Privacy Policy

The data controller responsible for your personal data is Compea Ltd, trading as Compea Mart, operating under the Kenya Data Protection Act 2019. Contact: info@compea.co.ke. Compea Ltd acts as Data Controller and, where applicable, as Data Processor.

We collect the following categories of personal data. Direct data you provide: full name, email address, mobile phone number, username and password (stored in hashed form), and any other information you choose to provide. Behavioural and interaction data collected automatically: search queries entered, products viewed, saved, or compared, outbound clicks to seller websites, time spent on pages, scroll depth and interaction patterns, and referral sources. Technical data: IP address, device type and operating system, browser type and version, session identifiers and timestamps, and cookie data as described in our Cookie Policy. Commercial attribution data: outbound click data, attribution signals, and conversion indicators used to validate referral commissions.

We process your personal data for the following purposes: operating, maintaining, and improving the platform and its features; generating comparison outputs, rankings, and personalised recommendations; tracking attribution and validating affiliate commissions; detecting and preventing fraud, abuse, and unauthorised access; communicating with you regarding your account, queries, or platform updates; complying with our legal obligations under Kenyan and applicable law; conducting anonymised analytics to understand usage trends; and supporting marketing communications where you have given your consent.

We rely on the following legal bases: Consent — for marketing emails, non-essential cookies, and promotional communications. Contractual Necessity — for account management, platform access, and attributing your session. Legitimate Interests — for fraud prevention, platform analytics, and security monitoring. Legal Obligation — for responding to regulatory requests and retention for compliance purposes.

We do not sell your personal data. We may share your data with: analytics and performance monitoring providers; infrastructure and cloud hosting providers; affiliate and commission tracking networks; fraud detection and cybersecurity service providers; and regulatory authorities, law enforcement agencies, and courts where we are legally required to do so. All third-party processors operate under appropriate data processing agreements.

We retain personal data only for as long as necessary for the purposes for which it was collected. Account data is retained for the duration of your account and for up to three (3) years following account closure to support fraud investigation and regulatory compliance. Behavioural and attribution data may be retained in anonymised or pseudonymised form for analytical purposes beyond this period.

Under the Kenya Data Protection Act 2019, you have the right to access a copy of your personal data; request correction of inaccurate or incomplete data; request deletion of your personal data in certain circumstances; object to processing based on legitimate interests; receive your data in a structured, machine-readable format; withdraw consent where processing is based on consent; and lodge a complaint with the Office of the Data Protection Commissioner (ODPC). To exercise any right, contact info@compea.co.ke. We will respond within thirty (30) days.

We implement appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, and destruction. These measures include encrypted data transmission (TLS), hashed password storage, access controls, and regular security reviews. No method of electronic transmission or storage is entirely secure, and we cannot guarantee absolute security.