1. What we collect
We collect the information needed to operate a device verification case: name, phone number, email address, device brand/model, optional IMEI or serial, seller context, evidence files and operator review notes.
We minimise what appears on public certificates. Full identifiers are masked; uploaded evidence files are held privately by Redki operators.
2. Why we process it
We process data to create and manage verification cases, review evidence, contact customers about status, prevent fraud, issue privacy-safe certificates, and maintain audit records for accountability.
Optional promotional messaging is only sent when the customer opts in. Service updates/reminders are separate from promotional messages.
3. Legal basis and consent
For GDPR-style compliance we rely on consent, contract/performance of requested services, legitimate interests in fraud prevention and security, and legal obligations where applicable.
Customers may withdraw optional promotional consent without affecting verification service. Some operational records may be retained where needed for fraud, dispute, audit or legal purposes.
4. Security and retention
Evidence is stored privately and is not served as a public static file. Public certificates are signed snapshots and expose only masked device information and evidence summaries.
We retain case data only as long as needed for verification, dispute handling, security, compliance and business records, then delete or anonymise where practical.
5. Your rights
You may request access, correction, deletion, restriction, portability, or objection to processing by contacting hi@redki.ke. We will verify your identity before acting on sensitive requests.