Tajji Privacy Policy

Last Updated: February 2026

1. Who We Are

Tajji Real Estate Limited ("Tajji", "we", "us") operates:

  • BomaOS – Shared property infrastructure for landlords, operators, and property managers
  • Jirani – Tenant identity, payment, and participation platform

Tajji is registered with the Office of the Data Protection Commissioner (ODPC), Kenya as both a Data Controller and Data Processor.

2. Our Regulatory Posture

Tajji operates as infrastructure, not as:

  • A marketplace
  • A broker or agent
  • A rent-setting coordinator
  • A tax representative
  • A collection agent

Tajji provides governed coordination tooling and ledger infrastructure. Our data processing posture reflects that infrastructure role.

3. Roles Under Data Protection Law

Depending on context, Tajji may act as:

3.1 Data Controller

Where Tajji determines the purposes and means of processing, including:

  • Platform account creation
  • Identity verification (KYC/KYB/KYW)
  • Tenant onboarding via Jirani
  • Security monitoring and audit logging
  • Compliance and regulatory reporting

3.2 Data Processor

Where we process data to enable portfolio operations under BomaOS on behalf of landlords or operators.

The Client (landlord/operator) does not become a Data Controller for Jirani-collected data. Cross-platform flows are governed under Tajji’s unified compliance framework.

4. Categories of Personal Data We Process

We may process:

Tenants (Residential & Commercial)

  • Full name
  • National ID / Passport
  • KRA PIN (where required)
  • Phone, email, address
  • Lease ID and occupancy dates
  • Rent and arrears balances
  • Payment method metadata
  • Bank account (masked)
  • Mobile wallet ID
  • Transaction references
  • Next-of-kin contact
  • Support tickets

Landlords / Property Owners

  • Identity details
  • KRA PIN
  • Contact information
  • Bank account (masked)
  • Disbursement preferences

PMFs / Workforce / Vendors

  • Name
  • Role
  • Contact information
  • Attendance logs (geo-tag timestamps where applicable)
  • Audit logs
  • Bank account (masked)

Payments Data

  • Payer identity
  • Payee identity
  • Payment tokens
  • Transaction references
  • Settlement status

Security & Access Events

  • Credential ID
  • Entry/exit timestamps
  • Device IDs
  • Incident notes

Analytics (Pseudonymized)

  • Hashed user ID
  • Usage metrics
  • Device metadata
  • Error logs
  • Consent version IDs

5. Sensitive Personal Data

We may process limited categories of sensitive data where necessary, including:

  • Health data (for safety/emergency response)
  • Biometric data (for access control where enabled)
  • GPS location (for workforce attendance and security audit trails)
  • Marital or next-of-kin information (for tenancy guarantees or succession support)

We do not profile individuals based on race, religion, sexual orientation, or genetic data.

Sensitive data is processed only where legally required, with explicit consent (where required), and under documented DPIA coverage.

6. Why We Process Personal Data

We process personal data to:

  • Verify identity (KYC / KYB / KYW)
  • Register and govern occupancy relationships
  • Execute billing and rent reconciliation
  • Process payments with fund-class separation
  • Coordinate maintenance and workforce workflows
  • Preserve evidence for disputes
  • Comply with regulatory obligations
  • Maintain audit-grade ledgers
  • Enforce containment states when applicable

We do not sell personal data.

7. Fund-Class Separation and Financial Data

Platform Fees, Rent Pass-Through, Security Deposits, Maintenance Reserves, and Utility Pass-Throughs are distinct fund classes.

Personal data associated with each fund class remains separately attributable, not pooled across principals, and never set off across fund classes.

8. Data Retention

Key principles:

  • Ledgers are never destroyed
  • Obligation-anchored records remain retained while governed relationships exist
  • Dispute evidence is preserved during dispute lock
  • Deletion means access revocation and lawful anonymization
  • Audit logs survive termination

We retain data only as long as required for:

  • Operational continuity
  • Compliance
  • Lawful dispute/regulator hold
  • Audit reconstruction

9. Cross-Border Transfers

Tajji infrastructure may be hosted outside Kenya, including in EU data centers. Cross-border transfers are subject to:

  • Adequacy safeguards
  • Encryption in transit and at rest
  • Access controls
  • processor contractual safeguards

10. Security Measures

We implement:

  • Encryption at rest and in transit
  • Role-based access control
  • Multi-factor authentication
  • Immutable audit logging
  • Container isolation
  • Regular patching and vulnerability scanning
  • 3-2-1 immutable backups
  • DDoS mitigation
  • Tokenized payment handling

Security is architectural, not additive.

11. Data Subject Rights

Subject to legal limitations, individuals may:

  • Request access to their personal data
  • Request correction
  • Request deletion (where lawful)
  • Object to processing
  • Request data portability
  • Withdraw consent (where consent-based)

Where data forms part of an active obligation graph or legal hold, deletion may be lawfully restricted.

Requests may be submitted to: privacy@tajji.io

12. Automated Decision-Making

We may use AI-driven decision support for:

  • fraud detection
  • risk flagging
  • workflow prioritization
  • Yield analytics (portfolio-scoped)
  • Request data portability
  • Withdraw consent (where consent-based)

AI outputs are non-binding and do not constitute legal or financial advice. No automated decision has legal effect without human oversight.

13. Children’s Data

Tajji does not knowingly process children’s data except:

  • where required for lawful occupancy (e.g., minor listed as resident)
  • with guardian or legal representative consent.

14. Regulatory Disclosures

We may disclose data:

  • To regulators
  • Under court order
  • Under lawful enforcement request
  • For AML/fraud investigations

Disclosure does not create agency representation.

15. Cookies and Tracking Technologies

Tajji uses cookies, software development kits (SDKs), local storage, and similar tracking technologies across our website, mobile applications, and desktop applications.

15.1 Categories of Tracking Technologies

We use the following categories:

  • Strictly Necessary Technologies

    Required for platform authentication, session management, security enforcement, fraud detection, and infrastructure integrity.

  • Analytics Technologies

    We use PostHog (cloud-hosted in the European Union) to collect and analyze pseudonymized website visitor data, product usage analytics, surveys, feature interaction events, and performance metrics.

PostHog processing characteristics:

  • Hosted in the EU (cloud deployment)
  • IP addresses are anonymized prior to storage
  • Event data is associated with hashed or internal user identifiers
  • Feature flagging may be applied based on authenticated user identity and behavioral metrics
  • Cross-platform product analytics may link web and application events where users authenticate

Analytics data helps us:

  • Improve usability and workflow efficiency
  • Evaluate feature adoption
  • Diagnose errors and performance issues
  • Measure platform stability and engagement

Where analytics are tied to authenticated accounts, such data constitutes personal data and is processed under our lawful basis for service provision, security, and legitimate interests.

Functional Technologies

Used to remember preferences, consent selections, and interface configurations.

15.2 Consent and Control

Where required by applicable law, non-essential analytics technologies are deployed based on user consent.

Users may:

  • Adjust browser cookie settings
  • Withdraw consent via cookie preference controls (where presented)
  • Contact Tajji to request restriction of processing where applicable

Disabling certain technologies may affect functionality.

15.3 Retention of Analytics Data

Analytics identifiers and event logs are retained only for as long as necessary for:

  • Product improvement
  • Security and fraud detection
  • Operational diagnostics
  • Compliance documentation

Retention remains subject to Section 8 (Data Retention) principles of this Policy.

16. Changes to This Policy

We may update this Privacy Policy to reflect:

  • Regulatory changes
  • Infrastructure changes
  • Security posture updates
  • Changes to tracking technologies or analytics providers

Material changes will be notified through platform channels.

15. Changes to This Policy

We may update this Privacy Policy to reflect:

  • regulatory changes
  • infrastructure changes
  • security posture updates
  • For AML/fraud investigations

Material changes will be notified through platform channels.