Privacy Policy and Data Protection Commitment for our clients and digital systems.
This Privacy Policy explains how GraphiqLab Studios Limited collects, uses, stores, protects and shares information when you visit our website, submit a project brief, request a quotation, work with us, or use any system, website, cloud based solution, digital platform or creative service that we design, develop, support or manage.
Data security is a priority at GraphiqLab. We design and build digital systems with reasonable technical, operational and administrative safeguards intended to protect client information. We do not sell personal data. We use client data only for legitimate business, service delivery, communication, compliance, security and agreed project purposes.
1. Introduction
We treat client information as a serious business responsibility.
GraphiqLab Studios Limited, referred to in this Policy as “GraphiqLab”, “we”, “us”, “our” or “the Company”, respects privacy and is committed to protecting personal data, business information and project information entrusted to us.
This Policy explains what information we collect, why we collect it, how we use it, how we protect it, when we may share it, how long we keep it and what rights individuals may have regarding their personal data.
By using our website, submitting information through our forms, requesting our services, engaging us for a project, communicating with us or using systems we build or support, you acknowledge that you have read and understood this Privacy Policy.
2. Scope of this Policy
This Policy applies to GraphiqLab’s creative, digital, cloud and business services.
This Policy applies to information collected or processed through GraphiqLab’s website, contact forms, project brief forms, email communication, WhatsApp communication, phone calls, proposals, contracts, invoices, design projects, web development projects, cloud based systems, digital marketing campaigns, SEO work, branding services, AI supported workflows and other services offered by GraphiqLab.
Full scope explanation
This Policy applies whether you are a visitor, prospect, client, supplier, contractor, collaborator, employee applicant, project stakeholder, system user, administrator, customer of a client system or any person whose information is submitted to us in connection with our services.
Where GraphiqLab builds or supports a system for a client, the client may also have its own privacy policy and legal obligations. In such cases, GraphiqLab may act as a service provider, developer, data processor, technical support provider or system administrator depending on the agreement and system structure.
3. Information We Collect
We collect information needed to communicate, deliver services, secure systems and meet obligations.
3.1 Information you provide directly
We may collect personal, business and project information that you voluntarily submit when you contact us, fill out forms, request a quotation, start a project, request support, subscribe to updates, apply for collaboration or engage our services.
- Full name, business name, job title and organisation details.
- Email address, phone number, WhatsApp contact and communication preferences.
- Project requirements, brand materials, references, business goals, budgets, timelines and approvals.
- Billing details, invoice details and payment confirmation details.
- Messages, feedback, testimonials, support requests and correspondence.
- Documents, images, logos, content, files and other materials shared for project work.
3.2 Information collected automatically
When you visit our website, we may collect technical and usage information through cookies, analytics tools, server logs and similar technologies.
- IP address, approximate location, browser type, operating system and device type.
- Pages visited, time spent, referral sources, clicks and general website interaction data.
- Date, time, session information and traffic patterns.
- Information used to improve website performance, user experience and security.
3.3 Information from third parties
We may receive information from trusted business tools, analytics providers, payment processors, hosting platforms, advertising platforms, social media platforms, referral partners or tools integrated into our service delivery workflow.
4. Cloud Systems and Client Data
When we build systems that store data in the cloud, security is treated as a core project requirement.
GraphiqLab may design, develop, configure, support or maintain cloud based systems for clients. These may include websites, dashboards, booking systems, admin panels, data collection forms, portals, customer management tools, reporting systems, employee systems, document storage workflows, automation tools and other digital platforms.
Where a system stores client data or user data in the cloud, we aim to apply reasonable safeguards that may include controlled access, authentication, permission separation, secure hosting choices, encrypted transmission where supported, database rules, backup planning, audit awareness and limited access by authorised team members only.
Read more about cloud system responsibilities
Cloud systems may depend on third party platforms such as hosting providers, database services, email tools, automation platforms, payment processors, analytics platforms and content management systems. These providers may process information under their own terms, privacy policies and security standards.
Where GraphiqLab is engaged only to design, develop or configure a system, the client remains responsible for providing accurate instructions, choosing lawful data collection practices, obtaining required consents, publishing their own user privacy notices where needed, managing their staff access, keeping account credentials secure and complying with laws that apply to their industry.
GraphiqLab will not knowingly design systems intended for unlawful data collection, hidden surveillance, unauthorised access, credential theft or misuse of personal information.
5. How We Use Information
We use information for legitimate business, project, security and communication purposes.
- To respond to enquiries, project briefs, quote requests, consultations and support requests.
- To plan, design, develop, deliver and maintain branding, graphic design, web design, UI and UX design, SEO, digital marketing and system development projects.
- To create proposals, invoices, contracts, project plans, reports, presentations and client communication.
- To manage revisions, approvals, feedback, timelines, deliverables and client relationships.
- To operate, improve, secure and troubleshoot websites, forms, dashboards, systems and tools.
- To send service updates, educational content, marketing communication or portfolio updates where permitted.
- To measure website performance, campaign performance, content engagement and business effectiveness.
- To prevent fraud, misuse, unauthorised access, spam, abuse or security incidents.
- To comply with accounting, legal, tax, regulatory, contractual and dispute resolution requirements.
6. Legal Basis for Processing
We process information only where we have a lawful and practical reason.
Depending on the context, we may process personal data on the basis of consent, performance of a contract, steps taken before entering into a contract, compliance with a legal obligation, legitimate business interests, protection of rights, security needs or another lawful basis recognised under applicable data protection laws.
Examples of legal basis in practice
If you fill a contact form, we use your information to respond to your enquiry. If you hire us, we use project information to deliver the work. If we issue an invoice, we keep relevant records for accounting and tax purposes. If we send marketing updates, we do so where you opted in, where the law allows it, or where there is a reasonable business relationship and a clear opt out option.
7. Sharing and Disclosure
We do not sell personal data. We share information only when necessary and controlled.
We may share limited information with trusted service providers, contractors, platforms or partners who help us operate our website, deliver projects, process payments, host systems, manage email, analyse traffic, run campaigns, store project files, provide technical support or comply with legal obligations.
- Hosting providers, cloud platforms, website builders and database providers.
- Email, communication, project management and customer support tools.
- Payment processors, banks, mobile money channels and accounting tools.
- Analytics, advertising, SEO and performance measurement tools.
- Freelancers, subcontractors, photographers, developers, writers, marketers or consultants engaged for project delivery.
- Legal, tax, accounting, compliance or professional advisers where necessary.
- Government, regulatory or law enforcement authorities where required by law.
Where we work with third parties, we expect them to protect information and use it only for authorised purposes. However, third party providers may also be governed by their own privacy policies and contractual terms.
8. Data Security Measures
We use reasonable safeguards to protect information entrusted to us.
GraphiqLab aims to protect personal, business and project information using reasonable technical, administrative and organisational safeguards appropriate to the nature of the information, the service provided and the tools used.
Read more about security controls
Depending on the project, safeguards may include role based access, authentication controls, secure database rules, form validation, spam protection, backups, logging, account permission reviews, restricted admin accounts, secure hosting configuration, security conscious API handling and reasonable technical review before deployment.
The exact safeguards may vary by project type, budget, platform, hosting provider, client requirements and agreed scope of work.
9. AI and Automation Tools
We may use AI supported tools responsibly to improve creative and technical delivery.
GraphiqLab may use AI assisted tools, automation platforms, analytics tools and design or development support tools to improve workflows, generate drafts, review content, analyse performance, support coding, structure research, create design directions and improve service quality.
Where client information is used in AI supported workflows, we aim to limit unnecessary personal data, avoid uploading sensitive data unless required for the project, and use tools in a manner consistent with confidentiality, privacy and project requirements.
Read more about AI use
AI outputs may require human review. GraphiqLab does not rely on AI tools as a substitute for professional judgement, client approval or legal compliance. Clients should avoid sending unnecessary sensitive information unless it is required for the agreed scope.
10. Data Retention
We keep information only for as long as reasonably necessary.
We retain information for as long as needed to deliver services, manage client relationships, maintain project records, support repeat work, comply with legal or accounting obligations, resolve disputes, enforce agreements, improve services or meet legitimate business needs.
- Project communication and deliverables may be retained for client support, portfolio history and business records.
- Financial and invoicing records may be retained as required by law, tax rules and accounting practice.
- Website analytics may be kept in aggregated or technical form for performance improvement.
- Support records may be retained to manage system history and recurring technical issues.
When information is no longer required, we aim to delete, archive, anonymise or securely restrict it where reasonably practicable.
11. Your Privacy Rights
You may have rights over your personal data.
Depending on applicable law, including Kenyan data protection law where relevant, you may have rights to be informed about how your data is used, access your personal data, request correction, request deletion where legally possible, object to certain processing, restrict certain processing, withdraw consent and opt out of marketing communication.
- Request access to personal information we hold about you.
- Ask us to correct inaccurate or incomplete information.
- Ask us to delete information where legally and technically possible.
- Withdraw consent where processing is based on consent.
- Object to or restrict certain processing activities.
- Opt out of marketing emails, promotional updates or targeted communication.
To exercise these rights, contact us using the details at the end of this Policy. We may need to verify your identity before acting on a request.
12. Cookies and Analytics
We use cookies and similar technologies to improve website performance and user experience.
Our website may use cookies, pixels, tags, analytics scripts and similar technologies to remember preferences, understand traffic, improve functionality, protect the website, measure campaign performance and provide a better browsing experience.
You can manage cookies through your browser settings. Blocking cookies may affect some website features, form functions, analytics accuracy or user experience.
13. Children’s Privacy
Our services are intended for businesses, organisations and adults.
GraphiqLab’s services are not directed at children under 16. We do not knowingly collect personal information from children under 16. If we learn that such information has been submitted without appropriate authority, we will take reasonable steps to delete it.
14. International Data Transfers
Some tools we use may process information outside Kenya.
Because digital services often rely on global technology providers, information may be stored or processed in countries outside Kenya. This may occur through hosting providers, cloud platforms, email systems, payment processors, analytics platforms, design tools, automation tools and other third party services.
Where such transfers occur, we aim to use trusted providers and reasonable safeguards appropriate to the service, project and applicable law.
15. Data Incidents and Breach Response
If a data incident occurs, we aim to respond responsibly and quickly.
If we become aware of a suspected or confirmed data breach affecting information under our control, we will assess the nature of the incident, take reasonable containment steps, investigate the cause, preserve relevant records, notify affected clients or users where appropriate and comply with applicable legal obligations.
Read more about incident responsibilities
Where a client controls a system and GraphiqLab only provides technical support, breach notification responsibilities may depend on the contract, the client’s role, the type of data, the system ownership and applicable law. Clients are responsible for promptly notifying us if they suspect unauthorised access to a system we manage or support.
16. Updates to this Policy
We may update this Privacy Policy as our services, tools and legal obligations evolve.
We may revise this Policy from time to time to reflect changes in our services, website, systems, tools, security practices, legal requirements or business operations. The updated version will be posted on this page with a new “Last updated” date.
Continued use of our website or services after an updated Policy is published means you acknowledge the revised Policy.
17. Contact Information
Contact GraphiqLab about privacy, data protection or security concerns.
If you have questions, concerns, requests or complaints about this Privacy Policy or how GraphiqLab handles information, contact us using the details below.
- Company: GraphiqLab Studios Limited
- Website: www.graphiqlab.com
- Address: 241 Kahawa Sukari Ave, Kenya
- Phone: +254 759 902 888 / +254 112 867 087
- Email: graphiqlabcompany.ke@gmail.com
- Recommended subject line: Privacy Policy Inquiry
18. Governing Law
This Policy is governed by the laws of Kenya.
This Privacy Policy is governed by the laws of Kenya. Any dispute arising from or relating to this Policy, GraphiqLab’s privacy practices, website use, services or data handling will be handled in accordance with applicable Kenyan law and by competent courts or authorities in Kenya, unless another written agreement provides otherwise.
This Policy replaces previous versions published by GraphiqLab Studios Limited and remains effective until updated or replaced.
Your data deserves serious handling.
GraphiqLab builds brands, websites and digital systems with privacy, trust and responsible data handling in mind. For privacy questions, system security concerns or project discussions, contact our studio directly.
Privacy Policy and Data Protection Commitment for our clients and digital systems.
This Privacy Policy explains how GraphiqLab Studios Limited collects, uses, stores, protects and shares information when you visit our website, submit a project brief, request a quotation, work with us, or use any system, website, cloud based solution, digital platform or creative service that we design, develop, support or manage.
Data security is a priority at GraphiqLab. We design and build digital systems with reasonable technical, operational and administrative safeguards intended to protect client information. We do not sell personal data. We use client data only for legitimate business, service delivery, communication, compliance, security and agreed project purposes.
1. Introduction
We treat client information as a serious business responsibility.
GraphiqLab Studios Limited, referred to in this Policy as “GraphiqLab”, “we”, “us”, “our” or “the Company”, respects privacy and is committed to protecting personal data, business information and project information entrusted to us.
This Policy explains what information we collect, why we collect it, how we use it, how we protect it, when we may share it, how long we keep it and what rights individuals may have regarding their personal data.
By using our website, submitting information through our forms, requesting our services, engaging us for a project, communicating with us or using systems we build or support, you acknowledge that you have read and understood this Privacy Policy.
2. Scope of this Policy
This Policy applies to GraphiqLab’s creative, digital, cloud and business services.
This Policy applies to information collected or processed through GraphiqLab’s website, contact forms, project brief forms, email communication, WhatsApp communication, phone calls, proposals, contracts, invoices, design projects, web development projects, cloud based systems, digital marketing campaigns, SEO work, branding services, AI supported workflows and other services offered by GraphiqLab.
Full scope explanation
This Policy applies whether you are a visitor, prospect, client, supplier, contractor, collaborator, employee applicant, project stakeholder, system user, administrator, customer of a client system or any person whose information is submitted to us in connection with our services.
Where GraphiqLab builds or supports a system for a client, the client may also have its own privacy policy and legal obligations. In such cases, GraphiqLab may act as a service provider, developer, data processor, technical support provider or system administrator depending on the agreement and system structure.
3. Information We Collect
We collect information needed to communicate, deliver services, secure systems and meet obligations.
3.1 Information you provide directly
We may collect personal, business and project information that you voluntarily submit when you contact us, fill out forms, request a quotation, start a project, request support, subscribe to updates, apply for collaboration or engage our services.
- Full name, business name, job title and organisation details.
- Email address, phone number, WhatsApp contact and communication preferences.
- Project requirements, brand materials, references, business goals, budgets, timelines and approvals.
- Billing details, invoice details and payment confirmation details.
- Messages, feedback, testimonials, support requests and correspondence.
- Documents, images, logos, content, files and other materials shared for project work.
3.2 Information collected automatically
When you visit our website, we may collect technical and usage information through cookies, analytics tools, server logs and similar technologies.
- IP address, approximate location, browser type, operating system and device type.
- Pages visited, time spent, referral sources, clicks and general website interaction data.
- Date, time, session information and traffic patterns.
- Information used to improve website performance, user experience and security.
3.3 Information from third parties
We may receive information from trusted business tools, analytics providers, payment processors, hosting platforms, advertising platforms, social media platforms, referral partners or tools integrated into our service delivery workflow.
4. Cloud Systems and Client Data
When we build systems that store data in the cloud, security is treated as a core project requirement.
GraphiqLab may design, develop, configure, support or maintain cloud based systems for clients. These may include websites, dashboards, booking systems, admin panels, data collection forms, portals, customer management tools, reporting systems, employee systems, document storage workflows, automation tools and other digital platforms.
Where a system stores client data or user data in the cloud, we aim to apply reasonable safeguards that may include controlled access, authentication, permission separation, secure hosting choices, encrypted transmission where supported, database rules, backup planning, audit awareness and limited access by authorised team members only.
Read more about cloud system responsibilities
Cloud systems may depend on third party platforms such as hosting providers, database services, email tools, automation platforms, payment processors, analytics platforms and content management systems. These providers may process information under their own terms, privacy policies and security standards.
Where GraphiqLab is engaged only to design, develop or configure a system, the client remains responsible for providing accurate instructions, choosing lawful data collection practices, obtaining required consents, publishing their own user privacy notices where needed, managing their staff access, keeping account credentials secure and complying with laws that apply to their industry.
GraphiqLab will not knowingly design systems intended for unlawful data collection, hidden surveillance, unauthorised access, credential theft or misuse of personal information.
5. How We Use Information
We use information for legitimate business, project, security and communication purposes.
- To respond to enquiries, project briefs, quote requests, consultations and support requests.
- To plan, design, develop, deliver and maintain branding, graphic design, web design, UI and UX design, SEO, digital marketing and system development projects.
- To create proposals, invoices, contracts, project plans, reports, presentations and client communication.
- To manage revisions, approvals, feedback, timelines, deliverables and client relationships.
- To operate, improve, secure and troubleshoot websites, forms, dashboards, systems and tools.
- To send service updates, educational content, marketing communication or portfolio updates where permitted.
- To measure website performance, campaign performance, content engagement and business effectiveness.
- To prevent fraud, misuse, unauthorised access, spam, abuse or security incidents.
- To comply with accounting, legal, tax, regulatory, contractual and dispute resolution requirements.
6. Legal Basis for Processing
We process information only where we have a lawful and practical reason.
Depending on the context, we may process personal data on the basis of consent, performance of a contract, steps taken before entering into a contract, compliance with a legal obligation, legitimate business interests, protection of rights, security needs or another lawful basis recognised under applicable data protection laws.
Examples of legal basis in practice
If you fill a contact form, we use your information to respond to your enquiry. If you hire us, we use project information to deliver the work. If we issue an invoice, we keep relevant records for accounting and tax purposes. If we send marketing updates, we do so where you opted in, where the law allows it, or where there is a reasonable business relationship and a clear opt out option.
7. Sharing and Disclosure
We do not sell personal data. We share information only when necessary and controlled.
We may share limited information with trusted service providers, contractors, platforms or partners who help us operate our website, deliver projects, process payments, host systems, manage email, analyse traffic, run campaigns, store project files, provide technical support or comply with legal obligations.
- Hosting providers, cloud platforms, website builders and database providers.
- Email, communication, project management and customer support tools.
- Payment processors, banks, mobile money channels and accounting tools.
- Analytics, advertising, SEO and performance measurement tools.
- Freelancers, subcontractors, photographers, developers, writers, marketers or consultants engaged for project delivery.
- Legal, tax, accounting, compliance or professional advisers where necessary.
- Government, regulatory or law enforcement authorities where required by law.
Where we work with third parties, we expect them to protect information and use it only for authorised purposes. However, third party providers may also be governed by their own privacy policies and contractual terms.
8. Data Security Measures
We use reasonable safeguards to protect information entrusted to us.
GraphiqLab aims to protect personal, business and project information using reasonable technical, administrative and organisational safeguards appropriate to the nature of the information, the service provided and the tools used.
Read more about security controls
Depending on the project, safeguards may include role based access, authentication controls, secure database rules, form validation, spam protection, backups, logging, account permission reviews, restricted admin accounts, secure hosting configuration, security conscious API handling and reasonable technical review before deployment.
The exact safeguards may vary by project type, budget, platform, hosting provider, client requirements and agreed scope of work.
9. AI and Automation Tools
We may use AI supported tools responsibly to improve creative and technical delivery.
GraphiqLab may use AI assisted tools, automation platforms, analytics tools and design or development support tools to improve workflows, generate drafts, review content, analyse performance, support coding, structure research, create design directions and improve service quality.
Where client information is used in AI supported workflows, we aim to limit unnecessary personal data, avoid uploading sensitive data unless required for the project, and use tools in a manner consistent with confidentiality, privacy and project requirements.
Read more about AI use
AI outputs may require human review. GraphiqLab does not rely on AI tools as a substitute for professional judgement, client approval or legal compliance. Clients should avoid sending unnecessary sensitive information unless it is required for the agreed scope.
10. Data Retention
We keep information only for as long as reasonably necessary.
We retain information for as long as needed to deliver services, manage client relationships, maintain project records, support repeat work, comply with legal or accounting obligations, resolve disputes, enforce agreements, improve services or meet legitimate business needs.
- Project communication and deliverables may be retained for client support, portfolio history and business records.
- Financial and invoicing records may be retained as required by law, tax rules and accounting practice.
- Website analytics may be kept in aggregated or technical form for performance improvement.
- Support records may be retained to manage system history and recurring technical issues.
When information is no longer required, we aim to delete, archive, anonymise or securely restrict it where reasonably practicable.
11. Your Privacy Rights
You may have rights over your personal data.
Depending on applicable law, including Kenyan data protection law where relevant, you may have rights to be informed about how your data is used, access your personal data, request correction, request deletion where legally possible, object to certain processing, restrict certain processing, withdraw consent and opt out of marketing communication.
- Request access to personal information we hold about you.
- Ask us to correct inaccurate or incomplete information.
- Ask us to delete information where legally and technically possible.
- Withdraw consent where processing is based on consent.
- Object to or restrict certain processing activities.
- Opt out of marketing emails, promotional updates or targeted communication.
To exercise these rights, contact us using the details at the end of this Policy. We may need to verify your identity before acting on a request.
12. Cookies and Analytics
We use cookies and similar technologies to improve website performance and user experience.
Our website may use cookies, pixels, tags, analytics scripts and similar technologies to remember preferences, understand traffic, improve functionality, protect the website, measure campaign performance and provide a better browsing experience.
You can manage cookies through your browser settings. Blocking cookies may affect some website features, form functions, analytics accuracy or user experience.
13. Children’s Privacy
Our services are intended for businesses, organisations and adults.
GraphiqLab’s services are not directed at children under 16. We do not knowingly collect personal information from children under 16. If we learn that such information has been submitted without appropriate authority, we will take reasonable steps to delete it.
14. International Data Transfers
Some tools we use may process information outside Kenya.
Because digital services often rely on global technology providers, information may be stored or processed in countries outside Kenya. This may occur through hosting providers, cloud platforms, email systems, payment processors, analytics platforms, design tools, automation tools and other third party services.
Where such transfers occur, we aim to use trusted providers and reasonable safeguards appropriate to the service, project and applicable law.
15. Data Incidents and Breach Response
If a data incident occurs, we aim to respond responsibly and quickly.
If we become aware of a suspected or confirmed data breach affecting information under our control, we will assess the nature of the incident, take reasonable containment steps, investigate the cause, preserve relevant records, notify affected clients or users where appropriate and comply with applicable legal obligations.
Read more about incident responsibilities
Where a client controls a system and GraphiqLab only provides technical support, breach notification responsibilities may depend on the contract, the client’s role, the type of data, the system ownership and applicable law. Clients are responsible for promptly notifying us if they suspect unauthorised access to a system we manage or support.
16. Updates to this Policy
We may update this Privacy Policy as our services, tools and legal obligations evolve.
We may revise this Policy from time to time to reflect changes in our services, website, systems, tools, security practices, legal requirements or business operations. The updated version will be posted on this page with a new “Last updated” date.
Continued use of our website or services after an updated Policy is published means you acknowledge the revised Policy.
17. Contact Information
Contact GraphiqLab about privacy, data protection or security concerns.
If you have questions, concerns, requests or complaints about this Privacy Policy or how GraphiqLab handles information, contact us using the details below.
- Company: GraphiqLab Studios Limited
- Website: www.graphiqlab.com
- Address: 241 Kahawa Sukari Ave, Kenya
- Phone: +254 759 902 888 / +254 112 867 087
- Email: graphiqlabcompany.ke@gmail.com
- Recommended subject line: Privacy Policy Inquiry
18. Governing Law
This Policy is governed by the laws of Kenya.
This Privacy Policy is governed by the laws of Kenya. Any dispute arising from or relating to this Policy, GraphiqLab’s privacy practices, website use, services or data handling will be handled in accordance with applicable Kenyan law and by competent courts or authorities in Kenya, unless another written agreement provides otherwise.
This Policy replaces previous versions published by GraphiqLab Studios Limited and remains effective until updated or replaced.
Your data deserves serious handling.
GraphiqLab builds brands, websites and digital systems with privacy, trust and responsible data handling in mind. For privacy questions, system security concerns or project discussions, contact our studio directly.