PRIVACY*

Dullu Digital is an AI automation agency operating from Nairobi, Kenya, serving clients across East Africa and worldwide. This page tells you what data we collect, why we collect it, and how to ask us to delete it.

We collect only what we need to do business with you: (1) Information you give us through forms (name, business name, WhatsApp number, the challenge you describe). (2) Anonymous analytics about your visit (pages viewed, clicks, country, device type) via PostHog. (3) Cookies — see below.

To respond to your enquiries within 4 hours, to improve our website, to send you the resources you requested, and to comply with Kenyan tax and business law. We do not sell your data. We do not use it for advertising. We never share it with third parties except where the law requires.

We use PostHog (a privacy-focused analytics tool) to understand what works on our site. PostHog stores anonymous events in localStorage and a small first-party cookie. You can opt out anytime via the cookie banner or by emailing us. We do NOT use Google Analytics, Facebook Pixel, or any ad-tech tracker.

Under the Kenya Data Protection Act 2019 and the EU GDPR, we process your data on the basis of (a) your explicit consent (forms, cookies) and (b) legitimate interest (responding to enquiries). You have the right to access, correct, delete, or port your data at any time.

Leads in our CRM are kept for 36 months unless you ask us to delete sooner. Anonymous analytics events are retained for 12 months. Once deleted, data is permanently removed from our active systems (backups are purged within 30 days).

We use Supabase (SOC 2 Type II certified) for data storage with encryption at rest and in transit. Access to the lead database is restricted to founding team members and requires two-factor authentication. We follow OWASP guidelines for our website code.

Email dr.dullu@gmail.com with subject 'Data request' and one of: ACCESS, CORRECT, DELETE, EXPORT. We respond within 7 days. You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya (https://www.odpc.go.ke).

We will post any material change here with at least 14 days notice and notify you by email if we have one on file. Last updated: May 2026.