Legal

Privacy Policy.

How we collect, use, and protect your data. Clear, direct, and written for public-sector teams.

Last updated: July 10, 2026

1. Who We Are

Taifa Mail is an email delivery platform operated by RCFI ("we", "us"), part of the GovConnect Kenya organisation. We build software for Kenyan government ministries, counties, agencies, and public institutions.

This policy covers Taifa Mail and the services we operate under govconnect.ke, including any subdomains or applications associated with the platform.

2. Information We Collect

Information you provide

  • Account information: name, work email address, and optional profile details when you sign in with your institution credentials.
  • Sending data: sender addresses, domains, templates, and message content you submit through the dashboard, SMTP relay, or API.
  • Recipient data: contact lists, email addresses, and related fields you upload in order to send email through the platform.

Information collected automatically

  • Usage data: pages visited, features used, and interaction patterns.
  • Device information: browser type, operating system, and screen resolution.
  • Network information: IP address and approximate location.
  • Delivery events: sends, deliveries, bounces, opens, clicks, and complaints, which we record to provide analytics and protect sender reputation.

3. How We Use Your Information

  • To provide and maintain our services.
  • To deliver email on your behalf and report on delivery outcomes.
  • To send transactional emails such as account notices, receipts, and alerts.
  • To authenticate your identity and secure your account.
  • To prevent abuse, spam, and fraud on our sending infrastructure.
  • To improve our products and user experience.
  • To communicate with you about your account or our services.

4. Data Sharing

We do not sell your personal data. We share information only in these cases:

  • Service providers: We use infrastructure providers to host our services. Data is stored on secured cloud infrastructure with industry-standard access controls and encryption at rest.
  • ICTA: As platform operator, ICTA may access allocation request data and operational metadata needed to govern mailbox capacity and domain hosting.
  • Legal requirements: We may disclose information if required by law or to protect our rights.

5. Data Storage and Security

Your data is stored in PostgreSQL databases hosted on secured servers. We use industry-standard security measures including:

  • TLS/SSL encryption for all data in transit.
  • Hashed credentials where applicable.
  • Session tokens stored in HTTP-only, secure cookies.
  • Regular security audits of our infrastructure.

6. Your Rights

In line with the Kenya Data Protection Act, 2019, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for data processing.

To exercise any of these rights, contact us at support@govconnect.ke.

7. Cookies

We use essential cookies only, specifically an HTTP-only authentication cookie to maintain your login session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by email or through our platforms.

10. Contact

For privacy-related questions or requests: