Last updated: July 1, 2026

Privacy Policy

This Privacy Policy describes how HRGenie (“we”, “us”, or “our”) collects, uses, stores, and discloses personal data when you use our websites, cloud software, and related services (collectively, the “Services”). It is intended to align with the Data Protection Act, 2019 of Kenya and related regulations issued by the Office of the Data Protection Commissioner (ODPC).

Important: This document is provided for general information and operational transparency. It does not constitute legal advice. You should obtain independent legal counsel to confirm that your use of the Services meets your compliance obligations.

1. Data controller

The data controller responsible for personal data processed in connection with the Services is the entity operating HRGenie as identified in your order form, agreement, or account registration (including SkillMind Software / HR Genie affiliates where applicable). For privacy enquiries, use the contact details in Section 12 below.

2. Scope

This policy applies to visitors, account administrators, and end users (such as employees or contractors) whose personal data is submitted to the Services by a customer organisation. Where your employer or another organisation provisions your account, that organisation is typically an independent controller for HR and workforce data; we act as a processor on their instructions, except where we determine purposes and means as a controller (for example, account, billing, security, and product analytics as described below).

3. Personal data we collect

Depending on how you use the Services, we may process:

4. Sources of personal data

We collect personal data directly from you, from the organisation that invites you to the Services, from integrated systems you or your organisation connect, and automatically through your use of the Services.

5. Legal bases (Kenya)

We rely on appropriate bases under the Data Protection Act, 2019, which may include:

6. How we use personal data

We use personal data to:

7. Cookies and similar technologies

We use cookies and similar technologies for essential operation, security, preferences, and (where allowed) analytics or marketing. You can control non-essential cookies through your browser settings and any cookie banner we provide. Essential cookies may be required for login and session integrity.

8. Disclosures and processors

We may share personal data with subprocessors that assist us (for example, hosting, email delivery, payment gateways, customer support tools, and security vendors). They are bound by written agreements requiring appropriate safeguards and processing only on our instructions where we act as a processor. We may disclose personal data if required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset transfer subject to confidentiality obligations.

9. Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit where applicable, access controls, logging, and staff training. No method of transmission or storage is completely secure; we encourage strong passwords, multi-factor authentication where offered, and prompt reporting of suspected incidents.

10. International transfers

Personal data may be processed in Kenya and in other countries where we or our subprocessors operate. Where personal data originating in Kenya is transferred outside Kenya, we will take steps required under the Data Protection Act, 2019 (such as adequacy assessments, appropriate safeguards, or your explicit consent where applicable).

11. Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, meet legal, tax, and accounting requirements, resolve disputes, and enforce agreements. Retention periods may differ by data category and customer configuration. Customer administrators may be able to delete or export certain data subject to subscription features and organisational policy.

12. Your rights

Subject to applicable law, you may have the right to:

Where your organisation controls workforce data in the Services, we may need to direct certain requests to that organisation’s administrator. To exercise rights directly with us, contact us using the details below.

13. Children

The Services are not directed to children in a way that requires collection of their personal data without appropriate authority. If you believe we have collected personal data from a child without proper basis, please contact us and we will take appropriate steps.

14. Automated decision-making

Unless we expressly notify you otherwise, we do not make solely automated decisions that produce legal or similarly significant effects concerning you within the meaning commonly used under data protection law. Features that involve scoring or recommendations remain subject to customer configuration and human oversight.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version and update the “Last updated” date. Where changes are material, we will provide additional notice as appropriate (for example, by email or in-product notification).

16. Contact

For privacy questions, data subject requests, or to contact our data protection lead, please use the support channels published in the Services (for example, the in-app support or help centre) or contact HR Genie / SkillMind Software at the addresses shown on hrgenie.ai or your order documentation.

To request deletion of your account and associated personal data, you may use our account deletion request form.

Terms of Service · Home