Back to Home

Privacy Policy

Effective: April 15, 2026 · Last updated: June 23, 2026

1. Introduction

Welcome to Arche HR (operated by Cogitus OS Limited, "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our human resources management platform, including our website at https://arche.co.ke, mobile applications (iOS and Android), and all related services (collectively, the "Platform").

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Platform.

Arche HR operates as a multi-tenant platform, meaning your employer or organization ("Company") manages its own workspace. Your Company is the data controller for your employment data, and we act as a data processor on their behalf.

2. Information We Collect

2.1 Identity & Contact Information

  • Full name (first, middle, last)
  • Email addresses (work and personal)
  • Phone numbers (work and personal)
  • Profile photograph / avatar
  • Gender, date of birth, marital status
  • Nationality and country of residence
  • Emergency contact details (name, phone, email, relationship)

2.2 Employment Information

  • Employee number, job title, department, team, and manager
  • Employment type (full-time, part-time, contractor, intern) and status
  • Hire and termination dates, termination reason
  • Work location and office assignment
  • Employment history, promotion records, and job changes
  • Performance reviews, goals (OKRs), 360-degree feedback, and competency assessments
  • Performance improvement plans (PIPs) and training records

2.3 Financial & Payroll Data

  • Base salary, gross pay, net pay, and compensation history
  • Tax identification number (TIN / PIN)
  • Bank account details (account number, bank name, branch, routing code)
  • Payroll deductions (taxes, statutory contributions, voluntary deductions)
  • Payslip records and earnings breakdowns
  • Expense reports and reimbursement claims
  • Salary advance requests, approvals, and repayment tracking
  • M-Pesa mobile money disbursement details and transaction references
  • Benefits enrollment information

2.4 Sensitive Personal Data

  • National identification number
  • Passport number
  • Social security number or equivalent
  • Biometric enrollment identifiers (badge/enrollment IDs for attendance devices)

2.5 Recruiting & Candidate Data

  • Candidate name, email, phone number
  • Resume/CV, cover letter, portfolio links
  • Current employer and job title, years of experience
  • Expected salary, LinkedIn profile URL
  • Interview records, ratings, recommendations, and feedback
  • Application status and rejection reasons

2.6 Time, Attendance & Leave Data

  • Clock-in and clock-out timestamps
  • Hours worked (regular and overtime), break durations
  • Attendance source (web, mobile, biometric device, manual)
  • Leave requests, approvals, balances, and leave types
  • Biometric device punch records

2.7 Location Data

  • Residential / postal address
  • Work location address and geofence coordinates
  • GPS coordinates captured during mobile clock-in/clock-out (with your consent)
  • IP address at time of web-based clock-in

2.8 Device & Technical Data

  • IP address, browser type, and user agent string
  • Mobile device platform (iOS / Android)
  • Push notification tokens
  • Error diagnostics and crash reports (via Sentry, on web and backend)
  • Session identifiers and authentication tokens

2.9 AI Interaction Data

  • Prompts and messages sent to AI features (chat, resume screening, policy Q&A)
  • AI-generated responses
  • Feature usage logs, token counts, and AI provider used

2.10 Files & Documents

  • Employment contracts, ID copies, tax forms
  • Certifications, medical documentation, disciplinary records
  • Compliance documents with expiration tracking
  • Expense receipts and supporting documentation

3. How We Use Your Information

We process your personal data for the following purposes:

3.1 Platform Operations

  • Providing and maintaining the HR management platform
  • Processing payroll, tax calculations, and statutory contributions
  • Managing time tracking, attendance, and leave
  • Facilitating recruiting, hiring, and onboarding processes
  • Conducting performance reviews and compensation management
  • Generating reports, analytics, and organizational charts

3.2 Communication

  • Sending transactional emails (password resets, payslip notifications, leave approvals)
  • Push notifications for approvals, announcements, and reminders
  • In-app notifications for workflow events

3.3 Security & Authentication

  • Verifying identity via password, Google sign-in, Sign in with Apple, or biometric authentication
  • Two-factor authentication (TOTP), including one-time and backup recovery codes
  • Geofence enforcement for attendance verification
  • Fraud detection and abuse prevention (rate limiting, audit logging)

3.4 AI-Powered Features

  • Resume screening and candidate matching
  • Policy question answering and document summarization
  • Interview question generation and performance review assistance
  • Payroll anomaly detection and compensation benchmarking
  • General HR assistant chat

3.5 Compliance & Legal

  • Maintaining audit trails for all data changes
  • Complying with employment, tax, and data protection laws
  • Responding to legal requests and regulatory obligations
  • Document expiration tracking and compliance monitoring

5. Data Sharing & Third-Party Services

We do not sell your personal data. We share data only as necessary to provide the Platform:

5.1 Your Employer (Data Controller)

Your Company administrators and authorized managers can access your employment data within the Platform according to role-based permissions. Each Company's data is strictly isolated, and no Company can access another Company's data.

5.2 AI Service Providers

When AI features are enabled by your Company, prompts may be sent to:

  • OpenAI (GPT models)
  • Anthropic (Claude models)
  • Google (Gemini models)
  • Azure OpenAI Service

PII redaction is applied before any data is sent to AI providers. Sensitive fields (social security numbers, bank account numbers, salary figures, national IDs, tax IDs, dates of birth, phone numbers, and addresses) are automatically masked. Companies can configure which fields are redacted and may disable AI features entirely.

5.3 Infrastructure & Service Providers

  • Google Cloud Platform: Cloud hosting (Cloud Run, Cloud SQL, Cloud Storage) in the us-central1 region
  • Firebase: Web hosting and Android push notification delivery (Firebase Cloud Messaging)
  • Expo (Expo Application Services): Mobile app builds, over-the-air updates, and push notification relay. Receives the device push token and notification payloads to deliver them to Apple and Google
  • Apple: iOS push notification delivery (Apple Push Notification service) and Sign in with Apple authentication
  • Sentry: Error tracking and performance monitoring on web and backend (receives error diagnostics, not PII)
  • Resend / SMTP providers: Transactional email delivery
  • Safaricom (M-Pesa): Salary disbursement via mobile money (when enabled by your Company)

5.4 Authentication Providers

If you choose to sign in with Google or with Sign in with Apple, we receive your name and email address from that provider solely to locate or create your account. If you use Sign in with Apple's Hide My Email feature, Apple provides a private relay email address instead of your personal email, which we use only for account-related communication. These providers verify your identity and do not receive your employment data. You can connect or disconnect Sign in with Apple at any time from your Profile settings in the mobile app.

5.5 Company-Configured Integrations

Your Company may enable additional integrations that share data with third parties:

  • Accounting systems: Payroll journal entries may be synced to your Company's accounting software
  • Webhooks: Your Company may configure webhooks that send event notifications (e.g., employee created, leave approved) to external systems. The Company controls which events are shared and with whom

5.6 Legal & Regulatory

We may disclose your data when required by law, court order, or governmental regulation, or to protect our rights, safety, or property.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at rest: Sensitive values are encrypted using AES-256-GCM with unique initialization vectors. This covers your most sensitive employee identity and financial fields (national ID, tax/KRA PIN, NSSF number, passport number, and bank account number), as well as two-factor authentication secrets and backup codes, M-Pesa payment credentials, third-party integration tokens, and AI provider API keys. Other personal fields are further protected through multi-tenant isolation, permission-based access control, and value masking
  • Encryption in transit: All data transmitted over HTTPS/TLS
  • Password security: Passwords are hashed using bcrypt with 12 salt rounds; we never store plain-text passwords
  • Multi-tenant isolation: Every database query is scoped to your Company; cross-tenant data access is architecturally prevented
  • Authentication: JWT-based sessions with optional two-factor authentication (TOTP) and biometric lock (mobile)
  • Audit logging: Every data modification is recorded with the actor, timestamp, IP address, and before/after values
  • Rate limiting: Brute-force protection on login and registration endpoints
  • Security headers: HSTS, Content Security Policy, X-XSS-Protection, and X-Content-Type-Options
  • Signed file URLs: Documents are served via HMAC-signed URLs to prevent unauthorized access
  • Secure mobile storage: Authentication tokens on mobile devices are stored in the OS secure enclave (iOS Keychain / Android EncryptedSharedPreferences)

7. Data Retention

We retain your data according to the following principles:

  • Active employment: Data is retained for the duration of your employment with your Company
  • Post-termination: Employment records, payslips, and tax documents are retained as required by applicable law (typically 5–7 years for financial records)
  • Audit logs: Retained indefinitely for compliance and legal purposes
  • Payslips: Retained indefinitely as immutable financial records
  • Recruiting data: Candidate data is retained for the duration configured by the hiring Company, after which it may be anonymized or deleted
  • AI conversation logs: Retained per Company AI audit settings
  • Data exports: Exported files are available for a limited period after generation

Your Company, as the data controller, may configure retention policies within the Platform. When a Company account is terminated, all associated data is permanently deleted.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your data, subject to legal retention requirements
  • Right to restrict processing: Request limitation on how we process your data
  • Right to data portability: Receive your data in a machine-readable format. The Platform provides data export functionality in CSV and JSON formats
  • Right to object: Object to processing based on legitimate interest
  • Right to withdraw consent: Withdraw previously given consent (e.g., location tracking, AI features, push notifications) at any time through the Platform settings
  • Right to account deletion: Request deletion of your user account

To exercise any of these rights, contact your Company's HR administrator through the Platform, or reach us directly at support@arche.co.ke.

9. International Data Transfers

The Platform is hosted on Google Cloud Platform in the United States (us-central1 region). If you are located outside the United States, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards recognized under applicable data protection laws to ensure your data is protected during international transfers.

AI service providers (OpenAI, Anthropic, Google) may process prompts in various jurisdictions. PII is redacted before transmission to these providers.

10. Cookies & Local Storage

The Platform does not use third-party tracking cookies. We use browser local storage and session storage for essential functionality:

  • Authentication token: Stored in localStorage (if "Remember Me" selected) or sessionStorage for session authentication
  • Company context: Selected company identifier for multi-tenant navigation
  • UI preferences: Sidebar state and layout preferences

On mobile, authentication tokens are stored in the device's secure enclave (not in plain-text storage), and offline data may be cached locally on your device.

11. Children's Privacy

The Platform is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@arche.co.ke and we will promptly delete it.

12. Kenya Data Protection Act Compliance

For users and Companies based in Kenya, we comply with the Data Protection Act, 2019 and regulations issued by the Office of the Data Protection Commissioner (ODPC). This includes:

  • Registration with the ODPC as a data processor (ODPC Registration No. 659-2062-E512)
  • Processing data only for specified, explicit, and legitimate purposes
  • Collecting only data that is adequate, relevant, and not excessive
  • Implementing appropriate technical and organizational security measures
  • Notifying the ODPC and affected individuals in the event of a data breach
  • Conducting Data Protection Impact Assessments (DPIAs) for high-risk processing

13. GDPR Compliance (EU/EEA Users)

For users in the European Union or European Economic Area, we comply with the General Data Protection Regulation (GDPR). Your Company is the data controller, and we act as the data processor under a Data Processing Agreement (DPA). We provide:

  • Lawful basis for all processing activities (see Section 4)
  • Data Protection Impact Assessments for high-risk processing
  • 72-hour breach notification to supervisory authorities
  • Data portability in machine-readable formats
  • Right to erasure ("right to be forgotten") subject to legal retention
  • Appointment of a Data Protection Officer upon request

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on the Platform with a new "Last Updated" date
  • Sending an in-app or email notification for significant changes
  • Requesting renewed consent where required by law

Your continued use of the Platform after changes are posted constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

How to Delete Your Account and Data

Arche HR (operated by Cogitus OS Limited) is workplace software. Your employer (your “Company”) is the data controller for your employment records, and we act as the data processor on their behalf. You can request deletion of your account, or of specific data, at any time using the steps below.

Request account deletion

  1. Email support@arche.co.ke from your registered email address with the subject “Account Deletion Request”.
  2. We verify your identity to protect your account before acting on the request.
  3. If you are a current employee, deletion is coordinated with your Company’s HR administrator, because your Company requires certain records to manage your employment. You may also ask your HR administrator to initiate the request on your behalf.
  4. We acknowledge requests within 7 days and complete verified deletions within 30 days, unless a longer period is required by law.

Request deletion of specific data (without closing your account)

You can ask us to delete certain data without deleting your entire account, for example activity history, uploaded documents, expense receipts and images, or AI chat history. Email support@arche.co.ke with the subject “Data Deletion Request”, describing the data you want removed.

Some data can also be removed directly in the app: you can delete individual AI assistant conversations, and clear saved offline data from your Profile settings in the mobile app.

What is deleted

  • Profile and identity data (name, work and personal email and phone numbers, profile photo, gender, date of birth, marital status, nationality)
  • Emergency contact details you provided
  • Login credentials and authentication data (password, two-factor secrets, connected Google / Sign in with Apple identifiers, session tokens)
  • Device push notification tokens registered to your account
  • AI assistant conversation history
  • Personal preferences and locally cached/offline data on your device

What is retained, and for how long

  • Payslips and payroll records: kept as immutable financial records
  • Tax and statutory records (PAYE, NSSF, NHIF/SHIF, Housing Levy): typically 5–7 years, as required by Kenyan law
  • Audit logs: retained for compliance, security, and legal purposes

Once the applicable legal retention period expires, retained data is securely deleted or anonymized.

Questions about deletion? Contact us at support@arche.co.ke.

© 2026 Cogitus OS Limited. All rights reserved.