Plain English Summary — What You Need to Know
- We collect your name, email, WhatsApp number, country, and payment records when you register
- We use this information to operate your account, process commission payments, and send you relevant updates
- We do NOT sell your personal data to third parties
- We do NOT use your data for advertising purposes outside of Kudos Miracles ecosystem updates
- You have the right to access, correct, and delete your data at any time
- We use M-Pesa for payments — their privacy policy also applies to payment transactions
- Your data is stored securely on servers in the EU (Frankfurt region)
Contents
1. Who We Are and How to Contact Us
The data controller responsible for your personal data is:
Kudos Ain Ltd
UK Company Registration Number: 17177713
Registered in England and Wales
Email: matt@kudosmiracles.org
Website: kudosain.com
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the email address above. We aim to respond to all privacy-related enquiries within 30 days.
2. What Data We Collect
2.1 Data You Provide Directly
| Data Type | When Collected | Why We Collect It |
|---|---|---|
| Full Name | Registration | Account identification and personalisation |
| Email Address | Registration | Account communications and login |
| WhatsApp Number | Registration | Commission payments, platform updates, support |
| Country | Registration | Platform localisation and compliance |
| Referral Code Used | Registration | Commission attribution and network mapping |
| Payment Records | Each transaction | Financial records, commission calculations, legal compliance |
| M-Pesa Transaction Reference | Each payment | Payment verification and reconciliation |
2.2 Data We Collect Automatically
- Login timestamps and session information
- Platform usage data (lessons completed, dashboard views)
- Device type and browser information (for technical support)
2.3 Data We Do NOT Collect
- We do NOT collect or store M-Pesa PINs or passwords
- We do NOT collect biometric data
- We do NOT collect health or medical information
- We do NOT access your device contacts, camera, or microphone
3. How We Use Your Data
We use your personal data only for the following purposes:
- Account management: Creating and maintaining your Micro Founder account
- Commission processing: Calculating and paying commissions to your M-Pesa number
- Platform communications: Sending you updates about your account, commissions, and platform news via WhatsApp and email
- Educational access: Providing access to Kudos Campus content
- Referral network management: Tracking your referral tree and commission eligibility
- Legal compliance: Meeting our obligations under applicable law, including financial record-keeping requirements
- Platform improvement: Understanding how the platform is used to make it better
- Fraud prevention: Identifying and preventing fraudulent activity
4. Legal Basis for Processing
Under UK GDPR, we process your personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Contract performance — necessary to provide the service |
| Commission calculations and payments | Contract performance — necessary to fulfil our payment obligations |
| Financial record-keeping | Legal obligation — required by applicable financial regulations |
| Platform updates and communications | Legitimate interests — keeping members informed about their account |
| Fraud prevention | Legitimate interests — protecting the platform and its members |
| Marketing communications | Consent — which you may withdraw at any time |
5. Who We Share Your Data With
5.1 Service Providers
We share limited data with the following categories of service provider, solely to operate the platform:
- Payment processors (M-Pesa/Safaricom, Pesapal): Your phone number and transaction references for payment processing. Their own privacy policies apply to payment data.
- Cloud hosting providers (Render.com, Netlify): Platform data is hosted on secure servers. These providers are contractually bound to protect your data.
- Email and communication services: For sending account notifications and updates.
5.2 Legal Requirements
We may disclose your data if required to do so by law, court order, or government authority. We will notify you of any such requirement to the extent permitted by law.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of the company, your data may be transferred to the new entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
5.4 No Sale of Data
We will never sell, rent, or trade your personal data to any third party for marketing or commercial purposes.
6. How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data (name, email, WhatsApp) | Duration of membership + 2 years after closure | Legal compliance, dispute resolution |
| Financial transaction records | 7 years from transaction date | UK financial record-keeping requirements |
| Referral network data | Duration of network activity + 2 years | Commission calculation and dispute resolution |
| Communication records | 2 years from last communication | Support and dispute resolution |
| Blockchain records | Permanent (by nature of blockchain) | Immutable transaction verification |
When retention periods expire, data is securely deleted or anonymised so it can no longer be linked to you.
7. How We Protect Your Data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encrypted data transmission (HTTPS/SSL on all platform connections)
- Secure database access controls with role-based permissions
- Regular security assessments of our technical infrastructure
- Blockchain recording of financial transactions for immutable audit trails
- Restricted access to personal data — only those who need it to perform their role have access
No system is completely secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request.
Right to Rectification
You can ask us to correct any inaccurate data we hold about you. We will make corrections within 30 days.
Right to Erasure
You can ask us to delete your personal data. We will comply except where we have a legal obligation to retain it.
Right to Restriction
You can ask us to restrict processing of your data in certain circumstances while a dispute is resolved.
Right to Portability
You can request your data in a machine-readable format to transfer to another service provider.
Right to Object
You can object to processing based on legitimate interests. We will stop unless we have compelling grounds to continue.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time without affecting prior processing.
Right Not to be Subject to Automated Decisions
We do not make solely automated decisions that significantly affect you without human review.
To exercise any of these rights, contact us at matt@kudosmiracles.org. We will respond within 30 days and will not charge a fee for reasonable requests.
9. Cookies and Tracking
9.1 What We Use
Our platform uses minimal technical cookies necessary for the platform to function. These include session cookies (to keep you logged in) and preference cookies (to remember your settings). We do not use advertising cookies or cross-site tracking cookies.
9.2 Local Storage
Our platform uses browser local storage to save your progress through Kudos Campus lessons and your referral code preferences. This data stays on your device and is not transmitted to our servers.
9.3 Third Party Analytics
We do not currently use third-party analytics services (such as Google Analytics). If we introduce analytics in the future, we will update this policy and provide appropriate notice.
10. International Data Transfers
Your data is primarily stored on servers in the European Union (Frankfurt, Germany) through our hosting provider. Where data is transferred outside the UK or EU, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including the use of Standard Contractual Clauses where applicable.
For members based in Kenya, your data is processed in accordance with both UK GDPR (as we are a UK company) and applicable Kenyan data protection law, including the Kenya Data Protection Act 2019.
11. Children's Privacy
The Kudos AiN platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from someone under 18, we will delete it immediately.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at matt@kudosmiracles.org.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via WhatsApp or email at least 14 days before the changes take effect, and we will update the "Last updated" date at the top of this page.
Your continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy.
13. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority:
For UK residents:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
For Kenya residents:
Office of the Data Protection Commissioner
Website: odpc.go.ke
We would, however, appreciate the opportunity to address your concerns directly before you contact a supervisory authority. Please reach out to us first at matt@kudosmiracles.org.
Privacy Questions?
Email: matt@kudosmiracles.org
Kudos Ain Ltd · UK Company #17177713
Registered in England and Wales