transaction Records7 yearsTax law requirements (Kenya Income Tax Act)
Payment InformationCard validity period + 90 daysPayment disputes, refunds
KYC/Verification DocumentsAccount lifetime + 7 yearsRegulatory compliance, AML/CFT
Marketing DataUntil consent withdrawnMarketing purposes
Customer Support Tickets3 yearsService quality, dispute resolution
Analytics DataLifetime + 26 months after closurePlatform improvement, trend analysis
Content (Reviews, Posts)Account lifetime + 1 year after closurePlatform integrity, content moderation
Chat Messages1 yearDispute resolution, safety
Location Data90 days (unless needed for active features)Recommendations, analytics
Log Files90 daysSecurity, troubleshooting

We may retain data longer if:

  • Required by law or regulation
  • Needed for ongoing legal proceedings
  • Necessary to establish, exercise, or defend legal claims
  • Required for regulatory investigations

8.4 Anonymization

After retention periods expire:

  • Personal identifiers are removed or anonymized
  • Data shall be retained in aggregate, anonymized form for analytics and research
  • Anonymized data cannot be used to identify you

8.5 Deletion Upon Request

You have the right to request deletion of your data (see Section 9.3). We will delete data within 30 days unless:

  • Legally required to retain it
  • Needed to complete a transaction you requested
  • Necessary for security or fraud prevention

9. YOUR RIGHTS UNDER KENYAN LAW

Under Kenya's Data Protection Act, 2019, you have the following rights regarding your personal data:

9.1 Right of Access

You can request:

  • Confirmation of what personal data we hold about you
  • A copy of your personal data in a portable format (CSV, JSON, PDF)
  • Details about how we use and share your data

How to Exercise:

Response Time: Within 30 days of request

9.2 Right to Rectification

You can request correction of:

  • Inaccurate personal data
  • Incomplete information

How to Exercise:

Response Time: We will correct data within 14 days of verification

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • Data is no longer necessary for original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • Data was processed unlawfully
  • Legal obligation requires deletion

Limitations:

  • We shall retain legally required data (e.g., tax records for 7 years)
  • We shall retain anonymized data for analytics

How to Exercise:

Response Time: Deletion completed within 30 days

9.4 Right to Restriction of Processing

You can request we limit processing when:

  • You contest the accuracy of data (while we verify)
  • You object to processing (while we verify legitimate grounds)

How to Exercise: Email privacy@beatbnk.com

9.5 Right to Data Portability

You can request:

  • Your data in a structured, commonly used, machine-readable format
  • Transmission of your data to another service provider (where technically feasible)

Applies to:

  • Data you provided to us
  • Data processed based on consent or contract
  • Data processed by automated means

How to Exercise:

Format Options: CSV, JSON, PDF

9.6 Right to Object

You can object to processing when:

  • We process data based on legitimate interests
  • We use your data for direct marketing
  • We use your data for profiling

How to Exercise:

We will stop processing unless we demonstrate compelling legitimate grounds.

For processing based on consent:

  • You can withdraw consent at any time
  • Withdrawal does not affect lawfulness of prior processing

How to Exercise:

  • Location: Device Settings > BeatBnk > Location Services
  • Marketing: App Settings > Notifications > Marketing Preferences
  • Email: privacy@beatbnk.com

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services. Similar technologies include:

  • Local Storage: Data stored in your browser
  • SDKs: Software development kits in mobile apps
  • Pixels: Tiny images tracking page views
  • Device Identifiers: Unique IDs for mobile devices

10.2 Types of Cookies We Use

10.2.1 Essential Cookies (Always Active)

Necessary for platform to function:

  • Session management (keep you logged in)
  • Security features (prevent fraud)
  • Load balancing (optimize performance)

Cannot be disabled without breaking core features.

10.2.2 Functional Cookies

Enhance user experience:

  • Remember your preferences (language, location, favorites)
  • Store recent searches
  • Maintain filter settings
  • Personalize content display

You can disable but may lose convenience features.

10.2.3 Analytics Cookies

Help us understand usage:

  • Pages visited and time spent
  • Features used
  • Error rates
  • User flow through app

Partners:

  • Google Analytics
  • Firebase Analytics

You can disable through cookie preferences or opt-out tools.

10.2.4 Advertising Cookies (Opt-In)

Deliver relevant ads:

  • Track ad impressions and clicks
  • Measure campaign effectiveness
  • Create interest-based profiles
  • Retarget visitors who didn't complete bookings

Partners:

  • Google Ads

Requires your consent - opt in through cookie banner or settings.

10.3 Managing Cookies

10.3.1 In-App Settings

  • Navigate to: Settings > Privacy > Cookie Preferences
  • Toggle categories on/off (except essential cookies)

10.3.2 Browser Settings

Desktop Browsers:

  • Chrome: Settings > Privacy and Security > Cookies
  • Safari: Preferences > Privacy > Manage Website Data
  • Firefox: Options > Privacy & Security > Cookies

Mobile Browsers:

  • iOS: Settings > Safari > Block Cookies
  • Android: Chrome > Settings > Site Settings > Cookies

10.3.3 Opt-Out Tools

10.4 Third-Party Cookies

We do not control third-party cookies set by:

  • Social media platforms (when you share content)

11. CHILDREN'S PRIVACY

11.1 Age Restriction

BeatBnk is not intended for users under 18 years of age. We do not collect personal information from children under 18.

11.2 Parental Notice

If you are a parent or guardian and believe your child under 18 has provided us with personal information:

Contact us immediately:

We will:

  • Verify the claim
  • Delete the child's information promptly
  • Terminate the account

11.3 Age Verification

We shall request date of birth or government ID to verify:

  • Age eligibility for account creation
  • Compliance with legal requirements

12. CHANGES TO THIS PRIVACY POLICY

12.1 Right to Modify

With consent, we reserve the right to update this Privacy Policy to reflect:

  • Changes in our practices
  • New features or services
  • Legal or regulatory requirements
  • Industry best practices

12.2 Notification of Changes

For Material Changes:

  • Email notification to registered users
  • In-app prominent notice on login
  • 30-day notice period before changes take effect
  • Summary of key changes provided

12.3 Version History

Previous versions of this Privacy Policy are available upon request: privacy@beatbnk.com

13. CONTACT INFORMATION

13.1 Privacy Inquiries

Data Protection Officer:

Email: privacy@beatbnk.com
Response Time: Within 7 business days

13.2 Data Subject Requests

To exercise your rights:

Required Information:

  • Full name
  • Email address on account
  • Specific request details
  • Proof of identity (for security)

13.3 General Support

Customer Service:

Email: support@beatbnk.com
In-App: Help Center

13.4 Mailing Address

BeatBnk Limited
Attention: Privacy Team
Jahazi Building, James Gichuru, Lavington
Nairobi, Kenya

13.5 Complaints

Internal:
privacy@beatbnk.com

ACCEPTANCE

By using BeatBnk, you acknowledge that:

✓ You have read and understood this Privacy Policy
✓ You consent to the collection, use, and sharing of your information as described
✓ You understand your rights under Kenya's Data Protection Act, 2019
✓ You agree to receive communications from BeatBnk