Trusted Kigali Developers, Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with Rwanda’s DPP Law (No 058/2021).

Trusted Kigali Developers is committed to protecting your data.

Effective: May 18, 2025

At Trusted Kigali Developers (“TKD”, “we”, “us”, or “our”), we prioritize your privacy and are committed to transparency, accountability, and compliance with Rwanda’s Law No 058/2021 on the protection of personal data and privacy (DPP Law). This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you interact with our websites, cloud solutions, or services (collectively, the “Services”). It also details your rights under the DPP Law and other applicable regulations.

This policy applies to personal data processed by TKD as a data controller. It does not cover data processed on behalf of our clients (e.g., through our cloud solutions), which is governed by client-specific agreements, nor does it apply to employment-related data or third-party services integrated with our platform.

For users in Rwanda, this policy ensures compliance with the DPP Law. For users in the European Economic Area, the United Kingdom, or Switzerland, additional details are available in our Europe Privacy Policy Addendum.

1. About Trusted Kigali Developers

Trusted Kigali Developers is a Rwandan company specializing in secure, scalable, and open-source cloud solutions for high-stakes operations. Our mission is to empower organizations with fortified security, optimized performance, and intelligent scalability, leveraging open-source innovation to deliver transparent and adaptable infrastructure management tools.

2. Personal Information We Collect

We collect personal data as defined by the DPP Law (Art. 3), which includes any information relating to an identified or identifiable natural person. We do not intentionally collect sensitive personal data (e.g., race, health, or religious beliefs) and request that you refrain from providing such information. Below are the categories of data we may collect:

Account Data

  • What: Name, email address, phone number, account credentials, and organization details.
  • How Collected: Directly from you when creating an account or through third-party authentication providers (e.g., Google, OAuth).
  • Purpose: To create and manage your account, authenticate access, and provide support.

Payment Data

  • What: Payment card details or transaction information.
  • How Collected: Through third-party payment processors (e.g., Stripe, PayPal).
  • Purpose: To process payments for subscriptions or services.

Communication Data

  • What: Name, email, and message content from inquiries or support requests.
  • How Collected: Directly from you via email, contact forms, or social media.
  • Purpose: To respond to inquiries, provide support, and improve services.

User Content

  • What: Inputs (e.g., configuration settings, code snippets) and outputs (e.g., system logs) generated through our Services.
  • How Collected: Directly from you during interaction with our cloud solutions.
  • Purpose: To deliver, monitor, and optimize our Services.

Technical Data

  • What: IP address, device type, browser details, operating system, and usage metrics (e.g., pages viewed, features used).
  • How Collected: Automatically via analytics tools or server logs.
  • Purpose: To maintain security, analyze usage, and enhance performance.

Location Data

  • What: General location derived from IP address or precise location if provided (with consent).
  • How Collected: Automatically or directly from you.
  • Purpose: To comply with regional regulations and optimize service delivery.

Publicly Available Data

  • What: Data from public sources (e.g., open-source repositories, public websites) used to enhance our solutions.
  • How Collected: From publicly available resources.
  • Purpose: To improve our Services and develop new features.

We comply with DPP Law (Art. 4-17) by ensuring data quality, minimizing collection, and obtaining clear consent where required.

3. How We Use Personal Information

We process personal data for the following purposes, in line with DPP Law (Art. 6) and our legitimate interests:

  • Service Delivery: To provide, monitor, and maintain our cloud solutions (e.g., processing user inputs to configure infrastructure).
  • Support and Communication: To respond to inquiries, provide technical support, and send service-related updates.
  • Improvement and Research: To analyze usage trends, enhance system performance, and develop new features, using pseudonymized or aggregated data where possible.
  • Security: To detect and prevent fraud, unauthorized access, or violations of our terms, using measures like encryption and tokenization (DPP Law, Art. 3).
  • Legal Compliance: To meet obligations under the DPP Law, tax laws, or other regulations, including maintaining a register of data processing activities (Art. 29).

We do not sell personal data, use it for marketing without consent, or process it for profiling with significant or legal consequences (DPP Law, Art. 3).

4. How We Disclose Personal Information

We may disclose personal data to:

  • Service Providers: Third-party vendors (e.g., hosting providers, analytics tools) under strict data processing agreements (DPP Law, Art. 37).
  • Business Transfers: In connection with mergers, acquisitions, or asset sales, with notice where required.
  • Legal Purposes: To comply with laws, respond to legal requests, or protect our rights, safety, or property (DPP Law, Art. 48).
  • Related Entities: To affiliates for operational purposes, ensuring compliance with DPP Law.
  • Third Parties with Consent: When you direct us to share data (e.g., integrating with a client’s systems).

All disclosures comply with DPP Law (Art. 48-52) and are logged for auditing.

5. Retention of Personal Information

We retain personal data only as long as necessary for the purposes outlined, in accordance with DPP Law (Art. 47). Retention periods vary:

  • Account Data: Retained while your account is active, deleted within 30 days of account closure unless required for legal purposes.
  • Payment Data: Retained as required by tax laws, typically 7 years.
  • User Content: Retained for the duration of service use, deleted within 30 days post-termination unless flagged for security review.
  • Technical Data: Retained for up to 12 months for analytics, then anonymized.

Data is securely deleted or anonymized when no longer needed, using industry-standard methods (DPP Law, Art. 47).

6. Security of Personal Information

We implement technical and organizational measures to protect personal data, including:

  • Encryption: Data is encrypted in transit and at rest (DPP Law, Art. 3).
  • Access Controls: Granular permissions and multi-factor authentication.
  • Monitoring: Real-time threat detection and personal data logging (Art. 3).
  • Audits: Regular security assessments and compliance with DPP Law (Art. 27).

No system is 100% secure, so we encourage you to protect your credentials and report suspicious activity to [email protected].

7. Links to Other Websites

Our Services may link to third-party websites (e.g., open-source repositories). These sites have their own privacy policies, and we are not responsible for their practices (DPP Law, Art. 2).

8. Children Under the Age of 18

Our Services are not directed at individuals under 18, and we do not knowingly collect their personal data (DPP Law, Art. 18). If we inadvertently collect such data, please contact us at [email protected] for deletion.

9. Privacy Rights and Choices

Under DPP Law (Art. 18-26), you have the following rights:

  • Access: Request a copy of your personal data.
  • Correction: Correct inaccurate or incomplete data.
  • Deletion: Request deletion, subject to legal exceptions.
  • Restriction: Restrict processing in certain cases.
  • Objection: Object to processing based on legitimate interests.
  • Portability: Receive your data in a portable format.
  • Consent Withdrawal: Withdraw consent at any time, without affecting prior processing.

To exercise these rights, contact us at [email protected] with your name, email, and residence details. We will verify your identity and respond within 30 days, as required by DPP Law (Art. 18). You may also lodge complaints with Rwanda’s supervisory authority (Art. 27).

10. Data Transfers

Personal data may be transferred outside Rwanda (e.g., to cloud hosting providers in the US or EU) for processing. We ensure compliance with DPP Law (Art. 48) by:

  • Using standard contractual clauses for transfers to non-adequate jurisdictions.
  • Obtaining your consent for specific transfers, where required.
  • Implementing safeguards like encryption and pseudonymization.

11. Changes to This Privacy Policy

We may update this policy to reflect legal or operational changes. Updates will be posted on our website with a new effective date, and we will notify you of material changes via email or in-service alerts (DPP Law, Art. 64).

12. Contact Information

For privacy inquiries, complaints, or rights requests, contact:

Trusted Kigali Developers
KK 8 AV, Kicukiro, Kigali, Rwanda
Email: [email protected]
Sales Email: [email protected]
WhatsApp: +250 789 207 778

For DPP Law complaints, contact Rwanda’s supervisory authority responsible for cybersecurity (Art. 27).

Europe Privacy Policy Addendum

For users in the EEA, UK, or Switzerland, we comply with GDPR and equivalent laws. Additional rights include:

  • Right to Erasure: Request deletion of data without undue delay.
  • Automated Decision-Making: We do not engage in automated decisions with legal or significant effects.
  • Data Protection Officer: Contact our DPO at [email protected].

Submit requests at [email protected]. Transfers outside the EEA/UK use standard contractual clauses approved by the European Commission.