Privacy Policy

TechOps Hub ("we", "us", or "our") is committed to protecting the privacy and personal data of everyone who visits our website, enrols in our programmes, uses our platform, or engages with our services. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you hold over your data.

By accessing techopshub.com or registering on our platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our services.

This policy is governed by the laws of the Republic of Kenya, including the Kenya Data Protection Act, 2019, and is informed by internationally recognised data protection principles including those of the EU General Data Protection Regulation (GDPR) where applicable.

TechOps Hub is an AI product school, technology company, and incubator headquartered in Nairobi, Kenya. We operate training programmes, research labs, incubation services, and a commercial merchandise store ("Swag Shop").

For all data protection matters, you may contact us at:

We collect information in the following categories:

3.1 Information You Provide Directly

• Registration data: full name, email address, phone number, location, sector, and programme of interest when you apply to join TechOps Hub.
• Account credentials: email address and password (stored as a salted hash — we never store your plain-text password).
• Contact form submissions: your name, email, subject, and message when you reach us via the Contact page.
• Swag orders: name, email, phone number, shipping address, and selected product options when you place an order through our merchandise store.
• Event registrations: name, email, phone number, and any message provided when you register for a TechOps Hub event.
• Newsletter subscriptions: email address when you subscribe to our mailing list.

3.2 Information Collected Automatically

• Page analytics: we record which pages are visited and session identifiers to understand how our platform is used. This data is aggregated and does not contain personally identifiable details beyond a session token.
• Log data: our servers may automatically record IP addresses, browser type, referring URLs, and timestamps as part of standard server operation. This data is used solely for security and diagnostic purposes.

3.3 Information We Do Not Collect

• We do not collect payment card numbers or banking details. Orders are fulfilled manually and payment instructions are communicated separately.
• We do not use third-party advertising trackers, Facebook Pixel, or Google Analytics.
• We do not collect biometric data, government ID numbers, or sensitive personal data as defined under the Kenya Data Protection Act unless explicitly required and consented to.

We use the personal information we collect for the following purposes:

We will never use your personal data for automated decision-making that produces legal or similarly significant effects without your explicit consent.

We do not sell, rent, or trade your personal information to third parties. Your data may be shared only in the following limited circumstances:

• Service providers: we use Google's Gmail SMTP infrastructure to send transactional emails (OTP codes, registration confirmations, and contact replies). Google processes email content solely to deliver the message. We do not use Google Analytics or other Google tracking products.
• Hosting infrastructure: our application is hosted on cloud infrastructure (Vercel for the frontend and a server provider for the backend). These providers store data in accordance with their own security and compliance standards.
• Legal obligations: we may disclose personal data to competent authorities where required by law, court order, or to protect the rights, property, or safety of TechOps Hub, our members, or the public.
• Business transfers: in the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users in advance.

All third-party service providers are contractually obligated to handle your data securely and exclusively for the purpose for which it was shared.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected:

• Member accounts: retained for the duration of your membership and for up to 3 years after account deactivation, unless a shorter period is requested.
• Contact form messages: retained for up to 2 years for reference and follow-up purposes.
• Swag order records: retained for 5 years in accordance with standard commercial record-keeping requirements.
• Event registrations: retained for 1 year after the event date.
• Newsletter subscriptions: retained until you unsubscribe.
• OTP records: one-time passwords expire within 15 minutes and are purged from our system upon use or expiry.
• Analytics data: aggregated and anonymised — retained indefinitely as it contains no personal identifiers.

When the retention period expires, data is permanently deleted or irreversibly anonymised.

We implement technical and organisational measures to safeguard your personal information:

• Password security: all passwords are hashed using industry-standard algorithms (bcrypt). We never store or transmit plain-text passwords.
• Encrypted transmission: all data in transit between your browser and our servers is encrypted using TLS (HTTPS).
• Access control: access to personal data within our systems is restricted to authorised personnel only, governed by role-based access controls.
• OTP expiry: password reset tokens are single-use, time-limited (15 minutes), and invalidated immediately upon use.
• Secure infrastructure: our backend systems are hosted in hardened cloud environments with firewalls, intrusion detection, and regular security updates.

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and the relevant authorities as required by law without undue delay.

Under the Kenya Data Protection Act, 2019, and aligned international standards, you have the following rights regarding your personal data:

• Right of access: you may request a copy of the personal data we hold about you at any time.
• Right to rectification: if your information is inaccurate or incomplete, you may request that we correct it.
• Right to erasure ("right to be forgotten"): you may request that we delete your personal data where there is no compelling reason for its continued processing.
• Right to restrict processing: you may request that we limit how we use your data while a dispute is being resolved.
• Right to data portability: you may request your data in a structured, commonly used, and machine-readable format.
• Right to object: you may object to processing based on legitimate interest, including for direct marketing purposes.
• Right to withdraw consent: where we process data on the basis of your consent (e.g. newsletter), you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at support@techopshub.com with the subject line "Data Rights Request". We will respond within 30 days. We may need to verify your identity before processing your request.

TechOps Hub does not use third-party tracking cookies or advertising cookies. We use the following limited browser storage:

• Authentication tokens (localStorage): when you log in, we store a JSON Web Token (JWT) and refresh token in your browser's localStorage to maintain your session. These are cleared automatically when you sign out.
• Theme preference (localStorage): your light/dark mode preference is stored locally in your browser and is never transmitted to our servers.

You can clear these at any time by signing out, clearing your browser's site data, or using your browser's developer tools. No third-party cookies are set on our domain.

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from individuals under 16. If you believe a minor has provided us with personal information, please contact us immediately at support@techopshub.com and we will take prompt steps to delete it.

Your personal data is primarily stored and processed in Kenya. Where data is processed outside Kenya — for example, through cloud hosting providers — we ensure that appropriate safeguards are in place consistent with the requirements of the Kenya Data Protection Act, 2019, including standard contractual clauses or equivalent protections.

Our website may contain links to external websites. Once you leave our platform, this Privacy Policy no longer applies. We are not responsible for the privacy practices of third-party websites and encourage you to read their respective privacy policies before submitting any personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Notify registered members via the email address associated with their account.

Your continued use of TechOps Hub after the effective date of an updated policy constitutes acceptance of the revised terms.

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you believe your data protection rights have been violated and we have not resolved your complaint satisfactorily, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya (ODPC) at odpc.go.ke.