Skip to main content

Privacy Policy

We are committed to protecting your personal data and being fully transparent about how we collect, use, and safeguard your information.

Last Updated: April 25, 2026
Effective: April 25, 2026
Ref: TEFETRO-PP-2026-001

⚠ Important: By accessing or using tefetro.studio, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

Contents

1. Introduction and Overview2. Data Controller Information3. Information We Collect4. How We Use Your Information5. Cookies and Tracking Technologies6. Data Sharing and Disclosure7. Payment Processing8. International Data Transfers9. Data Retention10. Data Security11. Your Rights as a Data Subject12. Children's Privacy13. Digital Products and Downloads14. AI-Powered Tools15. Third-Party Links16. Marketing Communications17. Changes to This Policy18. Governing Law19. Contact Us20. Definitions

1. Introduction and Overview

Tefetro Studios ("we," "our," "us," or "the Company") is a creative architecture studio operating through its digital platform at https://tefetro.studio. We are committed to protecting the privacy and personal data of every individual who interacts with our business — whether as a visitor, prospective client, paying customer, or subscriber.

This Privacy Policy has been prepared in accordance with the Kenya Data Protection Act, 2019 (No. 24 of 2019) and its associated regulations, as well as broadly recognised international standards including the General Data Protection Regulation (GDPR) of the European Union, where applicable to our international clients.

Our Core Commitment: We do not sell your personal information. We do not use it for purposes beyond what is disclosed in this Policy. We maintain reasonable security practices to protect it at all times.

2. Data Controller Information

Tefetro Studios is the Data Controller responsible for your personal data. If you have any questions, concerns, or requests relating to your personal data, please contact us using the details below. We will respond within 14 business days of receipt.

Privacy Contact

privacy@tefetro.studio

Jurisdiction

Nairobi, Kenya

3. Information We Collect

We collect personal data through multiple channels and in various categories, as described below.

3.1 Information You Provide Directly

Contact and Identity Information: Full name, email address, phone number, business name, and physical or mailing address where applicable to service delivery.
Account and Registration Information: Username, password (stored in encrypted form — we never store plain-text passwords), and account preferences.
Transaction and Payment Information: Billing name and address, payment method type, transaction history, and invoice information. We do not store full card details on our servers.
Project and Client Briefs: Design briefs, project requirements, creative instructions, uploaded files, feedback, and revision correspondence.
Communications: Emails, messages, survey responses, and contact form submissions you send us.

3.2 Information Collected Automatically

When you visit our Site, we automatically collect device and browser information (IP address, browser type, operating system), usage and navigation data (pages visited, time on page, referring URLs, clicks and scrolls), and session and analytics data through cookies and similar tracking technologies.

3.3 Information from Third Parties

We may receive information from payment processors (transaction confirmations), social media platforms (where you engage with our content), referral partners, and analytics providers (aggregated, anonymised data).

4. How We Use Your Information

We process your personal data only where we have a lawful basis to do so. Below are our processing purposes and the lawful basis for each.

To Provide Our Services

Processing orders, delivering purchased products and project files, managing client relationships, issuing invoices and receipts, and providing access to licensed digital downloads.

Performance of contract

To Communicate With You

Responding to inquiries and support requests, sending project updates and delivery notifications, and communicating important changes to our services.

Legitimate interests and/or contract performance

To Improve Our Site and Services

Analysing how visitors use our Site, developing new features, and monitoring technical errors and performance issues.

Legitimate interests

For Marketing and Promotional Purposes

Sending newsletters and promotional content about our products and services. You may withdraw consent at any time.

Consent (direct marketing) or legitimate interests

For Legal and Compliance Purposes

Complying with applicable laws and regulations, preventing fraud, enforcing our Terms of Service, and responding to law enforcement where legally required.

Legal obligation and/or legitimate interests

For Financial and Tax Record Keeping

Maintaining accurate financial records as required under Kenyan law and applicable tax regulations.

Legal obligation

5. Cookies and Tracking Technologies

Cookies are small text files placed on your device when you visit our Site. We use the following types:

Strictly Necessary Cookies: Essential for core Site functions such as security, authentication, and checkout. Cannot be disabled without significantly affecting functionality.
Performance and Analytics Cookies: Collect aggregated, anonymous data about how visitors use our Site — such as which pages are visited most often.
Functionality Cookies: Remember your preferences (language, region, display settings) to provide a personalised experience during future visits.
Marketing and Targeting Cookies: Used to deliver advertisements relevant to your interests. Only deployed with your explicit consent.

You may accept or decline non-essential cookies when prompted by our cookie consent banner, adjust your browser settings, or delete cookies already stored on your device. For guidance, visit www.allaboutcookies.org.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data.

We may share your information only in the following limited circumstances:

Service Providers and Processors: Trusted third parties we engage for website hosting, payment processing, email delivery, analytics, cloud storage, and customer support. All processors are bound by data protection obligations and may only use your data to provide services to us.
Legal Requirements: When required by applicable law, regulation, or court order, or to protect our rights, prevent fraud, or ensure user safety.
Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred to the relevant third party. We will notify you of any such transfer where required by law.
With Your Consent: In any other circumstance where we have obtained your explicit, informed consent.

7. Payment Processing

All payment transactions conducted through tefetro.studio are processed by trusted, PCI DSS-compliant third-party payment processors. We do not store, process, or transmit your full payment card information on our own servers.

When you submit payment information through our checkout, you are interacting directly with the payment processor's secure platform. We receive only limited confirmation data (amount, date, and a masked reference number) necessary for our records. We encourage you to review the privacy policy of any payment processor you use through our platform.

8. International Data Transfers

Tefetro Studios operates primarily from Kenya. Some of our third-party service providers may be located in, or process data in, other countries including the European Union or the United States.

Where personal data is transferred outside Kenya, we take steps to ensure adequate safeguards are in place, including contractual protections, use of service providers who comply with internationally recognised security standards, and reliance on adequacy decisions where applicable.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the stated purpose, or as required by applicable law. At the end of each retention period, data is securely deleted or anonymised.

Category of DataRetention Period
Customer account dataDuration of account + 3 years
Transaction & payment records7 years (legal compliance)
Project files & client briefs2 years post-completion
Marketing consent recordsUntil withdrawal + 1 year
Support correspondence3 years
Website analytics data26 months (rolling)

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, disclosure, or destruction:

  • SSL/TLS Encryption: All data transmitted between your browser and our Site is encrypted via HTTPS.
  • Access Controls: Personal data is accessible only to authorised personnel on a need-to-know basis.
  • Secure Storage: Data is stored on secured servers with restricted access and active monitoring.
  • Password Security: User passwords are stored in hashed form using industry-standard algorithms.
  • Incident Response: We maintain a data breach response procedure and will notify affected individuals and authorities as required by law.

While we take every reasonable precaution, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

11. Your Rights as a Data Subject

Under the Kenya Data Protection Act, 2019, and applicable international law, you have the following rights with respect to your personal data:

Right of Access

Request a copy of all personal data we hold about you at any time.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your data where no longer necessary or lawful.

Right to Restriction

Request that we limit how we process your personal data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing for direct marketing or legitimate interests.

How to Exercise Your Rights

Email privacy@tefetro.studio with the subject line "Data Subject Request." We may require identity verification. We will respond within 30 days of receipt.

Supervisory Authority: If you are dissatisfied with how we handle your data, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC)www.odpc.go.ke

12. Children's Privacy

Our Site and services are not directed at or intended for use by children under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted personal data without appropriate parental consent, we will take prompt steps to delete that information.

If you are a parent or guardian and believe a child under your care has provided us with personal data, please contact us immediately at privacy@tefetro.studio.

13. Digital Products and Downloads

When you purchase digital products, architectural drawings, or other downloadable content from tefetro.studio, we collect and retain data about your purchase including:

  • The product(s) purchased and their associated license type
  • Date and time of purchase
  • Download history and access logs

This information is retained to verify legitimate ownership, administer license rights, resolve disputes, and comply with our intellectual property obligations. Please refer to our separate Digital Product License Terms for full details on permitted and prohibited uses of our downloadable content.

14. AI-Powered Tools and Features

Where our Site incorporates AI-powered tools (including chatbots, generative features, or automated assistance), please note:

  • Conversations or inputs submitted to AI tools may be processed by third-party AI providers. We take reasonable steps to ensure such providers are bound by appropriate data protection obligations.
  • AI tools are provided to assist and enhance your experience. They are not a substitute for professional legal, architectural, financial, or other specialist advice.
  • We do not use AI tools to make fully automated decisions that produce significant legal effects without human oversight.

Recommendation: Do not submit sensitive personal, financial, health, or legal information through AI-powered chat interfaces on our Site.

16. Marketing Communications

Where you have provided consent, or where we otherwise have a lawful basis to do so, we may send you marketing communications about our services, new products, promotions, and studio updates.

Opting Out: You may unsubscribe from marketing emails at any time by clicking the "Unsubscribe" link in any marketing email, or by contacting us at privacy@tefetro.studio. Opting out of marketing does not affect transactional messages related to your purchases or account.

17. Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs. When material changes are made, we will:

  • Update the "Last Updated" date at the top of this Policy
  • Post the revised Policy on our Site
  • Where appropriate, notify you by email or through a notice on our Site

Your continued use of our Site after the effective date of any revised Policy constitutes your acceptance of the changes.

18. Governing Law

This Privacy Policy is governed by and shall be construed in accordance with the laws of the Republic of Kenya, including the Kenya Data Protection Act, 2019.

Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Kenya, unless otherwise required by applicable mandatory law in your jurisdiction.

19. Contact Us

If you have any questions, concerns, or requests relating to your personal data or this Privacy Policy, please contact us. We aim to respond to all privacy-related inquiries within 14 business days.

Privacy Enquiries

privacy@tefetro.studio

General Enquiries

hello@tefetro.studio

Address

Nairobi, Kenya

20. Definitions

Personal Data

Any information relating to an identified or identifiable natural person.

Processing

Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Data Controller

The entity that determines the purposes and means of processing personal data — in this case, Tefetro Studios.

Data Processor

A third party that processes personal data on behalf of the Data Controller.

Data Subject

The natural person to whom personal data relates — in this case, you.

Consent

A freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.

Legitimate Interests

A lawful basis for processing where our business interests are pursued in a way that does not override your fundamental rights and freedoms.

Sensitive Personal Data

Data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or other categories defined as sensitive under applicable law.

© 2026 Tefetro Studios. All rights reserved.

This Privacy Policy is governed by the Kenya Data Protection Act, 2019. Document Reference: TEFETRO-PP-2026-001 · Version 1.0 · Review Due: April 2027

This Privacy Policy was last updated on April 25, 2026 and supersedes all previous versions.