Privacy Policy

Last updated: April 12, 2026

1. Introduction

Vector Automation Systems Ltd ("VAS", "we", "us", or "our") operates the RentFlow platform. This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you use our Service. We are committed to protecting your privacy in compliance with the Kenya Data Protection Act, 2019 and applicable international data protection standards.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, password, and company details when you register.
  • Business Data: Asset details, customer records, rental agreements, payment records, invoices, and maintenance requests you enter into the platform.
  • Payment Information: M-Pesa transaction references and bank transfer details for subscription payments.
  • Communications: Messages you send to us via email or the platform.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, and interaction patterns.
  • Device Information: Browser type, operating system, device type, screen resolution, and IP address.
  • Cookies & Similar Technologies: See our Cookies Policy for details.

2.3 Information from Third Parties

  • Firebase Authentication: We use Google Firebase for authentication, which may collect device identifiers and authentication tokens.
  • Currency API: Exchange rate data from currencyapi.com (no personal data shared).

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the RentFlow platform.
  • Authenticate users and manage account security.
  • Process subscription payments and manage billing.
  • Enable multi-tenant data isolation and role-based access control.
  • Generate reports and analytics within your tenant.
  • Send important notifications about your account, subscription status, and platform updates.
  • Respond to support requests and communications.
  • Detect and prevent fraud, abuse, and security threats.
  • Comply with legal obligations.

4. Data Storage & Security

  • Data is stored on Google Cloud infrastructure (Firebase/Firestore) with encryption at rest and in transit.
  • We implement role-based access control, session management with JWT tokens, and secure HTTPS connections.
  • Tenant data is logically isolated — each company's data is filtered by tenant ID and never exposed to other tenants.
  • Firebase Admin SDK operations use service account credentials stored securely on the server.

5. Data Sharing & Disclosure

We do not sell your personal information. We may share data:

  • With Your Consent: When you authorize integrations or data exports.
  • Service Providers: Google Firebase (authentication, database), currencyapi.com (exchange rates). These providers have their own privacy policies.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice.
  • Platform Administration: Platform super administrators may access tenant data for support and compliance purposes.

6. Data Retention

  • Account data is retained for the duration of your active subscription.
  • After subscription expiry or account deletion, data is retained for 90 days before permanent deletion.
  • Payment records and invoices may be retained longer for legal and tax compliance.
  • You may request data export at any time via the platform's CSV export functionality.

7. Your Rights

Under the Kenya Data Protection Act and applicable laws, you have the right to:

Access: Request a copy of your personal data.

Rectification: Request correction of inaccurate data.

Erasure: Request deletion of your personal data (subject to legal retention requirements).

Data Portability: Export your data in CSV format via the platform.

Restriction: Request restriction of processing in certain circumstances.

Objection: Object to processing of your data for specific purposes.

Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at info@vasmetering.com.

8. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

9. International Data Transfers

Your data may be processed on servers located outside Kenya (Google Cloud infrastructure). We ensure appropriate safeguards are in place for any international data transfers in compliance with the Kenya Data Protection Act.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification. The "Last updated" date at the top indicates when the policy was last revised.

11. Contact Us

For privacy-related inquiries or to exercise your rights:

Vector Automation Systems Ltd (VAS)

Data Protection Officer: info@vasmetering.com

Phone: +254-700-877-949

Website: www.vasmetering.com

← Back to RentFlow