Sale on now — 20% off select products!
Login Register
Home
New Arrivals
Login Register Cart (0)

Privacy Policy

Last updated: June 2026 Jurisdiction: Kenya
This policy explains how BitMall collects, uses, and protects your personal information. By using our website, you agree to the practices described here.

1. Who We Are

BitMall ("we", "our", "us") is an online fashion and home décor retail platform operated by Bitnova Ltd, based in Nairobi, Kenya. Our website is accessible at https://mall.bitnova.co.ke.

We are the data controller of personal information collected through our platform, and we are committed to protecting your privacy in accordance with Kenya's Data Protection Act, 2019.

2. Information We Collect

Information you provide directly

  • Account information: first name, last name, email address, phone number, and password (stored as a secure hash).
  • Delivery addresses: street address, city, county, postal code, and country.
  • Order details: items purchased, quantities, sizes, and payment confirmation details.
  • Communications: messages sent through our contact form, return requests, or customer support channels.
  • Google Sign-In: if you log in with Google, we receive your name, email address, and profile picture from Google.

Information collected automatically

  • Usage data: pages visited, search queries, products viewed, cart activity, and time spent on pages.
  • Device & browser data: IP address, browser type, operating system, and device identifiers.
  • Cookies and similar technologies: session identifiers, preference cookies, and analytics. See our Cookie Policy.
  • Transaction data: payment method type, M-Pesa transaction reference, payment status. We do not store full card numbers.

3. How We Use Your Data

We use your personal data to:

  • Process and fulfil your orders — including payment processing, packaging, and delivery coordination.
  • Manage your account — authentication, password resets, and account settings.
  • Communicate with you — order confirmations, shipping updates, return status, and responses to your enquiries.
  • Send marketing emails — only if you have subscribed. You can unsubscribe at any time from any email we send.
  • Improve our platform — analysing usage patterns to fix bugs, improve navigation, and personalise your experience.
  • Fraud prevention and security — detecting suspicious activity and protecting your account.
  • Legal compliance — meeting our obligations under Kenyan law, including tax and accounting requirements.
We never sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Sharing Your Data

We share your data only where necessary:

  • Delivery partners: your name, phone number, and delivery address are shared with our courier partners to fulfil your order.
  • Payment processors: Safaricom (M-Pesa), Stripe, and PayPal receive the data needed to process your payment. Each is bound by their own privacy policies and security standards.
  • Google: if you use Google Sign-In, authentication is handled by Google LLC under their Privacy Policy.
  • Email service providers: we use a transactional email provider (SMTP) to send order confirmations and notifications. These providers access email content only as needed to deliver messages.
  • Legal authorities: we may disclose data if required by Kenyan law, a court order, or to protect the rights and safety of our users or the public.

All service providers we work with are contractually required to handle your data securely and only for the purposes we specify.

5. Payments & Security

All payment transactions are encrypted using HTTPS (TLS). Card payments are processed by Stripe, which is PCI-DSS Level 1 certified — the highest security standard for card processing. M-Pesa payments are processed via Safaricom's official Daraja API.

We do not store your card number, CVV, or M-Pesa PIN. We store only the transaction reference and payment status needed to manage your order and handle refunds.

Your account password is stored as a bcrypt hash — we cannot read it, and no one at BitMall can access it.

6. Cookies

We use cookies to keep you logged in, remember your cart, and understand how visitors use our site. For full details on what cookies we use and how to control them, please read our Cookie Policy.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Account data: kept until you request deletion, plus a 30-day grace period.
  • Order records: retained for 7 years from the order date for tax and legal compliance purposes, even after account deletion.
  • Communication logs: support emails and contact form submissions are kept for up to 2 years.
  • Marketing consent: unsubscribe records are kept indefinitely to honour your preference.

8. Your Rights

Under the Kenya Data Protection Act, 2019, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your data, subject to legal retention requirements.
  • Restriction — ask us to limit how we process your data in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent — opt out of marketing emails at any time via the unsubscribe link in any email, or through your account settings.
  • Object — object to processing based on our legitimate interests.

To exercise any of these rights, email us at support@bitnova.co.ke with the subject line "Data Request". We will respond within 30 days.

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya if you believe we have not handled your data lawfully.

9. Children's Privacy

Our platform is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that a child has created an account or provided us with personal data, we will delete it promptly.

If you believe a child has submitted their information to us, please contact us immediately at support@bitnova.co.ke.

10. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by posting a notice on our homepage or sending an email to your registered address at least 14 days before the change takes effect.

The "Last updated" date at the top of this page always reflects the most recent revision. Continued use of our platform after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:

Subscribe & Save

Get exclusive offers and new arrivals straight to your inbox.