Your privacy matters. No agents, just transparency β from listings to your data.
What personal information do we process? When you use Shift, we collect information you provide (name, contacts, payment data via Safaricom) and automatic usage data like location and device info.
Do we process sensitive information? We may process limited sensitive data (like ID verification or payment details) with your consent or as allowed by Kenyan law.
How do we process your information? To provide listing services, subscriptions, security, analytics and to improve your experience β always with a legal basis.
When and with whom do we share data? We share only with essential third parties (payment processor Safaricom, Google Maps APIs) and in business transfers. No selling your data.
How do we keep your information safe? We use strong security measures, but no internet transmission is 100% secure. You also play a role by using secure environments.
What are your rights? Access, correction, deletion, withdraw consent β just contact us. Kenyan & African privacy laws give you control.
π Want details? Read the full notice below or jump to any section via the table of contents.
Personal information you disclose to us: When you register, list properties, purchase subscriptions or contact us, we may collect: names, phone numbers, email addresses, account passwords, and optional profile details. If you are a property owner, we may collect business/tax info for verification (when required).
Sensitive information: When necessary with your consent, we process payment data (handled securely via Safaricom M-Pesa) and, in some cases, ID documents to prevent fraud. All payment details are processed by Safaricom β see Safaricom privacy statement.
Application & device data: With your permission, we may collect geolocation (to show nearby properties), access to camera (for uploading property photos), and push notifications. You can change permissions anytime in device settings.
Automatically collected: IP address, device type, browser characteristics, app version, usage patterns, and approximate location based on IP to improve performance and security.
Google API notice: Our use of Google Maps Platform APIs (like Maps, Places) adheres to the Google API Services User Data Policy, including Limited Use requirements.
We process your personal information based on legitimate interests, contract performance, legal obligations, and your consent. Purposes include:
We retain personal information only as long as necessary to fulfill the purposes outlined in this policy. In general, we keep your data while your account is active, and up to 3 months after account termination for legal or operational reasons (e.g., tax records, fraud prevention). After that, we securely delete or anonymize the information.
We implement technical and organizational measures such as encryption, access controls, and regular security audits. However, no internet transmission is 100% secure. You should protect your login credentials and only access Shift on trusted networks. If you suspect unauthorized access, contact us immediately.
Shift is intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. If we discover that a minor has registered, we will delete the account and any associated data promptly. Please contact dpo@shift.ke if you are aware of any underage user.
Depending on your location (especially under Kenya's Data Protection Act, 2019, and similar African frameworks), you may have the right to:
To exercise these rights, contact us at privacy@shift.ke. You can also update account details directly via the app settings.
Currently, there is no universally accepted standard for Do-Not-Track signals. Shift does not respond to DNT browser signals at this time. We will update this policy if the industry adopts a recognized standard.
Republic of South Africa: Under POPIA, you have the right to request access or correction of your personal information. If unsatisfied with our response, you may contact the Information Regulator of South Africa:
Shift complies with the Kenya Data Protection Act (No. 24 of 2019) and respects the privacy rights of all African users.
Yes, we may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The revised date will be shown at the top. For material changes, we will notify you via email or in-app alert. We encourage you to review this page periodically.
If you have questions, comments, or data protection requests, please contact our Data Protection Officer (DPO):
π§ Email: dpo@shift.ke | π Phone: +254797882278
π Postal address:
Shift Data Protection Officer
2589 Meru, Meru County, 60200
Kenya
For general privacy inquiries: privacy@shift.ke
You can review and update your personal information directly in the Shift app by navigating to Account Settings. To request deletion of your account or personal data, please email privacy@shift.ke with the subject "Data Deletion Request". We will verify your identity and respond within 30 days as required by Kenyan law.
If you are based in South Africa, you may also lodge a complaint with the Information Regulator using the details provided above. We are committed to resolving any privacy concerns fairly.
Shift connects property owners and seekers directly β no agents, no commissions. We extend the same directness and transparency to how we treat your data. Your trust is the foundation of our marketplace.
For more details on our subscription model, advertisement fees, or property listing guidelines, please refer to our Terms of Service.
5. How do we handle your social logins?
You can register or log in using Facebook, X (Twitter), or Google. When you choose this option, we receive profile information (name, email address, profile picture) from the social platform based on your privacy settings. We use this data only for account creation and personalizing your experience. We recommend reviewing the privacy policy of each social provider.