M-Tuma
M-Tuma

Privacy Policy

Last updated: May 18, 2026

1. Introduction

Phira Inc. (“M-Tuma”, “we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our subscription management platform.

2. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, and profile details provided during sign-up via Google OAuth.
  • Organization data: business name, organization settings, and member details you configure within the platform.
  • Customer data: names, phone numbers, and subscription records you import or create for your own customers.
  • Usage data: log data, device information, IP addresses, and interactions with the Service collected automatically.
  • Payment data: M-Pesa transaction references and reconciliation records. We do not store full payment card numbers.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Send automated SMS reminders on your behalf to your customers.
  • Reconcile payment records and generate reports for your organization.
  • Authenticate users and manage access controls within your organization.
  • Respond to support requests and communicate service-related updates.
  • Monitor for security incidents and enforce our Terms of Service.

4. Customer Data You Enter

Data you import or enter about your own customers (names, phone numbers, subscription details) is processed solely to deliver the Service to you. You are the data controller for this information and are responsible for ensuring you have a lawful basis for processing it under applicable data protection laws, including obtaining necessary consents for SMS communications.

5. Sharing of Information

We do not sell your personal information. We may share information with:

  • Service providers: SMS gateway providers (e.g., Africa's Talking) and cloud infrastructure providers who process data on our behalf under appropriate data processing agreements.
  • Payment processors: M-Pesa and related Safaricom services for payment reconciliation.
  • Legal requirements: when required by law, court order, or governmental authority.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate notice.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination, we will delete or anonymize your data within 90 days, except where retention is required by law or legitimate business purposes such as dispute resolution.

7. Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, loss, or disclosure. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your personal information, subject to legal obligations.
  • Object to or restrict processing of your information in certain circumstances.
  • Request a portable copy of your data in a machine-readable format.

To exercise these rights, contact us at hello@phira.tech.

9. Cookies and Tracking

We use session cookies essential for authentication and platform operation. We do not use third-party advertising or tracking cookies. You can control cookie settings through your browser, but disabling essential cookies may prevent you from using the Service.

We use Umami Analytics, a cookie-free, privacy-preserving analytics platform, to collect anonymised usage data. Umami does not use cookies and does not track users across websites. No personally identifiable information is stored by our analytics system.

10. Third-Party Services

The Service integrates with Google (for authentication), Africa's Talking (for SMS), and M-Pesa (for payment reconciliation). These services have their own privacy policies and data practices. We encourage you to review them independently.

11. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on this page and updating the “Last updated” date. Continued use of the Service after changes are posted constitutes acceptance of the revised Policy.

13. Contact Us

For privacy-related questions or to exercise your rights, please contact us at hello@phira.tech or call +254 719 720 364.