Privacy Policy

1. Scope and Statutory Authority

This Privacy Policy ("Policy") governs the processing of personal data collected or processed by Bramanjo ("Company", "we", "us", "our") in the provision of its digital engineering platforms, infrastructure assets, and public digital environments.

All data processing operations are executed in strict alignment with the Kenya Data Protection Act, 2019 (the "Act"), alongside international regulatory frameworks governing data sovereignty where explicitly applicable. For the purposes of the Act, Bramanjo acts as the Data Controller concerning information actively submitted through its platform.

2. The "Cookie-Free" Sovereign Infrastructure Standard

We reject the use of persistent user tracking, behavioral profiling, and commercial advertising surveillance networks. Consequently, this web platform does not deploy HTTP cookies, tracking pixels, or cross-site identifier scripts.

To monitor platform integrity, optimize article readability, and capture structural traffic metrics, we utilize strictly self-hosted, stateless server-side telemetry. This metrics generation operates entirely independent of tracking cookies and executes localized data anonymization protocols, ensuring raw user metadata is never exposed to third-party monopolies.

3. Categories of Data Processed and Legal Basis

Consistent with the principle of data minimization under Section 3 of the Act, data collection is restricted to functional parameters across two structural vectors:

• Identity & Communication Data: Name, professional email address, corporate entity, and specific context fields explicitly and manually submitted via our platform contact form. This data is handled exclusively to fulfill information requests.
• Anonymized Telemetry: Aggregated, cookie-less server performance logs, anonymous page view volumes, and generalized content interaction durations processed strictly to ensure infrastructure security and compile structural readership data.

The legal basis for this processing rests on Section 30 of the Act, namely: the absolute consent of the user to address direct inquiries intentionally initiated via the contact form interface, and the Company’s legitimate operational interest in protecting network stability and evaluating platform utilization.

4. Data Retention and Deletion Architecture

Personal data is retained only for the duration strictly necessary to fulfill the operational mandate for which it was acquired, or to comply with statutory corporate record-keeping requirements under the Laws of Kenya.

Upon expiration of the processing requirement or a verified request for deletion, data vectors are systematically purged from our live relational storage systems via localized cascading deletes. Backups are written using immutable structures that naturally cycle out on a hard scheduled timeline.

5. Information Security and Access Control

Bramanjo protects data assets with rigorous physical, electronic, and logical defenses. Administrative interfaces are governed under zero-trust authorization barriers, cryptographic keys, and internal systems that heavily restrict access. We do not sell, rent, lease, or barter any personal data vectors to brokers, marketing platforms, or third-party corporate ecosystems.

6. Rights of the Data Subject

Pursuant to Section 26 of the Act, you are legally entitled to specific structural rights regarding your information:

You hold the right to be informed of the processing of your data; to access, correct, or request complete erasure of your records; to object to specific processing paradigms; and to demand data portability in a structured, machine-readable format.

To exercise these legal protections, or to log an inquiry regarding our internal compliance frameworks, submit a formal administrative request directly to our system office through our platform communication channels.