Privacy Policy

Kingdom Foundation is a faith-inspired charitable institution headquartered in Nairobi, Kenya, with field operations across Lagos, Accra, Cairo, Tunis and Juba. We are the data controller for the personal information described in this policy. You can reach our Data Protection Steward at privacy@kingdom.foundation.

We collect only the information needed to deliver the programs, partnerships and giving relationships you initiate with us. This includes:

• Identity & contact data — name, email, phone, country and city when you pledge, volunteer, subscribe or contact us.
• Giving data — pledged amounts, cadence, direction (which program), payment rail (M-Pesa, Airtel, bank, card) and transaction references. We never store full card numbers; payments are processed by regulated processors.
• Partnership data — for local partners: organisation name, registration, jurisdiction, signatories, uploaded contracts and verification documents.
• Volunteer data — skills, availability, references and city of service.
• Beneficiary data — only what is necessary to deliver programs (e.g. household composition for sponsorship), held under stricter access controls.
• Technical data — IP address, browser, device type, pages viewed, referring source, collected for security and analytics in aggregate.

We process personal data only for the purposes for which you provided it:

• To process and acknowledge gifts, pledges and partnerships.
• To send transactional confirmations, receipts and stewardship reports.
• To match volunteers to roles and coordinate field service.
• To verify partner credentials and uphold our governance standards.
• To send field dispatches (newsletter) when you opt in — and to honour your unsubscribe immediately when you opt out.
• To meet legal, tax, audit, anti-money-laundering and counter-terrorism-financing obligations.
• To protect the Foundation, our partners and beneficiaries from fraud and harm.

We do not sell, rent or trade your personal data — ever.

We rely on the following lawful bases:

• Consent — newsletter subscriptions, optional marketing.
• Contract — fulfilment of donor, partner and volunteer agreements.
• Legal obligation — tax, audit, regulatory reporting under Kenyan law.
• Legitimate interest — security, fraud prevention, internal analytics, governance — always balanced against your rights.
• Vital interest — limited emergency-response situations.

We share personal data strictly on a need-to-know basis with:

• Payment processors (Safaricom Daraja, Airtel Money, Stripe, our banks) — only the minimum needed to settle a transaction.
• Email and communications infrastructure providers who process newsletter and transactional email on our behalf under data-processing agreements.
• Auditors, regulators and legal counsel when required by Kenyan or international law.
• Local implementing partners in your city, where you have explicitly chosen to sponsor a community, family or enterprise.

We do not transfer data outside Kenya except to processors that uphold standards equivalent to Kenya's Data Protection Act 2019 and the EU GDPR.

We retain personal data only as long as needed for the purpose collected, and then for the minimum periods required by Kenyan tax, audit and anti-money-laundering law (typically 7 years for financial records). Newsletter and marketing data is deleted within 30 days of unsubscribe.

Under Kenya's Data Protection Act 2019, you have the right to:

• Be informed about our processing of your data (this policy).
• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion (where no overriding legal obligation applies).
• Object to processing or restrict it.
• Withdraw consent at any time — without affecting prior processing.
• Lodge a complaint with the Office of the Data Protection Commissioner of Kenya.

To exercise any of these rights, email privacy@kingdom.foundation. We respond within 30 days.

We protect personal data with industry-standard safeguards: encrypted transport (TLS), encrypted storage, role-based access, audit logging, regular vulnerability scanning, principle of least privilege for staff and partners, and independent security review. No system is perfectly secure; if we ever suffer a personal-data breach affecting you, we will notify you and the Data Protection Commissioner within 72 hours, as required by law.

We use a minimal set of strictly necessary cookies to operate the site, plus anonymised analytics to understand which stories resonate and where partners need clearer guidance. We do not use advertising cookies or sell behavioural data. You can disable cookies in your browser; the site remains fully functional.

We do not knowingly collect personal data from children under 18 without verified parental consent. Beneficiary children in our programs are enrolled by parents or legal guardians and protected by additional safeguarding policies available on request.

We may update this policy as our programs, partners or the law evolves. We will post the new version here with an updated date, and where the change is material we will notify subscribers directly.

Data Protection Steward — Kingdom Foundation
Westlands, Nairobi, Kenya
privacy@kingdom.foundation · +254 020 2333773