Terms of Service & Privacy Policy

Legal Documents

Last updated: 31 May 2026 · Vendra, Kenya · v1.1

      Please read these terms carefully before using Vendra. By creating an account or using our services you agree to be bound by these terms.
    

1. Who We Are

Vendra is a cloud-based business management platform built for Kenyan SMEs. We provide subscription-based ERP software including invoicing, inventory, accounting, and related business tools. References to "Vendra", "we", "us" or "our" mean the Vendra platform and its operators.

2. Acceptance of Terms

By registering for or using Vendra you confirm that:

You are at least 18 years old or have authority to bind the business you represent.
You have read and understood these Terms of Service and our Privacy Policy.
You agree to comply with all applicable Kenyan laws and regulations.

3. Your Account

You are responsible for maintaining the security of your account credentials. Do not share your password. Notify us immediately at [email protected] if you suspect unauthorised access. We are not liable for losses caused by unauthorised use of your account where you failed to take reasonable precautions.

Each account is for a single business entity. Creating multiple accounts to circumvent subscription limits is not permitted.

4. Subscription and Payment

Vendra operates on a prepaid subscription model. Access to your system is granted for the period covered by your payment. When your subscription expires, access to your system is suspended until renewed.

All prices are displayed in USD and billed in KES at the prevailing exchange rate at the time of payment.
Payments are processed via M-Pesa or Paystack. We do not store your full card number, CVV, or PIN. When you pay by card, Paystack issues a secure token (authorization code) that we store on your behalf to enable automatic subscription renewals. We also store limited display information (card type, last four digits, issuing bank) so you can identify your saved card. You can remove your saved card at any time from your account settings.
Subscriptions are non-refundable once the system has been provisioned and access granted.
We reserve the right to change pricing with 30 days' notice.

5. Your Data

Your business data belongs to you. We store it on your behalf to provide the service. We do not sell, share, or analyse your business data for commercial purposes beyond operating and improving the service.

If you delete your account, your data — including your Vendra system database — is permanently and irreversibly deleted. We recommend exporting any data you need before deleting your account.

6. Acceptable Use

You agree not to use Vendra to:

Process or store unlawful, fraudulent, or misleading information.
Violate any applicable law, including the Kenya Revenue Authority's e-invoicing requirements.
Attempt to gain unauthorised access to other accounts or Vendra's infrastructure.
Resell or sublicense access to Vendra without written permission.
Engage in any activity that disrupts or degrades the service for other users.

7. System Availability

We aim to keep Vendra available at all times but do not guarantee 100% uptime. Scheduled maintenance, infrastructure issues, or circumstances beyond our control may result in temporary downtime. We will endeavour to notify users of planned maintenance in advance.

8. Intellectual Property

The Vendra platform, brand, and software are owned by us. You are granted a limited, non-exclusive, non-transferable licence to use the service during your active subscription. You retain full ownership of all data and content you input into the system.

9. Limitation of Liability

To the maximum extent permitted by Kenyan law, Vendra shall not be liable for indirect, incidental, or consequential damages arising from your use of the service, including loss of profits, loss of data, or business interruption. Our total liability in any matter shall not exceed the amount you paid for the service in the preceding three months.

10. Termination

Either party may terminate the agreement at any time. You may delete your account from your profile settings. We may suspend or terminate accounts that violate these terms, with or without prior notice depending on the severity of the violation. Upon termination, your data will be deleted.

11. Changes to These Terms

We may update these terms from time to time. We will notify active users by email at least 14 days before material changes take effect. Continued use of the service after that date constitutes acceptance of the updated terms.

12. Governing Law

These terms are governed by and construed in accordance with the laws of Kenya. Any disputes shall be subject to the exclusive jurisdiction of the Kenyan courts.

13. Contact

For questions about these terms, contact us at [email protected].

      This Privacy Policy explains what personal data Vendra collects, how we use it, and your rights under the Kenya Data Protection Act 2019.
    

1. Data We Collect

When you create an account and use Vendra we collect:

Account information: Full name, business name, email address, phone number.
Payment information: M-Pesa transaction references and Paystack transaction references. When you pay by card, we store a Paystack-issued authorization token (not your card number) and limited display information (card type, last four digits, issuing bank) to enable automatic renewals and to show you which card is on file. We do not store full card numbers, CVV codes, or M-Pesa PINs.
Business data: All data you enter into your Vendra system — customers, invoices, inventory, employees, accounting records, etc. This data belongs entirely to you.
Technical data: IP addresses, browser type, login timestamps, and usage logs for security and service improvement.

2. How We Use Your Data

To provision and operate your Vendra system.
To send service-related emails such as account confirmation, system credentials, invoices, and subscription reminders.
To process payments via M-Pesa and Paystack, and to automatically renew your subscription using a saved card authorization if you have one on file.
To provide customer support.
To detect and prevent fraud or abuse.
To comply with legal obligations including Kenya Revenue Authority requirements.

We do not use your business data for marketing, profiling, or any purpose beyond operating the service.

3. Third-Party Services

We work with the following third parties who may process your data as part of delivering the service:

Safaricom M-Pesa — payment processing. Governed by Safaricom's privacy policy.
Paystack — card payment processing. Governed by Paystack's privacy policy.
Brevo (Sendinblue) — transactional email delivery. Your email address is shared to enable email sending.
Cloudflare — network and security infrastructure.

We do not sell your data to any third party.

4. Data Storage and Security

Your data is stored on cloud infrastructure. Your data may be stored and processed outside Kenya. We ensure appropriate safeguards are in place for any such transfers in compliance with the Kenya Data Protection Act 2019. We apply industry-standard security measures including encrypted connections (TLS), access controls, and regular security reviews. Despite these measures, no system is completely secure. We encourage you to use a strong password and keep your credentials confidential.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, all associated data including your system database is permanently deleted within 24 hours. We may retain anonymised usage statistics that cannot identify you.

Payment transaction references may be retained for up to 7 years to comply with Kenyan financial record-keeping requirements.

6. Your Rights

Under the Kenya Data Protection Act 2019 you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate personal data.
Request deletion of your personal data (by deleting your account).
Object to or restrict how we process your data in certain circumstances.
Lodge a complaint with the Office of the Data Protection Commissioner of Kenya.

To exercise any of these rights, contact us at [email protected].

7. Cookies

The Vendra dashboard uses session tokens stored in your browser's local storage for authentication. We do not use tracking cookies or advertising cookies.

8. Children's Privacy

Vendra is a business platform and is not directed at persons under 18 years of age. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated by email at least 14 days before they take effect. Continued use of the service constitutes acceptance of the updated policy.

10. Contact

For privacy questions or data requests, contact us at [email protected].