Legal

Data Retention Policy

This Data Retention Policy outlines how long Nidamiye retains landlord, tenant, property, and billing data, as well as our secure erasure protocols.

7 min readUpdated: July 2026

1. Overview and Core Principles

Welcome to Nidamiye (referred to as "Nidamiye", "we", "us", or "our"), a property management and rent-tracking software utility owned and operated by Groundwork Technologies.

We adhere to data minimization and storage limitation principles. This policy defines the retention periods for different categories of personal data processed on our platform, ensuring we do not retain data longer than is necessary to provide our services, maintain security, or meet legal obligations.

2. Account and Profile Data

Landlord account data (names, email addresses, phone numbers, and encrypted credentials) is retained for as long as the landlord maintains an active subscription or account with Nidamiye.

If a landlord decides to close their account, this profile information is marked for deletion and permanently removed from our active servers within 30 days of the account closure verification.

3. Tenant and Property Records

All records relating to properties (names, locations, house configurations) and tenants (names, phone numbers, lease allocations) are retained while the landlord’s account is active.

Landlords can delete individual tenant profiles or property records directly from their dashboard at any time. When a landlord deletes a tenant or property record, the data is removed from active dashboards immediately and permanently purged from production databases within 14 days.

4. Financial and Transaction Records

M-Pesa transaction codes, receipt matches, payment dates, and invoice details are retained for the duration of the active landlord subscription to facilitate historical accounting, reporting, and dashboard visualization.

Following account closure, financial transaction metadata may be retained in an anonymized format for up to 7 years to satisfy statutory tax, corporate auditing, and legal record-keeping requirements under Kenyan corporate law.

5. Backup Retention Lifecycle

Database backups are created daily to ensure platform resilience. These backups contain snapshot records of production databases.

Backups are retained on a rolling cycle for 30 days. When a database backup expires at the end of the 30-day window, it is permanently overwritten. Therefore, any data deleted from active production databases will persist in secure, encrypted backups for a maximum of 30 days before being completely purged.

6. System Logs and Analytics

We process system performance logs, security logging, and anonymous analytics traffic to maintain platform reliability:

  • Security and Access Logs: IP address access logs and auth attempt logs are retained for 90 days to investigate potential security events, after which they are automatically pruned.
  • Error Logs: Server crash trace details and performance logs captured via Sentry are retained for 30 days.
  • Analytics: Anonymous page tracking and product navigation statistics are aggregated and stored without identifying elements for up to 12 months.

7. Deletion Requests and Timelines

You have the right to request the deletion of all data associated with your workspace. Deletion requests can be submitted in writing to hello@nidamiye.com.

Once a request is verified, we process the deletion according to these standard timelines:

  • Production Database: Data is permanently erased or anonymized within 30 days of the request.
  • Backup Archives: Residual copies are naturally overwritten within the 30-day rolling backup lifecycle.

8. Legal Retention Requirements

Notwithstanding the guidelines in this policy, Nidamiye may retain specific personal data longer than standard periods if required to comply with statutory legal mandates, defend legal claims, prevent ongoing fraud, or resolve active billing disputes.

9. Secure Data Disposal

When data reaches the end of its retention period, we ensure it is disposed of securely to prevent unauthorized recovery:

  • Database Records: Deleted rows are physically overwritten via database engine purge commands.
  • Storage Blocks: Virtual server disk blocks containing backup images are zeroed out or marked for rewrite by our cloud hosting provider's secure sanitization protocols.

Simplify your property management today

Experience the power of automatic rent tracking, instant M-Pesa matching, and automatic WhatsApp receipts.