Skip to content
The Techbull
Articles
Categories
Tags
Press Enter for full results · Esc to close See all results →
Legal

Privacy Policy

Effective from April 26, 2026. Updated periodically.

Last updated: April 26, 2026. Effective from the date above.

This Privacy Policy explains what data The Techbull (“we”, “us”) collects when you use our websites, newsletters, podcasts, advertising platform and related services (the “Services”); how we use that data; and the rights you have over it.

We’ve written this in plain English. The legal references — Kenya Data Protection Act, 2019; the EU/UK General Data Protection Regulation (GDPR); and the California Consumer Privacy Act (CCPA/CPRA) — are summarised in their relevant sections.

Who we are (data controller)

The data controller for the Services is The Techbull (a registered media business in Kenya). For matters regulated by the GDPR, contact our EU representative through the contact page. For California residents, see the “Your California rights” section below.

What we collect

We collect the minimum we need. Specifically:

  • Account information — when you create an advertiser account or subscribe to the newsletter: email address, name, company (optional), country, and password (stored as a one-way hash).
  • Communications — emails or messages you send us, plus our replies. We retain these to honor follow-ups and for our editorial archive.
  • Browsing data — pages you read, time spent, scroll depth, the article that referred you, your country (derived from IP, then discarded at the IP level), and the broad device class (desktop / mobile / tablet). We do not fingerprint individual devices.
  • Newsletter engagement — opens (via a 1×1 tracking pixel) and clicks (via a redirect through our domain). You can disable image loading in your mail client to opt out of open tracking.
  • Advertiser data — billing email, company VAT/tax ID where required, transaction records (no card numbers — those are tokenized by our payment processors), creative assets, and click/impression data on your live ads.
  • Reactions & comments — when you tap a reaction emoji we store an aggregated count plus a same-origin cookie that prevents double-counting from the same browser. We do not store who reacted.

We do not collect: precise geolocation, biometric identifiers, contact lists, browsing history outside our Services, religious/political/health data, or “special category” data under GDPR Article 9.

How we use your data

  • To operate the Services — render pages, send the newsletter you asked for, fulfil ad bookings, log you in.
  • To improve the Services — aggregate analytics tell us which stories resonate; we never aggregate using personally identifying information.
  • To prevent abuse — rate-limiting, fraud and bot detection, signup verification (Cloudflare Turnstile).
  • To comply with the law — tax records, anti-money-laundering checks for large advertisers, lawful data requests from courts of competent jurisdiction.

We do not sell or rent personal data, ever.

Lawful bases (GDPR Article 6)

Where the GDPR applies to you, our lawful bases are:

  • Consent — for newsletter subscription, optional analytics cookies, and reactions tracking. You can withdraw consent at any time.
  • Contract — when you book an ad, we process your data to perform the contract you’ve entered into.
  • Legitimate interests — basic site analytics, abuse prevention, our own editorial archive. Where we rely on this basis, we’ve assessed that our interest does not override your rights and freedoms.
  • Legal obligation — tax, accounting, court orders.

Cookies & similar technologies

We use a small set of cookies. The full list, what each one does, and how to disable each category lives on our Cookie Policy page. Briefly:

  • Strictly necessary (session, CSRF) — always on.
  • Functional (currency preference, reactions dedupe) — opt-in by default in regions that require it.
  • Analytics (aggregated page views, dwell, scroll) — opt-in in the EU/UK; opt-out elsewhere.
  • Advertising (your direct-buy ad campaigns are not tracked across other sites; we do not use third-party retargeting).

Who we share with

We work with a small number of vetted processors who only see the data they need:

  • Resend — sends our transactional and newsletter email.
  • Cloudflare — DDoS protection, Turnstile bot-check, CDN.
  • Pesapal — processes ad payments in KES, mobile money and African cards.
  • PayPal — processes ad payments in USD and EUR.
  • Our hosting provider — operates the database and file storage.

Each processor is bound by a data-processing agreement that mirrors our obligations to you.

International transfers

Some processors are based outside Kenya, the EU or the UK. Where we transfer personal data internationally we rely on Standard Contractual Clauses (GDPR), the Kenyan Office of the Data Protection Commissioner’s mechanisms, and the equivalent UK/Swiss instruments. Details available on request through our contact page.

How long we keep data

  • Account data — for as long as your account is active, plus 30 days after deletion to handle billing reversals.
  • Newsletter subscribers — until you unsubscribe; suppressed (not deleted) for 24 months thereafter to honour your unsubscribe.
  • Site analytics — raw event rows: 90 days. Aggregated daily totals: indefinitely (no personal data).
  • Transactional records — 7 years (Kenya tax law).
  • Server access logs — 30 days.

Your rights

Under the GDPR / UK GDPR

  • Right of access — request a copy of your data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure (“right to be forgotten”).
  • Right to restrict processing.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object to processing based on legitimate interests, including profiling.
  • Right not to be subject to solely automated decision-making with legal effects (we don’t do this anyway).
  • Right to lodge a complaint with your supervisory authority.

Under the Kenya Data Protection Act, 2019

You have the right to be informed of the use of your personal data, to access it, to object to its processing, to correction or deletion, and to lodge a complaint with the Office of the Data Protection Commissioner.

Your California rights (CCPA/CPRA)

California residents have the right to know what we collect, to delete it, to correct it, to opt out of “sale” or “sharing” (we do neither), to limit the use of sensitive personal information (we don’t collect it), and to non-discrimination for exercising these rights.

To exercise any right, email us via the contact page. We respond within 30 days. We may need to verify your identity before honouring sensitive requests.

Security

Passwords are hashed using industry-standard algorithms (bcrypt). Sensitive subscriber data (email addresses) is stored encrypted at rest using AES-GCM-256. All traffic is HTTPS only. Payments are tokenized — we never see your card details. We run automated dependency and vulnerability scans, and we have a hash-chained audit log on our advertising pipeline so transactions cannot be silently altered.

Children

The Services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we’ll delete it.

Changes

If we make material changes to this policy, we’ll email subscribers and post a notice on the site at least 14 days before the change takes effect. The version in force is the one displayed here.

Contact

Questions about your data, this policy, or to exercise any right: see our contact page and select “Privacy / data request” — that goes straight to our data protection lead.

Questions about this policy? Contact us.

Advertise · Direct buy

Put your brand in front of Africa's tech readers.

Transparent pricing, instant approvals, paid via Pesapal. No retargeting cookies, no audience swaps — just the right readers.

42k+
Readers
12k
Reads / mo
1.9k
Subscribers
28
Countries
See all ad spaces → Or sponsor our newsletter →
Advertise
Advertise here