Privacy Policy

Last updated: 2 July 2026

1. Who we are

ProfileCodes is a digital identity and payments platform operated by Profile Code, a regulated entity in Kenya since 2019, registered under Business Registration Number BN-5XCM9VM. Our offices are at Mirage Towers, Waiyaki Way, Nairobi, Kenya. We can be reached at info@profilecodes.com or +254 700 454424.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use profilecodes.com and all associated services.

2. Information we collect

Information you provide directly:

  • Account: full name, email address, password (stored as a secure hash)
  • Profile: phone number, WhatsApp number, bio, profile photo, social media links
  • Status updates you publish on your public profile
  • Bank account details for payment collection (account name, bank name, account number — stored securely and transmitted to Paystack)
  • Anonymous messages sent to you by visitors (we do not collect sender identity)
  • Contact capture records — when a visitor leaves their contact via your profile (Leave your contact feature): their name, phone number, email address, message, and their own ProfileCode if provided

Information collected automatically:

  • Profile view counts — we record when your profile is visited and the date of each visit
  • Link click counts — which links on your profile are tapped or clicked
  • IP address hashes of anonymous message senders (for abuse prevention only — full IP addresses are not stored)
  • Country of origin for pricing and payment localisation (via Vercel IP headers)
  • Login timestamps and session data

Payment information:

When you receive payments through your ProfileCode pay page, payer details (name, phone number, transaction reference) are collected and stored to enable settlement and provide you with a payment record. Card and mobile money details are never stored on our servers — all payment processing is handled by our payment partners (Paystack, PayPal, PawaPay).

3. How we use your information

  • To create and display your public ProfileCode page
  • To process subscription payments and payment collections via your pay page
  • To send WhatsApp notifications for profile views, payments received, and anonymous messages
  • To send account-related emails (verification, password reset, billing receipts)
  • To provide analytics — showing you how many people viewed your profile and clicked your links
  • To detect and prevent fraud and abuse, including misuse of anonymous messaging
  • To improve and develop the platform based on aggregated usage patterns
  • To determine your pricing zone for localised subscription pricing
  • To comply with legal obligations under Kenyan law

4. What is public on your profile

The following information is visible to anyone who visits your public ProfileCode page:

  • Your full name, profile photo, and bio
  • Your current status (if set)
  • Social links, website URLs, and contact buttons you have added
  • Your ProfileCode (e.g. 1000)
  • Whether you have Pay Me, Send Gift, and Donate buttons enabled
  • Your card theme and photo ring style

Your email address, password, bank account details, subscription plan, and view count data are never shown publicly.

5. Third-party services

We work with the following third parties who may process your data:

  • Supabase — database and authentication infrastructure (data stored in EU-West region)
  • Vercel — web hosting and edge network
  • Paystack — card and mobile money payment processing (Kenya)
  • PayPal — international payment processing (global, billed in USD)
  • PawaPay — mobile money payment processing across 20 African countries
  • Meta (WhatsApp Business API) — sending WhatsApp notifications to your registered phone number
  • Google — Google OAuth sign-in (if you choose to sign in with Google)

Each third party operates under their own privacy policy. We share only the minimum data necessary for each service to function.

6. Anonymous messaging privacy

When a visitor sends you an anonymous message, we do not collect or store their name, email, or full identity. We store a hashed version of their IP address solely to enforce rate limits and prevent abuse. The hash is one-way and cannot be reversed to identify the sender under normal circumstances. We may disclose sender information to law enforcement authorities if required by a valid legal order under Kenyan law.

7. WhatsApp communications

If you have provided a phone number, we may send you WhatsApp messages via the WhatsApp Business API for: profile view notifications, payment received alerts, anonymous message alerts, and verification codes (OTP). You consent to these messages by adding your phone number to your account. You may withdraw consent at any time by removing your phone number or contacting us. Message delivery is subject to WhatsApp's availability and Meta's terms.

8. Data retention

  • Account and profile data: retained for as long as your account is active
  • Anonymous messages: auto-deleted according to your chosen retention setting (1 hour to 30 days)
  • Profile view data: retained indefinitely for analytics purposes
  • Payment transaction records: retained for 7 years in compliance with Kenyan financial regulations
  • Upon account deletion: your profile, personal data, and ProfileCode are removed within 30 days. Payment records required for regulatory compliance are retained separately.

9. Your rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — update or correct inaccurate information via your dashboard at any time
  • Deletion — request deletion of your account and personal data
  • Portability — request your profile data in a machine-readable format
  • Objection — object to processing of your data for marketing purposes

To exercise any of these rights, email us at info@profilecodes.com. We will respond within 30 days.

10. Data Protection Act 2019 & ODPC Registration

ProfileCodes operates in full compliance with Kenya's Data Protection Act 2019 (Act No. 24 of 2019) and all subsidiary regulations made thereunder, including the Data Protection (Registration of Data Controllers and Data Processors) Regulations 2021.

Profile Code is registered with the Office of the Data Protection Commissioner (ODPC) of Kenya in the following capacities:

  • Data Controller — we determine the purposes and means of processing the personal data of our users (profile owners and visitors)
  • Data Processor — we process personal data on behalf of profile owners when visitors leave contact details via the Leave your contact feature

Our designated Data Protection Officer (DPO) is Collins Ochieng, who can be contacted at info@profilecodes.com.

ODPC registration reference numbers will be published here upon formal issuance by the Commissioner.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS), hashed passwords, row-level security on our database, and restricted access to production systems. No method of transmission or storage is 100% secure — we encourage you to use a strong, unique password for your account.

12. Cookies

We use essential cookies and session tokens required for authentication and to keep you logged in. We do not use advertising or tracking cookies. Our analytics are based on server-side view counts — we do not use third-party analytics scripts such as Google Analytics.

13. Children

ProfileCodes is not intended for use by persons under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact us at info@profilecodes.com and we will promptly delete the account.

14. International transfers

Your data is stored on servers operated by Supabase (EU-West region) and Vercel (global edge network). By using ProfileCodes you consent to the transfer and processing of your data outside Kenya. We ensure that all third-party providers maintain appropriate data protection standards.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a notice on the platform. The date at the top of this page reflects when it was last updated. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

16. Contact us

Profile Code

Registered Data Controller & Data Processor — Kenya ODPC

Data Protection Officer: Collins Ochieng

Mirage Towers, Waiyaki Way, Nairobi, Kenya

Email: info@profilecodes.com

Tel: +254 700 454424

Web: profilecodes.com