Logo

Privacy Policy

Effective Date: 1st June 2024
Last Updated: 24th November 2024

At Galactik Hosting, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with the Galactik MPESA Payments API, which facilitates secure communication between your client plugin and the Mpesa API. Please read this Privacy Policy carefully to understand our practices regarding your information and how we handle it.

1. Information We Collect

a. Data Collected when you create an account to use our API

When you create an account on this platform, the following information may be collected:

  • Your Information: Name and email.
  • Daraja M-Pesa app information: Business shortcode, paybill/Till, consumer key, consumer secret, and passkey number

a. Data Collected from the Client Plugin

When the Galactik MPESA Payments API is utilized, the following information may be collected:

  • Client Transaction Details: Website url, Invoice/order number, Client phone number, Amount, transaction ID, timestamp, status and metadata provided for the transaction.
  • Device Information: IP address and user agent for debugging and security purposes.

b. Data from Mpesa API - Callback Data

When processing transactions, we may receive the following data from the Mpesa API:

  • Payment Status: Confirmation of payment success or failure.
  • Mpesa-Specific Identifiers: Mpesa transaction IDs and payment references.

2. How We Use the Information

We use the collected information to:

  • Facilitate communication between the client plugin and the Mpesa API.
  • Process, verify, and validate transactions.
  • Provide transaction updates to clients.
  • Detect and prevent fraudulent or unauthorized activities.
  • Improve the functionality and security of the API.

3. Data Sharing and Disclosure

We do not sell or rent your information to third parties. However, we may share your information under the following circumstances:

  1. With Mpesa API: To process and verify transactions as requested by you or your system.
  2. With the Client Plugin: To relay transaction statuses and updates.
  3. With Legal Authorities: If required to comply with legal obligations, enforce agreements, or protect rights and security.
  4. With Service Providers: To support the operation and maintenance of the API (e.g., hosting and debugging).

4. Data Security

We implement industry-standard measures to safeguard your information, including:

  • Encryption: All communications between the client plugin, Galactik MPESA Payments API, and Mpesa API are encrypted using SSL/TLS.
  • Access Control: Access to data is restricted to authorized personnel only.
  • Auditing and Monitoring: Regular audits to detect and address potential vulnerabilities.

5. Data Retention

We retain transaction data for as long as necessary to fulfill the purposes outlined in this policy or as required by law. After this period, the data is securely deleted.

6. Your Data Rights

You have the following rights regarding your information:

  • Access and Rectification: Request access to or correction of your data.
  • Deletion: Request deletion of your data, subject to legal and contractual obligations.
  • Restriction: Request restricted use of your data under certain conditions.

To exercise these rights, contact us using the details provided in Section 8.

7. Third-Party APIs

The Galactik MPESA Payments API acts as an intermediary between your client plugin and Mpesa API. While we strive to ensure secure communication, any data processed by Mpesa API is subject to its own privacy policies. We recommend reviewing Mpesa's privacy policy for more information.

8. Contact Us

If you have any questions or concerns about this Privacy Policy or our data handling practices, please contact us:

Galactik Hosting
Address: 4th Floor, Delta Corner Annex, Westlands, Nairobi, Kenya
Email: gateway@galactikhosting.com
Phone: +254 773 452 067

9. Policy Updates

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective Date." Continued use of the Galactik MPESA Payments API after changes are made constitutes acceptance of the updated policy.

By using the Galactik MPESA Payments API, you acknowledge that you have read and understood this Privacy Policy and agree to the handling of your information as outlined above.