We built Bidnexis for African businesses. Your data belongs to you — here is exactly how we handle it, in plain terms.
Bidnexis is a procurement intelligence platform serving Republic of Kenya and the broader African market. We help businesses discover, track, and bid on public and private tenders. When this policy says "Bidnexis," "we," "us," or "our," it means the company operating this platform.
We are the data controller for all personal information collected through this website and our associated services.
We only ask for what we actually need. Here is what that looks like in practice:
Everything we do with your information has a specific purpose:
We do not sell your personal information. Full stop. We share it only in these limited situations:
We do not share your information with advertisers, data brokers, or any third party for commercial profiling.
We keep your account data for as long as your account exists, plus a 90-day grace period after deletion (in case of an accidental deletion request). Payment records are kept for 7 years as required by Kenyan tax regulations. Technical logs are purged after 12 months.
If you ask us to delete your account, we will remove all personal data within 30 days, except where retention is legally required.
Under Kenya's Data Protection Act, 2019, you have the following rights:
Request a copy of all personal data we hold about you.
Ask us to fix inaccurate or outdated information.
Request that we erase your personal data ("right to be forgotten").
Object to certain types of processing, including marketing emails.
Receive your data in a structured, machine-readable format.
Request that we limit how we use your data while a dispute is resolved.
To exercise any of these rights, email us at [email protected]. We will respond within 14 working days.
We take reasonable steps to protect your data: HTTPS encryption on all pages, hashed password storage, rate limiting on login attempts, and session-based access controls. Administrative access to the database requires multi-factor authentication.
No system is perfectly secure, and we cannot guarantee that a breach will never occur. If one does, we will notify affected users within the timeframe required by law and take immediate steps to contain it.
We use cookies to keep you logged in, remember your preferences, and understand how the platform is being used. We do not use cookies to track you across other websites or serve you ads elsewhere on the internet.
For a detailed breakdown of every cookie we set and why, read our Cookie Policy.
When we update this policy in a meaningful way — adding a new data type, changing a sharing arrangement — we will send an email notification to all registered users at least 14 days before the change takes effect. Minor clarifications or formatting updates will be noted with a revised date at the top.
If you disagree with a change, you may delete your account before it takes effect.
Our team is based in Nairobi. If something in this policy is unclear or you need to make a data request, reach out directly — a real person will respond.