KKaribu
Sign inSign up

Legal

Privacy Policy

Last updated: 12 June 2026

1. Who we are

Karibu Inc. ("Karibu", "we", "us") is a Kampala-headquartered SaaS that helps African tour operators find and contact travel agents. This policy explains what data we collect from you (the customer) and what we do with it. If you have questions, email privacy@usekaribu.com.

2. Data we collect from you

  • Account data: email, password (hashed), display name, country, company name.
  • Profile data: ICP answers, voice samples you paste in, destinations you serve, sample wins you describe.
  • Mailbox tokens: encrypted-at-rest OAuth tokens for Gmail / Outlook. Scopes limited to gmail.send and gmail.readonly. We never store your email message bodies beyond what we sent on your behalf and the replies we received.
  • Usage data: pages you visited, actions you took, when. Stored to debug + improve the product.
  • Payment data: handled by Pesapal, Flutterwave, or Stripe; we store only transaction IDs and amounts, never your card number.

3. Data we collect about agents (your prospects)

  • Public business contact information sourced from agency websites, Google Maps listings, public directories (SafariBookings, ASTA), and conference attendee lists you upload.
  • We never scrape LinkedIn at scale. The Chrome extension only reads what you, the customer, are already viewing on linkedin.com — never centrally stored.
  • We honor opt-out requests within 24 hours. Agents can email privacy@usekaribu.com to be removed across the platform.

4. How we use your data

  • To deliver the Karibu service (find + draft + send + track replies).
  • To improve our AI models — only with aggregated, anonymized signals (never raw email content).
  • To send you product updates and billing emails. You can opt out of product emails; not billing.
  • To investigate fraud or abuse (free-trial gaming, ToS violations).

5. Sub-processors

We use the following third parties to run Karibu:

  • Supabase (Postgres + auth + storage) — eu-central-1, Frankfurt
  • Vercel (hosting) — global edge network
  • Railway (background workers)
  • Anthropic (Claude API for intel briefs + drafts)
  • Pesapal / Flutterwave / Stripe (payments)
  • Apify (scraping of public business directories)
  • Sentry, Axiom, BetterUptime (error tracking + logs + monitoring)

Updates to this list will be reflected here and emailed to customers with at least 30 days notice.

6. Analytics & cookies

We use Microsoft Clarity for product analytics and session replay/heatmaps. It records how you interact with Karibu — clicks, scrolls, and page navigation — so we can see where the product is confusing and fix it. Sensitive form inputs are masked by default: Clarity does not capture passwords or payment fields. This data is processed by Microsoft under its privacy terms.

7. Your rights

  • Access + export: download all your data as JSON from Settings → Profile.
  • Deletion: email privacy@usekaribu.com from your account email. We respond within 1 business day and purge within 30 days (some logs retained 1 year for legal compliance).
  • Correction: most fields are editable from Settings; for anything else, email us.
  • Object / restrict: tell us if you'd like to stop a specific processing activity and we'll evaluate.

8. Data retention

Account data lives until you delete your account. Audit logs retained 1 year (Pro tier) or 90 days (free tier). Backups retained 12 weeks rolling.

9. International transfers

Primary storage in Frankfurt (EU). We use Standard Contractual Clauses for transfers to sub-processors outside the EEA.

10. Children

Karibu is a B2B product. Not directed at anyone under 16. We don't knowingly collect data from children.

11. Aggregated platform learning

Karibu's network-learning system produces anonymized cross-customer insights (industry benchmarks, agent-type response patterns, agency-level engagement aggregates). We never surface another customer's specific data to anyone. All aggregations require a minimum sample size of 10 underlying observations before any row is emitted, to prevent re-identification.

Opt-out: Scale and Enterprise customers can opt their workspace out of cross-customer aggregation from Settings → Privacy. Opted-out workspaces are excluded both as contributors (their data is removed from aggregations) and as readers (platform insights are hidden in their UI). Email privacy@usekaribu.com if you'd like to opt out before the Settings surface ships.

12. Changes to this policy

We'll email customers and post a banner in-app at least 30 days before any material change. Continued use after the effective date constitutes acceptance.