📅 Last updated: April 8, 2026Shift Direct — No agents, just transparency
Your privacy matters. Shift connects property owners and seekers directly — no commissions, no middlemen. This policy explains what data we collect, why we collect it, and how we keep it safe, in full compliance with the Kenya Data Protection Act (No. 24 of 2019) and Google Play's Permissions and APIs that Access Sensitive Information policy.
✅ Quick summary
• We collect only what’s necessary for a property listing & discovery service.
• No SMS, call log, or phone permission is requested or used.
• Sensitive data (payment, ID verification) is only processed with consent via Safaricom or trusted partners.
• You control location, camera, and notifications – all optional.
• We never sell your personal data.
1. What information do we collect?
Shift collects only the information required to provide a secure property marketplace. We do not request or access SMS, call logs, or phone state permissions.
Business/tax info: For property owners requiring verification (e.g., KRA PIN – optional, only when required by law).
Payment & transaction data: When you buy a subscription or premium listing, payment is processed by Safaricom M-Pesa. Shift never stores full payment credentials. See Safaricom’s privacy statement for details.
Sensitive information (processed only with explicit consent)
ID documents: In rare cases (e.g., fraud prevention or legal verification), we may request a government ID. You will be asked for separate consent, and data is encrypted and deleted after verification.
Financial info: Transaction logs from M-Pesa (amount, reference, date) but no card numbers or sensitive bank details.
We do NOT collect biometric data, health data, race, or political opinions.
Automatically collected & device data (optional permissions)
📍 Approximate location: Based on IP address to show relevant properties near you. Fine location (GPS) is only collected after you grant permission – used to sort listings by distance.
📸 Camera / storage: Used only when you upload property photos or update your profile picture. Shift never accesses your gallery without your action.
🔔 Push notifications: With your permission, we send messages about inquiries, subscription status, or saved searches. You can disable this in device settings.
Usage data: Device model, app version, screens visited, crash logs – to improve stability and performance.
🔐 No SMS / Call Log permissions
Shift does not request, read, or send SMS messages. We do not access call logs, phone state, or default dialer functions. All communications between users happen through in-app chat or direct phone calls initiated manually by the user. This complies with Google Play’s “Default handler” and “Sensitive permissions” policies.
Google APIs & limited use
Shift integrates Google Maps Platform APIs (Maps, Places) to display property locations and search suggestions. Our use of Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements. We do not transfer Google user data to any third party except as necessary to provide map features.
2. How do we process your information?
We process data based on legitimate interest, contract performance, legal obligations, or your consent. Purposes include:
Account & authentication: Create and manage your Shift account.
Core service delivery: Let property owners list units, tenants search & connect directly.
Security & fraud prevention: Monitor suspicious activity, verify identities, and protect community integrity.
Analytics & improvements: Understand usage patterns to refine search filters, listing visibility, and app performance.
Communication: Respond to support requests, send subscription reminders, service updates.
We do not use automated decision-making that legally affects you without human review.
3. When and with whom do we share your data?
Service providers: Safaricom (M-Pesa payments), Google Cloud (hosting & maps), crash analytics (Firebase Crashlytics). All processors are bound by data protection agreements.
Legal compliance: When required by Kenyan law, court order, or to protect the rights and safety of Shift, our users, or the public.
Business transfers: If Shift is involved in a merger or acquisition, user data may be transferred. We will notify you via email/in-app notice.
We never sell your personal information to advertisers, data brokers, or third parties.
4. User rights and choices (including location, camera, notifications)
You control permissions directly from your device. Go to Settings → Apps → Shift to enable or disable:
📍 Location (fine GPS)
📸 Camera / photo access
🔔 Push notifications
Disabling a permission may limit features (e.g., camera for photo uploads) but does not affect basic browsing.
5. Data retention
We retain personal information only as long as needed to fulfill the purposes described. In general:
Active account: data stored until you close your account.
After account deletion: most data removed within 30 days; limited records (e.g., transaction history for tax/legal compliance) retained up to 5 years as required by Kenyan law.
Listing data (anonymized) may be used for aggregate analytics after deletion.
6. How we protect your information
We implement strong security measures: data encrypted in transit (TLS 1.3) and at rest (AES-256), access controls, and regular audits. However, no internet transmission is 100% secure. You should use a strong password and log out on shared devices.
7. Children’s privacy
Shift is intended for users aged 18 and above. We do not knowingly collect data from minors. If we discover a user under 18, we will delete the account and associated data immediately. Please contact dpo@shift.ke if you believe a minor has registered.
8. Your privacy rights (Kenya & Africa)
Under Kenya’s Data Protection Act (2019), POPIA (South Africa), and similar frameworks, you have the right to:
Access – request a copy of your personal data.
Rectification – correct inaccurate or incomplete data.
Erasure – request deletion (subject to legal exceptions).
Withdraw consent – for any processing based on consent.
Lodge a complaint – with the Office of the Data Protection Commissioner (Kenya) or your local authority.
To exercise rights, email privacy@shift.ke or use the in-app “Request my data” option.
9. Do-Not-Track and cross-device tracking
Shift does not respond to Do-Not-Track (DNT) signals at this time because no industry standard exists. We do not engage in cross-device tracking for advertising purposes.
10. International data transfers
We store data primarily on servers located in Kenya and the European Union (via Google Cloud). When transferring data outside Kenya, we rely on Standard Contractual Clauses or adequacy decisions to ensure adequate protection.
11. Updates to this Privacy Policy
We may update this policy occasionally. If changes are material, we will notify you via email or an in-app alert at least 14 days in advance. The “last updated” date at the top will always reflect the latest version.
12. Contact us (Data Protection Officer)
📧 DPO email:dpo@shift.ke
📞 Phone: +254 797 882278
📍 Postal: Shift DPO, 2589 Meru, Meru County, 60200, Kenya
🔐 Privacy inquiries:privacy@shift.ke
⚖️ Data deletion requests: Subject line “Data Deletion Request”
13. How to delete your account or data
You can delete your account directly inside the Shift app: Settings → Account → Delete Account. Alternatively, email privacy@shift.ke with the subject “Data Deletion Request”. We will verify your identity and complete deletion within 30 days. After deletion, some information (e.g., transaction records) may be retained for legal compliance but is dissociated from your identity.
📜 Our promise to Shift users
Shift connects property owners and seekers directly — no agents, no commissions. We bring the same directness and transparency to how we handle your data. Your trust is the foundation of our marketplace. We will never sell your data, and we will never request unnecessary permissions like SMS or call logs.