Privacy Policy

Silicon Savannah Talent ("SST", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information in compliance with the Data Protection Act, 2019 of Kenya (DPA) and the regulations issued by the Office of the Data Protection Commissioner (ODPC).

By using our platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

The data controller responsible for your personal data is:

We collect the following categories of personal data:

• Identity data: Full name, email address, phone number
• Professional data: Resume, skills, work experience, education, certifications
• Preference data: Job preferences, project interests, desired salary range, location preferences
• Usage data: Platform interactions, search queries, application history, chat transcripts
• Device data: Browser type, IP address, device identifiers, operating system
• Payment data: M-Pesa phone number, transaction references (we do not store full payment credentials)

• Match candidates with job opportunities and project roles using AI-powered semantic matching
• Facilitate recruitment workflows between candidates and employers
• Provide AI-powered career tools including resume building, skill assessments, and career guidance
• Process payments and milestone-based escrow disbursements via M-Pesa and Pesapal
• Improve platform features and user experience through aggregated analytics
• Communicate service updates, matching notifications, and platform announcements

We process your personal data on the following legal bases under the DPA:

We may share your personal data with the following categories of recipients:

• Employers: Candidate profiles are shared with employers only for roles where a match has been identified. Employers cannot browse all candidate data freely.
• Payment processors: Pesapal processes payment transactions on our behalf. Only transaction-relevant data is shared.
• AI services: Google Gemini is used for natural language processing. Data sent to AI services is anonymized and stripped of direct identifiers.
• Vector database: Pinecone stores anonymized semantic embeddings for matching purposes. No personally identifiable information is stored in vector form.

We do not sell your personal data to third parties.

Your data may be processed by service providers located outside Kenya, including Google Cloud (United States) and Pinecone (United States). In accordance with Section 48 of the DPA, we ensure that adequate safeguards are in place, including contractual clauses requiring recipients to maintain data protection standards equivalent to those under Kenyan law.

Under Section 26 of the Data Protection Act 2019, you have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data. You can use the "Delete My Account" option in your account Settings.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing of your data for specific purposes, including AI-based profiling.
• Right to withdraw consent: Withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at privacy@siliconsavannahtalent.com. We will respond within 30 days.

We implement appropriate technical and organizational measures to protect your data:

• All data transmitted between your browser and our servers is encrypted using TLS
• Passwords are hashed using Argon2, an industry-leading algorithm
• Refresh tokens are stored as httpOnly, secure cookies to prevent XSS attacks
• Rate limiting is applied to all API endpoints to prevent abuse
• Role-based access control ensures users can only access data relevant to their role

We use essential cookies only for session management and authentication. We do not use tracking cookies or third-party advertising cookies. Should we introduce analytics cookies in the future, we will implement a cookie consent banner and update this policy accordingly.

Our services are not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you via email or a prominent notice on the platform. The date of the most recent revision is indicated at the top of this page.