Privacy Policy
Effective June 24, 2026
1. Who we are
KibaPay operates the marketplace platform at kibapay.net, connecting independent consultants (Vendors) with businesses (Clients) seeking digital agency services. KibaPay is the data controller for information collected through the Platform and in connection with its operation.
2. Information we collect
From Vendors
- Profile data: name, professional bio, portfolio samples, service categories, availability, and pricing;
- Contact data: email address, phone number, and business name;
- Identity verification: government-issued ID or business registration documents where required to verify Vendor identity before they can receive payments;
- Payment and banking details: payout account information necessary to remit earnings, handled through our payment processor;
- Project communications: messages, files, and feedback exchanged with Clients through the Platform.
From Clients
- Account data: name, email address, company name, and phone number;
- Project briefs: project requirements, goals, assets, and any other information shared to describe the work needed;
- Payment data: billing details used to pay for Projects, processed by our payment processor โ KibaPay does not store full card numbers;
- Project communications: messages, approvals, and feedback exchanged with Vendors through the Platform.
Collected automatically
- Usage data: pages visited, search queries within the Platform, browser type, device type, and approximate location derived from IP address;
- Log data: timestamps, authentication events, and error logs for security and debugging;
- Cookies: see Section 6 below.
3. How we use your information
- Operate and improve the Platform, including matching Clients with suitable Vendors;
- Display Vendor profiles to potential Clients;
- Facilitate Project agreements, communications, and payments between Vendors and Clients;
- Process payments from Clients and remit earnings to Vendors;
- Send transactional notifications (project updates, invoices, payment confirmations);
- Verify Vendor identity and eligibility to receive payments;
- Enforce our Terms of Service, Acceptable Use Policy, and other policies;
- Send platform updates and, where opted in, marketing communications;
- Comply with applicable legal obligations.
4. Sharing of information between Vendors and Clients
When a Client engages a Vendor through the Platform, the Vendor receives the Client's project brief and contact information necessary for project delivery. The Client receives the Vendor's profile, portfolio, and contact details necessary to communicate about the Project. Both parties consent to this sharing by using the Platform.
5. Other sharing of your information
We do not sell personal data. We may share it with:
- AWS (Amazon Web Services): infrastructure and storage provider in the United States;
- Payment processors: to process Client payments and Vendor payouts;
- Email service providers: for transactional and marketing communications;
- Analytics tools: to understand how the Platform is used (with IP anonymisation where possible);
- Professional advisors: lawyers and accountants as needed;
- Law enforcement or regulators: where required by law or court order.
6. Cookies
- Strictly necessary: required for authentication and core Platform function. Cannot be disabled.
- Analytics: used to understand how visitors use the Platform. Requires consent.
- Marketing: used to measure advertising effectiveness. Requires consent.
You may withdraw consent for non-essential cookies by adjusting your browser settings or using our cookie preference centre.
7. Data retention
Account and project data is retained for three (3) years after your last active engagement on the Platform. Financial records (invoices, payment records) are retained for seven (7) years to meet statutory accounting obligations. Identity verification records are retained for the period required by applicable law.
8. Data security
We apply industry-standard security including TLS encryption in transit, encrypted storage for sensitive data, role-based access controls, and audit logging. No system is entirely secure. We will notify affected users of any confirmed breach as required by law.
9. International transfers
KibaPay is based in the United States. Users in the EEA, UK, or other jurisdictions with transfer restrictions should be aware their data is processed in the US. We rely on Standard Contractual Clauses or other appropriate safeguards where required.
10. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you;
- Request correction of inaccurate data;
- Request deletion (subject to legal retention obligations);
- Object to or restrict certain processing;
- Receive your data in a portable format;
- Withdraw consent where processing is consent-based.
Contact privacy@kibapay.net to exercise these rights. We respond within 30 days.
11. Legal basis for processing (EEA / UK users)
- Contract: processing necessary to operate your account and facilitate Projects;
- Legitimate interests: improving the Platform, security, and communicating with users;
- Consent: marketing emails and optional cookies;
- Legal obligation: retaining records as required by law.
12. California residents (CCPA / CPRA)
California residents may request to know what personal information we collect, to request deletion, and to opt out of any sale (we do not sell personal data). Contact privacy@kibapay.net for requests.
13. Children
The Platform is intended for businesses and professionals. We do not knowingly collect data from individuals under 18.
14. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be indicated by a revised effective date. Continued use of the Platform constitutes acceptance.
15. Contact
Privacy: privacy@kibapay.net
Support: support@kibapay.net