Privacy Policy

1. Introduction

Welcome to Mafans.co.ke ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.

Website: https://mafans.co.ke

Contact Email: tech@mafans.co.ke

This policy applies to our website, mobile applications (if any), and Facebook integrations. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Types of Data We Collect

We collect the following types of personal data:

• Personal Identifiers: Email address, display name, profile photo URL, phone number (optional)
• Authentication Data: OAuth provider information (Google or Facebook), authentication provider type
• Usage Data: Favorite matches, API call history, pages viewed, predictions accessed
• Device and Log Data: IP address, browser type, operating system, device information
• User-Generated Content: Favorite match selections, prediction preferences
• Email Preferences: Marketing preferences, prediction alerts preferences, email communication settings
• Analytics Data: Google Analytics tracking data including page views, interactions, and user behavior

3. How We Collect Your Data

We collect data through the following methods:

• Direct User Input: When you sign up, create an account, update your profile, or submit forms
• OAuth Providers: When you sign in with Google or Facebook, we receive your public profile data (name, email, photo) from these providers
• Cookies and Tracking Technologies: We use cookies, session storage, and similar technologies to track your usage
• Automated Systems: Our prediction engine and analytics systems automatically collect usage data
• Third-Party Services: Analytics providers (Google Analytics) and authentication services (Firebase) may collect data on our behalf

4. Purpose of Data Processing

We process your personal data for the following purposes:

• Account Creation and Authentication: To create and manage your user account, verify your identity, and provide secure access to our services
• Providing Services: To deliver football predictions, match analysis, odds comparisons, and personalized content
• Service Improvement: To improve the accuracy of our predictions, enhance user experience, and develop new features
• Personalization: To customize content, recommendations, and features based on your preferences and usage patterns
• Communication: To send you transactional emails, prediction alerts, marketing communications (with your consent), and respond to your inquiries
• Automated Posting: To facilitate automated content sharing to Facebook (if enabled)
• Legal and Security: To comply with legal obligations, prevent fraud, ensure platform security, and enforce our terms of service
• Analytics: To analyze website usage, understand user behavior, and generate statistical insights

5. Legal Basis for Processing

Under the Kenya Data Protection Act, 2019, we process your personal data based on the following legal grounds:

• Consent: When you explicitly agree to data processing (e.g., marketing emails, analytics cookies)
• Contractual Necessity: To fulfill our contract with you (providing account services, predictions, and core features)
• Legitimate Interest: For security, fraud prevention, service improvement, and analytics (where your rights and interests are not overridden)
• Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Third Parties

We share your data with the following third parties:

• Meta Platforms (Facebook): When you use Facebook Login or when we post content to Facebook, Meta receives your public profile data and content. Meta's privacy policy applies to their processing of your data.
• Google: Google Analytics collects usage data, and Google OAuth receives authentication data when you sign in with Google. Google's privacy policy applies to their processing.
• Paystack: Payment processing service receives payment information (we do not store full payment card details). Paystack's privacy policy applies.
• Firebase/Google Cloud: Authentication services and hosting infrastructure. Google's privacy policy applies.
• MongoDB Atlas: Database hosting service stores your data securely. MongoDB's privacy policy applies.
• Cloudinary: Image hosting and CDN services may process images you upload or that are associated with your account.

We do not sell your personal data to third parties. We only share data as necessary to provide our services or as required by law.

7. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

• Session Cookies: Essential for authentication and maintaining your login session (expires after 5 days)
• Google Analytics Cookies: Used to track website usage, page views, and user behavior for analytics purposes
• Anonymous Session IDs: Used to track anonymous users before they sign in

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality. We use a cookie consent banner to obtain your consent before loading analytics cookies.

8. Data Retention

We retain your personal data for the following periods:

• User Account Data: Retained until you delete your account or request deletion
• Email Preferences: Retained until account deletion
• API Call Logs: Retained for 90 days for security and rate limiting purposes
• Analytics Data: Google Analytics data is retained for 26 months (Google's default retention period)
• Backup Data: Backups may retain data for up to 30 days after deletion

After the retention period expires or upon account deletion, we will securely delete or anonymize your data, except where we are required to retain it for legal purposes.

9. Your Rights Under Kenya Data Protection Act

You have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you (see Data Export section)
• Right to Rectification: Correct inaccurate or incomplete data through your account settings or by contacting us
• Right to Erasure: Request deletion of your personal data (see Data Deletion section)
• Right to Object: Object to certain types of processing, such as marketing communications
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Withdraw Consent: Withdraw consent for data processing at any time (e.g., unsubscribe from marketing emails)

To exercise these rights, contact us at tech@mafans.co.keor use the data export/deletion features in your account.

10. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• Secure servers and databases with access controls
• Encryption of data in transit (HTTPS/TLS)
• Authentication and authorization mechanisms
• Regular security audits and updates
• Secure password storage (hashed, never stored in plain text)
• Session management with secure cookies

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security measures.

11. Children's Data

Mafans.co.ke is not intended for users under the age of 18. We do not knowingly collect personal data from children under 18 years of age.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at tech@mafans.co.ke, and we will take steps to delete such information.

12. How to Request Data Deletion

You can request deletion of your personal data in the following ways:

• Via Account Settings: Delete your account directly through your account settings page (this will delete all associated data)
• Via API Endpoint: Send a DELETE request to /api/user/delete while authenticated
• Via Email: Send a deletion request to tech@mafans.co.ke from your registered email address

When you request deletion, we will:

• Delete your user account from our database
• Delete your email preferences
• Delete your API call history
• Delete your favorite matches
• Delete your user predictions
• Delete your Firebase authentication account
• Delete your email analytics data

Note: Some data may be retained in backups for up to 30 days. Data that has been anonymized or aggregated may be retained for statistical purposes.

For Facebook App Users: If you used Facebook Login, you can also request data deletion through Facebook's data deletion tool. Our data deletion URL for Meta/Facebook is:https://mafans.co.ke/privacy#data-deletion

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a notice on our website

Your continued use of our services after changes are posted constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or wish to exercise your data protection rights, please contact us:

• Email: tech@mafans.co.ke
• Website: https://mafans.co.ke
• Support: Contact Support

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC)in Kenya if you believe your data protection rights have been violated.