Legal

Privacy Policy

How we handle your data. No legalese, no surprises.

Effective date: June 18, 2026

1. Information we collect

Account data. When you create an account, we collect your name, email address, and company name. If you sign up via a third-party provider (Google, etc.), we receive your basic profile information from that provider.

Submission data. Checklist responses, photos, signatures, GPS coordinates, and any other content you capture through chckd. This is your data — we store it on your behalf.

Usage data. How you interact with the app: templates created, submissions completed, features used, time spent, and error logs. This helps us improve the product.

Payment data. Billing information is processed by Paystack. We never see or store your card number. We do store your Paystack customer ID, transaction references, and subscription status.

Device and browser data. IP address, browser type, operating system, and device type. Collected automatically for security, analytics, and debugging.

2. How we use your information

  • Provide, maintain, and improve the chckd service.
  • Generate PDF reports from your submissions and deliver them to recipients you specify.
  • Send transactional emails: report deliveries, account verification, password resets, and billing receipts.
  • Process payments and manage your subscription.
  • Detect and prevent fraud, abuse, and security incidents.
  • Understand how teams use chckd to prioritize features and fix pain points.
  • Communicate about product updates, but only if you've opted in.

3. What we never do

  • We never sell your data. Not to advertisers, data brokers, or anyone else.
  • We never read your submissions unless you explicitly ask for support and grant access.
  • We never use your content for AI training. Your inspection data is yours alone.
  • We never track your visitors. No third-party analytics, no tracking pixels, no remarketing.

4. Data storage and security

Your data is stored on encrypted servers managed by reputable cloud providers with SOC 2 Type II compliance. We use TLS 1.2+ for all data in transit and AES-256 encryption for data at rest.

Access to production systems is restricted to authorized personnel with multi-factor authentication. We conduct regular security audits and follow industry best practices for application security.

Photos and files are stored on isolated, encrypted storage with no public access. Regular backups ensure data durability, and we maintain point-in-time recovery capabilities.

5. Data sharing

We share data only with services essential to operating chckd:

  • Paystack — payment processing. They handle card data, not us.
  • Email delivery services — for sending report deliveries and transactional emails.
  • Cloud infrastructure providers — for hosting, storage, and CDN.

We do not share data with any other third parties without your explicit consent. We do not use advertising networks or data brokers.

6. Data retention

We retain your data for as long as your account is active. When you delete your account, we permanently remove all your data within 30 days. Backups are purged within 90 days. We may retain minimal records (email, transaction references) for legal and accounting purposes.

7. Your rights

  • Access: Export all your data at any time from the dashboard settings.
  • Deletion: Delete your account and all associated data. Processed within 30 days.
  • Correction: Update your account information at any time.
  • Portability: Your data is exportable in CSV, JSON, and PDF formats.
  • Objection: Object to processing of your data for specific purposes.

8. Cookies

We use only essential cookies: session management, authentication, and theme preference. We do not use tracking cookies, advertising cookies, or third-party analytics that profile your visitors.

9. Children's privacy

chckd is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately.

10. International data transfers

chckd is operated from Kenya. If you access the service from outside Kenya, your data may be transferred to and processed in Kenya. We ensure appropriate safeguards are in place for international transfers.

11. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated by email and displayed prominently in the app. Continued use after changes take effect constitutes acceptance.

12. Contact

Questions about this policy? Email privacy@codesmithsystems.com.