Ask AwraIQ about features, pricing, onboarding, login, integrations, security, demos, mobile apps, automation, reports, or support.
Our commitment to protecting your data, ensuring operational sovereignty, and maintaining ethical transparency across the AWRA ecosystem.
At AWRA OpsHub, we recognize that in the modern digital economy, data is your most valuable asset. Our architecture is built on a foundation of 'Privacy by Design,' ensuring that your organizational intelligence—from granular stock movements to high-level financial reconciliations—remains strictly within your control. We don't just secure your data; we prioritize operational sovereignty, empowering you to leverage Awra Intelligence Insights without compromising the confidentiality of your supply chain.
AWRA OpsHub System ("AWRA", "we", "our", or "us") is committed to protecting your privacy and ensuring that your personal information is handled responsibly. This Privacy Policy explains in detail what information we collect, how we use it, how we secure it, and the rights you have regarding your data. Our goal is to be fully transparent about our practices and give you confidence in how your information is managed when you use our services. By accessing or using AWRA, you agree to the terms outlined here.
AWRA OpsHub System is responsible for this public website, account registration, billing, support, security, product analytics, and service administration. For those activities, AWRA determines the purposes and means of processing personal data. When an organization uses AWRA OpsHub to manage its own inventory, procurement, vendor, sales, finance, asset, or operational records, that organization may act as the data controller for the workspace content it configures and uploads, while AWRA processes that content to provide the service and follow the organization's lawful instructions.
Privacy questions, rights requests, escalation requests, or data-protection notices can be sent to [email protected] or through the Contact AWRA page. Please include "Privacy Request" in the subject line and describe the account, organization, email address, workspace, or record involved so we can route the request correctly.
This Privacy Policy applies to all platforms, products, and services offered under the AWRA OpsHub brand, including our web application, mobile applications, integrations, and related support services. It governs the collection, storage, use, disclosure, and transfer of personal and business data. It does not extend to third-party websites or applications that may be linked through our services, and we encourage you to review the privacy practices of those third parties separately, as they may differ significantly from our own. By continuing to use our services, you acknowledge that your interactions with third parties are outside the scope of this policy, and AWRA cannot be held responsible for their practices.
We collect information in several ways: directly from you when you sign up or interact with our system, automatically when you use our services, and through integrations with third-party providers you choose to connect. The information we collect may include personal details such as your name, email address, phone number, and organization details. In a multi-organization environment, all users are linked to a specific organization using a unique ID to ensure that business data is securely partitioned between organizations. Beyond personal details, we also process business records including procurement requests, quotations, invoices, check-ins, checkouts, and transaction histories that form the core of your operational activities within AWRA. When payments are made, limited financial information may be collected, such as billing addresses and transaction details, but sensitive payment data is always handled securely by trusted third-party processors like M-Pesa, Paystack and PayPal, rather than stored on our servers. In addition, we capture communication data including messages exchanged within the system, email logs related to procurement activities, and discussions between vendors and clients. Finally, technical information such as IP addresses, device types, operating systems, and activity logs is collected to improve performance, enhance security, and troubleshoot system issues.
Depending on the modules enabled by your organization, we may also process supplier contacts, stock-count records, asset custody records, accounting references, tax or billing references, support tickets, demo requests, implementation notes, security review messages, cookie preferences, consent records, and audit events. We ask customers and users not to submit sensitive personal data unless it is necessary for a configured workflow and permitted by their organization.
The information we collect is used exclusively for purposes that support the delivery and improvement of our services. Specifically, we use your data to authenticate your identity, enable secure access to your organization’s workspace, and manage the multi-organization architecture of our platform. Business data such as procurement requests, vendor quotations, and invoices are processed to automate workflows and enable efficient record keeping. Our Awra Intelligence Insights-driven procurement engine analyzes quotations to recommend the best vendors and purchasing decisions, reducing inefficiencies and enhancing value for your organization. Communication records are stored to provide an auditable trail of vendor negotiations and internal approvals. Technical data is analyzed to detect suspicious activity, prevent fraud, optimize performance, and ensure that the system runs reliably for all users. Where required by law, we may also process your data to comply with legal and regulatory obligations. Overall, our use of data is focused on making AWRA reliable, intelligent, and responsive to the needs of your organization.
AWRA OpsHub includes intelligent workflow features that may analyze operational records such as quotations, vendor activity, stock movement, approvals, support requests, usage patterns, and security signals. These features are designed to assist users with recommendations, summaries, anomaly detection, routing, prioritization, and workflow visibility.
AWRA recommendations are advisory and are not intended to make legally binding decisions without human review. Procurement, finance, stock-control, vendor, hiring, disciplinary, or customer-facing decisions remain the responsibility of the customer organization and its authorized users. Where automated or algorithmic processing could materially affect a person or create elevated privacy risk, we review the processing for data minimization, explainability, access controls, retention behavior, and appropriate human oversight.
We process personal data only when we have a lawful basis to do so. These bases may include the performance of a contract, your consent, compliance with legal obligations, our legitimate interests in operating and securing the service, or the legitimate instructions of a customer organization using AWRA as a processor. In situations where we rely on legitimate interests, we carefully balance these against your rights and freedoms to ensure that your privacy is respected. You may withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.
AWRA does not sell your personal data under any circumstances. However, there are limited scenarios in which we may share your information. Within your organization, your data may be visible to other authorized users under the same organization so that business workflows can operate effectively. During procurement, certain information such as RFQs, quotations, and purchase orders may be shared with vendors to facilitate transactions. We also engage trusted service providers and subprocessors to deliver essential services including hosting, data storage, payment processing, email and SMS delivery, security monitoring, analytics, customer support, and operational tooling. These providers are expected to process data only for authorized service purposes and under confidentiality, security, and data-protection commitments. In addition, we may disclose information if required to do so by law, court order, or government regulation, or in cases where such disclosure is necessary to protect our rights, prevent fraud, or ensure system security. In the event of a merger, acquisition, or restructuring, your data may be transferred to ensure continuity of services.
More detail about processor commitments, subprocessors, customer instructions, and transfer safeguards is available in our Data Processing Addendum overview, and the full clause-by-clause terms are set out in our Data Processing Agreement. Customer-specific agreements may include additional subprocessor notification or approval terms.
Where a customer chooses to connect their own Google account, AWRA accesses Google user data only through the specific, least-privilege scopes the customer authorizes, and only to provide the connected feature:
drive.file) — creating and uploading documents the app itself generates (invoices, purchase orders, POS receipts, reports and vendor documents) to the customer's Drive for archiving. We can only see files the app created; we do not access other files in the user's Drive.gmail.send) — sending app-generated operational email (such as invoices, purchase orders, RFQ invitations and approval or payment notifications) from the customer's own business address. We do not read, list, label, or modify the mailbox.calendar.events) — creating and updating calendar events for operational deadlines the app manages (delivery dates, approval and RFQ due dates, asset-maintenance schedules). We do not access unrelated calendar data.Google user data obtained through these scopes is used solely to provide and improve these user-facing features, is never sold, is not used for advertising, and is not used to train generalized or third-party AI/ML models. Access by humans occurs only where required for security, to comply with applicable law, or with the user's explicit consent. A connected account can be disconnected at any time from Settings → Connectors, and access can also be revoked directly from the user's Google Account permissions.
AWRA OpsHub's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Protecting your data is one of our highest priorities. We implement industry-standard security measures such as encryption of data both in transit and at rest, role-based access controls that restrict sensitive information to authorized personnel, multi-factor authentication to strengthen account security, and real-time monitoring systems that detect unusual or unauthorized activity. All data is stored on secure servers with strict access controls, and regular audits are conducted to identify and address vulnerabilities. While we work diligently to protect your information, it is important to note that no system can be guaranteed to be 100% secure. Users are encouraged to follow security best practices, such as choosing strong passwords and avoiding credential sharing, to help maintain the integrity of their accounts.
If AWRA becomes aware of a security incident that may involve personal data, we assess the scope, affected systems, categories of data involved, potential impact, containment steps, and remediation actions. Where a notifiable personal data breach occurs and Kenyan data-protection law applies, AWRA will notify the Data Commissioner without undue delay and, where required, within seventy-two hours of becoming aware of a breach that creates a real risk of harm to affected data subjects. We will also communicate relevant breach information to affected data subjects, customer administrators, or authorized customer contacts within a reasonably practical period where required by law, customer agreement, or our role in the processing.
Where AWRA acts as a processor for a customer workspace, we may notify and assist the customer organization so it can assess controller obligations, coordinate user communication, preserve evidence, and complete any regulator-facing steps required under its agreement or applicable law.
We retain personal and business data only for as long as needed to provide the service, comply with legal obligations, support customer instructions, maintain security, resolve disputes, enforce agreements, and preserve audit evidence. The exact period can depend on the module, customer configuration, account status, legal requirements, backup cycles, and whether a legal hold or dispute applies.
| Data category | Typical retention approach |
|---|---|
| Account, organization, and user profile data | Retained while the account or workspace is active, then deleted, anonymized, or archived after account closure according to contract, support, security, and legal needs. |
| Operational workspace records | Retained while needed for inventory, procurement, sales, finance, vendor, asset, reporting, audit, and customer-configured workflows. Customer export, deletion, and retention instructions may apply. |
| Cancelled, expired, or terminated accounts | Generally held for a limited export and recovery period before final deletion or anonymization, unless law, payment disputes, fraud review, legal hold, or a customer agreement requires a different period. |
| Billing, tax, payment, and invoice records | Retained for accounting, tax, audit, dispute, chargeback, anti-fraud, and legal compliance periods, then deleted or archived according to applicable requirements. |
| Authentication, security, audit, and system logs | Retained as needed to protect accounts, investigate incidents, verify activity, enforce access controls, maintain service integrity, and satisfy audit or legal obligations. |
| Support, contact, demo, and implementation messages | Retained while we handle the request, support the customer relationship, improve service quality, and keep reasonable records of follow-up, commitments, and issue resolution. |
| Cookies, consent records, and browser preferences | Retained according to the cookie type, preference choice, browser setting, and expiration period described in the Cookie Policy and Cookie Preferences page. |
Once retention periods expire, data is deleted, anonymized, or archived in a manner that is appropriate to the record type and operational risk. Backup copies may persist for a limited period until overwritten through normal backup rotation.
AWRA uses cookies and similar technologies to enhance your user experience. Cookies allow us to maintain your session when you log in, remember your preferences, and provide personalized features. We may also use analytics, preference, security, and consent-management technologies to understand how users interact with our public pages and platform, identify errors, protect accounts, and improve service quality. Optional non-essential cookies are handled through consent and preference controls where required. You can review the Cookie Policy and manage choices through Cookie Preferences.
AWRA operates in Kenya but serves users globally. As a result, your data may be transferred to and stored on servers located in jurisdictions outside of your country of residence. Where such transfers occur, we use appropriate safeguards such as contractual commitments, security controls, subprocessor due diligence, customer instructions, and data-processing terms designed to protect personal data across borders. We do not transfer personal data outside Kenya or a user's country of residence unless there is a lawful basis, appropriate safeguard, customer instruction, contractual protection, or other permitted transfer mechanism under applicable law.
Depending on your location, you may have rights under applicable data protection laws, including the right to access the data we hold about you, correct inaccuracies, request deletion of your personal data, restrict or object to certain types of processing, and receive your data in a portable format that can be transferred to another service. You also have the right to withdraw your consent to processing where it is based on consent. You can also review practical privacy controls on our Your Privacy Choices page.
To exercise these rights, contact us at [email protected] or through the Contact AWRA page. We may need to verify your identity, authority, account, or organization before acting on a request. Where Kenyan data-protection timelines apply, access requests are generally handled within seven days, while erasure, restriction, or objection requests are generally responded to within fourteen days. Other requests are handled promptly and in accordance with applicable law.
Organization administrators can also export their data or schedule permanent deletion of the organization directly in-app from Settings → Security & Devices → My Account & Danger Zone. For step-by-step instructions on deleting your account and associated data — including what is removed, what is retained, and the applicable retention periods — see our Account & Data Deletion page.
Some requests may be declined, delayed, limited, or routed through an organization administrator where required by law, security, customer instructions, legal claims, audit obligations, accounting rules, fraud prevention, or the rights of another person. If AWRA processes workspace data on behalf of your organization, we may coordinate with the organization administrator or authorized customer contact before changing or deleting that data.
AWRA is intended for use by organizations and businesses and is not designed for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such information. If you believe that a minor has provided personal information through our services, please contact us immediately.
We maintain public trust documentation so buyers and administrators can evaluate our operational posture before and after onboarding. This includes our Trust Center, Security Whitepaper, SLA & Uptime, Data Processing Addendum, and full Data Processing Agreement. For the full set of related terms, privacy, cookie, and trust documents, visit the Legal Center. We publish these resources to make governance conversations faster, more factual, and easier to map to internal policy checklists.
Kenya may require qualifying data controllers and data processors to register with the Office of the Data Protection Commissioner. AWRA reviews its controller and processor obligations and can provide current ODPC registration status, registration evidence, exemption information, or related compliance documentation to customers and privacy reviewers upon request where applicable.
We apply privacy-by-design practices during planning, implementation, and release cycles. New features are evaluated for data minimization, role-bound visibility, retention behavior, and supportability under customer deletion or correction requests. We also prioritize practical controls that support real-world operations such as organization separation, audit logging, and least-privilege access in sensitive workflows. These controls are not static; they are reviewed as product complexity grows and as regulatory expectations evolve.
If you have a concern about how AWRA handles personal data, please contact us first at [email protected] with "Privacy Escalation" in the subject line. We will review the concern, route it to the appropriate privacy, security, support, or account team, and respond with the next step or outcome. For security vulnerabilities, please use our Responsible Disclosure process.
If your concern is not resolved, you may have the right to contact the relevant data-protection authority. For Kenya, the Office of the Data Protection Commissioner is the independent authority responsible for data-protection oversight.
From time to time, we may update this Privacy Policy to reflect changes in our practices, technology, or legal obligations. When significant updates are made, we will notify you either through email or via system notifications, and the updated version will always be posted on our website. Your continued use of our services after updates are posted constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy periodically to stay informed about how we are protecting your data.
Last updated: July 17, 2026
Help Center
Run inventory, procurement, assets, sales, and field work with approved AWRA guidance for setup, migration, integrations, security, pricing, and support.