Imara Flow

Preparing your business workspace...

Imara Flow
LoginStart Free

Legal

Privacy Policy

How Imara Flow collects, uses, shares, protects and retains personal data across the platform.

Effective date: 7 June 2026. This Privacy Policy applies to Imara Flow, Imara Assurance, Shops, mini stores, Contact Cards, dashboards, public pages and related services.

1. Who we are

Imara Flow is a Valron Technologies product built for business management, online stores, contact cards and protected transaction workflows. In this policy, “Imara”, “we”, “us” or “our” refers to the Imara Flow platform operator.

2. Personal data we collect

  • Identity and contact details such as name, email, phone number, business name and role.
  • Login and authentication data such as session records, verification status, Auth0/Google identity references and login timestamps.
  • Business workspace information such as staff roles, customers, suppliers, invoices, products, orders, reports and settings.
  • Store and marketplace information such as product listings, checkout details, order records and customer contact details.
  • Payment information such as references, status, amount, currency, provider metadata and receipt data. We do not intentionally store full card numbers.
  • KYC/KYB and compliance records where required for wallet, protected transaction, verification or fraud prevention workflows.
  • Support, communication and notification records.
  • Technical data such as IP address, browser information, device details, timestamps and security logs.

3. Why we use personal data

We use personal data to create accounts, operate workspaces, process store orders, issue receipts, send notifications, manage protected transactions, prevent fraud, secure the platform, support users, improve features, comply with legal obligations and keep financial and audit records.

4. Legal and operational basis

We process data where it is needed to provide the service, perform a contract, comply with law, protect legitimate business and security interests, prevent fraud, send service communications, support users, or where the user has provided consent for a specific activity.

5. Sharing with third parties

We may share limited data with service providers such as payment gateways, email providers, authentication providers, hosting providers, analytics providers and compliance support providers. We may also disclose information where required by law, court order, regulator, payment provider rule, fraud investigation or enforcement of our Terms.

6. Store customer privacy

When a customer buys from a mini store, their name, phone number, email, product, order amount and payment reference may be shared with the business owner so the order can be fulfilled. The business owner is responsible for using that customer information lawfully and only for the order, customer support, fulfilment, accounting or permitted follow-up.

7. Contact cards and public pages

Contact cards, public stores, product pages and shop listings may be publicly visible. Users should not publish private information they do not want customers or search engines to see.

8. KYC/KYB and sensitive records

KYC/KYB documents and verification records are handled with restricted access. They may be used for compliance, fraud prevention, wallet access, protected transactions, dispute support and risk review. Users must not upload documents they are not authorised to provide.

9. Cookies and similar technologies

We may use cookies or similar technologies for login sessions, security, preferences, analytics and platform performance. Disabling cookies may affect login, checkout and dashboard functionality.

10. Security

We use reasonable technical and organisational safeguards including access controls, authentication, database controls, server-side validation, activity logging and restricted administrative workflows. Users must keep login credentials private and revoke staff access when roles change.

11. Data retention

We retain data for as long as needed to provide the service, maintain business records, comply with legal obligations, support accounting, resolve disputes, prevent fraud, investigate abuse and enforce agreements. Some financial, KYC, receipt and transaction records may be retained even after account closure.

12. Your rights and choices

Depending on applicable law, you may request access, correction, deletion, restriction or export of your personal data. Some requests may be limited where retention is necessary for legal, security, accounting, audit or dispute reasons.

13. Children

Imara Flow is not designed for use by children. Businesses should not upload children’s data unless they have a lawful basis and appropriate consent where required.

14. International processing

Some providers may process data outside Kenya. Where this occurs, we aim to use appropriate contractual, technical and organisational safeguards suitable for the service being provided.

15. Changes to this policy

We may update this Privacy Policy when the product, law, payment flows, compliance needs or operational requirements change. The effective date will be updated when material changes are made.

16. Contact

Privacy questions can be submitted through the Imara Flow contact page or support channels in the dashboard.