loading...
+254717078120
info@topjointexaminations.co.ke
Dashboard

Privacy Policy

Last updated: 11 November 2025

This Privacy Policy explains how TOP Joint Examinations (“TOP Joint Exams”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal data when you visit our websites, purchase digital resources, interact with our mobile and web applications, or communicate with our support teams. We operate from Kenya and comply with the Data Protection Act, 2019 and applicable regulations.

1. Personal Data We Collect

We collect and process the following categories of information:

  • Account details: full name, email address, phone number, WhatsApp contact, school or teaching role, TSC number and verification documents where applicable.
  • Authentication credentials: encrypted passwords, one-time passcodes, session identifiers, and referral codes.
  • Payment and transaction data: MPesa checkout identifiers, till and paybill confirmations, wallet balances, withdrawal records, invoices, and audit trails required for accounting.
  • Order fulfilment data: items purchased, download history, generated ZIP archives, and delivery preferences (email, direct download, or WhatsApp dispatch).
  • Communications: messages sent to support, push notification subscriptions, email delivery status, WhatsApp bot interactions, and referral communications.
  • Usage and device data: IP address, browser metadata, device type, error logs, cookies, analytics events (e.g., Google Tag Manager), and user behaviour needed to secure accounts and improve our services.
  • Affiliate and referral data: referral codes, affiliate relationships, payout requests, and performance statistics.

2. How We Collect Data

Personal data is collected directly from you when you register, log in, place an order, request support, join the affiliate programme, or subscribe to notifications. Automated tools capture technical data through cookies, service workers, and analytics scripts. We also receive MPesa confirmations and payment metadata from Safaricom and email/SMS delivery status from our communication providers.

3. How We Use Personal Data

We use personal data to:

  • Authenticate users, manage accounts, and deliver the content you purchase.
  • Process payments via MPesa, manage wallet balances, issue receipts, and comply with taxation and bookkeeping requirements.
  • Deliver digital products securely, including encrypted PDF bundles and password-protected ZIP archives.
  • Provide customer support, respond to queries, and troubleshoot technical issues.
  • Send operational communications, push notifications, marketing updates (where permitted), and referral programme alerts.
  • Monitor platform security, detect fraud, enforce acceptable use policies, and safeguard exam content from unauthorised distribution.
  • Generate analytics to improve product relevance, pricing, performance, and user experience.
  • Meet legal obligations, cooperate with lawful requests, and enforce our Terms of Service.

We process data under the Data Protection Act, 2019 on the bases of: (a) performance of a contract when providing purchased content; (b) compliance with legal obligations such as taxation, accounting, and anti-fraud requirements; (c) legitimate interests in securing our services and preventing misuse; and (d) your consent for optional marketing communications, analytics cookies, or push notifications. You may withdraw consent at any time without affecting prior lawful processing.

5. Sharing and Disclosure

We do not sell personal data. We share information only with trusted processors and, where required, regulators:

  • Infrastructure and storage: hosting and database providers that store our application data under strict access controls.
  • Payments: Safaricom MPesa APIs for STK push, C2B, and B2C settlements, and local banking partners for reconciliation.
  • Communications: email (Nodemailer/SMTP), SMS gateways, and WhatsApp Business APIs used to deliver alerts and digital orders.
  • Analytics and monitoring: Google Tag Manager and related analytics tools for aggregate performance metrics.
  • Professional advisers and regulators: auditors, accountants, tax authorities, and law enforcement when legally obliged.

Where processors are located outside Kenya, we ensure adequate safeguards such as contractual data protection clauses or reliance on jurisdictions with comparable data protection regimes.

6. Data Retention

We retain account profiles for as long as your account remains active and for up to seven (7) years thereafter to comply with statutory record-keeping duties. Transaction records, invoices, and MPesa confirmations are kept for seven (7) years. Support tickets, referral logs, and analytics data are retained for up to three (3) years. When data is no longer required, it is securely deleted or anonymised.

7. Security Practices

We safeguard personal data using TLS encryption in transit, network isolation for databases, regular patching, hashed and salted passwords, scoped access controls for staff, automated monitoring for suspicious activity, and encrypted document delivery workflows. Despite these safeguards, no online platform can guarantee absolute security; please keep your credentials confidential and notify us immediately of suspected compromise.

8. Cookies, Analytics, and Push Notifications

We use cookies and similar technologies to maintain secure sessions, remember cart items, record referral attribution, and measure site performance. Some cookies are essential; others (analytics, marketing) are optional and may be disabled through your browser settings. Our progressive web app components register a service worker to enable push notifications; you can disable notifications in your browser or device preferences. We do not serve third-party behavioural advertising.

9. Wallets, Withdrawals, and Affiliates

When you earn commissions or reload a wallet, we maintain ledger entries, withdrawal requests, and reconciliation artefacts to protect both you and TOP Joint Exams. Withdrawal payouts are executed through MPesa B2C and require recipient phone numbers and identity verification. These records form part of your financial data and are subject to the retention and disclosure terms above.

10. Learners and Minors

Our content targets teachers, guardians, and students under adult supervision. Accounts must be created by individuals who are 18 years or older, or by educators/guardians on behalf of minors. If we learn that we have collected data from a minor without appropriate consent, we will promptly delete it. Please contact us if you believe a minor has provided personal data without authorisation.

11. Your Rights

Under the Data Protection Act, 2019 you may request: (a) access to personal data we hold; (b) correction of inaccurate or incomplete data; (c) deletion or anonymisation of data that is no longer required; (d) restriction of processing; (e) portability of data provided by you; and (f) objection to processing based on legitimate interests or direct marketing. Submit requests via the contact channels below and we will respond within the statutory timelines. We may request additional proof of identity before acting.

12. Changes to This Policy

We may revise this Privacy Policy to reflect legal, technical, or operational updates. Material changes will be communicated through the website or by direct notice where feasible. The “Last updated” date indicates the most recent revision.

13. Contact Us

For privacy questions, data access requests, or complaints, please email info@topjointexaminations.co.ke, call +254717078120, or write to P.O Box 1057, Machakos, Kenya. You may also escalate unresolved concerns to the Office of the Data Protection Commissioner (ODPC) in Kenya.