Privacy Policy — Divi E-Library

This policy explains what personal data we collect when you use Divi E-Library and how we use and protect it. Effective date: 9 August 2025.

Quick summary

We collect the information required to provide and secure the library service — account details, device identifiers, and transaction records. We use this information to deliver books, process payments, protect accounts, and comply with law. We do not sell your personal data to third parties. You can contact us at info@divi.co.ke.

What information we collect

We collect the following categories of information when you use Divi E-Library:

  • Account information: name, email, password (securely hashed), phone (optional), and profile preferences.
  • Authentication data: tokens (JWT) we issue to keep you signed in.
  • Device identifiers: Android device ID when you bind a device to your account (used to prevent multiple-device sharing for paid content).
  • Purchase & transaction records: purchases, payment attempts, MPESA responses, and order status.
  • Content metadata: book titles, authors, prices, cover file names and book file names (for delivery).
  • Logs & diagnostics: server logs, crash reports, and performance metrics to operate and improve the service.

How we use your information

  • Provide the service: deliver book lists, details and file downloads to you.
  • Payments: process and verify payments and update purchase records.
  • Device binding & anti-abuse: enforce single-device rules for purchased content when applicable.
  • Security: detect fraud, secure accounts, and investigate abuse.
  • Support & communications: respond to your requests and notify you about account or policy changes.
  • Analytics & improvements: aggregate usage data to make the product better.

Sharing and third parties

We may share necessary information with trusted third parties only as described below:

  • Payment processors: when you make a payment we share required transaction fields with providers who execute the payment (e.g., MPESA integrations, the mobile money partner). They process payments on our behalf.
  • Hosting & platform: we use hosting providers and databases to store data and serve content.
  • Analytics providers: we may use analytics to measure product usage (data is aggregated and not sold).
  • Legal requests: we disclose data in response to lawful requests by public authorities, or to protect the rights, property or safety of Divi, users, or others.

We do not sell your personal information.

Security

We employ reasonable technical and organizational measures to protect personal data including:

  • Transport encryption (HTTPS) for data in transit.
  • Password hashing for stored credentials (we do not store plaintext passwords).
  • JWT tokens to authenticate API requests and short expiry for tokens.
  • Access controls and regular backups on our infrastructure.

Although we take care to secure your data, no system is 100% secure — if you suspect a security issue, please contact us immediately at info@divi.co.ke.

Cookies & local storage

We use cookies and local storage for session management, preferences, and analytics. You can control cookie settings through your browser. Disabling cookies may affect the functionality of the site and app.

Typical uses:

  • Session cookies for web authentication.
  • Encrypted tokens stored by the Android app in secure storage (EncryptedSharedPreferences).
  • Analytics cookies (aggregated, non-identifying).

Payments & MPESA

When you purchase content we collect the minimum payment details necessary to complete the transaction (phone number for MPESA, purchase id, amount). Payment data is shared with the chosen payment provider to complete the transaction. We store transaction records (status, timestamps) to verify and deliver purchased content. We do not store full financial credentials such as card numbers.

Data retention

We retain personal data only for as long as needed to provide the service, meet legal obligations, resolve disputes, and enforce our agreements. When data is no longer required it is securely deleted or anonymized.

Your rights

You have certain rights in relation to your personal data, including:

  • Access — request a copy of personal data we hold about you.
  • Correction — ask us to correct inaccurate information.
  • Deletion — request deletion of your account and personal information (subject to retention for legal or business reasons).
  • Restriction/Objection — ask us to restrict processing or object to processing in certain circumstances.

To exercise any of these rights email info@divi.co.ke. We may ask for verification to protect your privacy.

Children

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected personal information of a child under 13, please contact us so we can delete it.

Changes to this policy

We may update this privacy policy from time to time. When changes are significant we will provide a prominent notice and update the effective date at the top of this page.

Contact us

If you have questions about this policy or our data practices, please contact:

This policy describes how we handle personal information for services operated by Divi E-Library. It does not replace any terms you agreed to when creating an account — see our Terms of Service for additional details.