Who we are
UX Potential (“we”, “us”, “our”) operates the web designer directory at uxpotential.co.ke. We are a Kenya-based digital directory service connecting Kenyan businesses with verified local web designers across all 47 counties.
For the purposes of Kenya’s Data Protection Act 2019 (the “DPA”), UX Potential is the data controller for personal data collected through this website. Our contact details are provided in Section 12 of this policy.
Data we collect and why
We collect different types of data depending on how you interact with the directory.
2.1 Data you give us directly
| What | Why we collect it | Who it applies to |
|---|---|---|
| Name & email address | To respond to enquiries submitted via the contact form | Anyone who contacts us |
| Business name, phone, website, address | To create and display your public directory listing | Designers requesting a listing |
| Business description and portfolio links | To display your listing accurately to potential clients | Designers requesting a listing |
| Message content | To respond to your specific query or request | Anyone who contacts us |
2.2 Data collected automatically
| What | Why we collect it | Retention |
|---|---|---|
| IP address | Server-level security, rate limiting, and fraud prevention | 30 days in server logs |
| Browser type and operating system | To optimise the site for the devices our users actually use | Aggregated, anonymised |
| Pages visited and time on page | To understand which content is useful and improve the directory | 26 months (Google Analytics default) |
| Referral source | To understand how users find the directory | Aggregated, anonymised |
| Device and screen size | To ensure the site is correctly displayed on mobile devices | Aggregated, anonymised |
2.3 Directory listing data
Listings in the UX Potential directory are compiled from publicly available sources including Google Maps, business websites, and voluntary submissions. If your business information appears in the directory and you wish to update or remove it, see Section 8 for your options.
Legal basis for processing
Under the Kenya Data Protection Act 2019, we must have a lawful basis for processing personal data. The bases we rely on are:
- Consent — where you have actively submitted a contact form or voluntarily requested a directory listing. You may withdraw consent at any time by contacting us.
- Legitimate interests — for analytics and site improvement, provided our interests do not override your fundamental rights and freedoms. We conduct a balancing test before relying on this basis.
- Legal obligation — where we are required by Kenyan law to retain certain records.
- Performance of a contract — where processing is necessary to provide the directory service you have requested.
How we use your data
We use the information we collect for the following purposes only:
- To operate, maintain, and improve the UX Potential directory
- To display designer listings accurately and helpfully to business owners searching the directory
- To respond to enquiries, feedback, or requests you submit via the contact form
- To verify listings before they are published, in line with our editorial standards
- To detect and prevent fraudulent or abusive use of the directory
- To analyse aggregate, anonymised usage patterns to improve the site’s content and structure
- To comply with our legal obligations under Kenyan law
We do not use your data to send unsolicited marketing emails, sell advertising space targeted at your behaviour, or share your information with third parties for their own marketing purposes.
Cookies and tracking
Cookies are small text files placed on your device when you visit a website. We use a minimal set of cookies to operate the directory and understand how it is used.
5.1 Cookies we use
| Cookie | Type | Purpose | Expires |
|---|---|---|---|
_ga |
Analytics | Google Analytics — distinguishes unique users. Data is anonymised before processing. | 2 years |
_ga_* |
Analytics | Google Analytics 4 session state | 2 years |
wordpress_* |
Essential | WordPress session management — only set if you log into the admin panel | Session |
wp-settings-* |
Essential | WordPress admin preferences — only applies to logged-in administrators | 1 year |
5.2 Managing cookies
You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the directory. Instructions for managing cookies are available for Chrome, Firefox, and Safari.
We use Google Analytics with IP anonymisation enabled. For more information on how Google processes analytics data, see Google’s Privacy Policy.
Who we share data with
We do not sell personal data. We share data only where necessary to operate the directory, as follows:
| Third party | Purpose | Data shared |
|---|---|---|
| Google Analytics Google LLC, USA |
Website analytics and usage measurement | Anonymised usage data, IP (anonymised), device type, pages visited |
| Web hosting provider cPanel hosting, Kenya |
Server infrastructure for the directory website | Server logs including IP addresses |
| WordPress.org Automattic Inc., USA |
CMS platform updates (no personal data transmitted) | None — software updates only |
Where we transfer data to processors outside Kenya (for example, Google LLC in the United States), we ensure appropriate safeguards are in place consistent with Section 47 of the Kenya Data Protection Act 2019, including standard contractual clauses or adequacy decisions.
We may disclose personal data where required to do so by Kenyan law, court order, or regulatory authority.
How long we keep your data
- Contact form submissions — retained for 12 months from the date of submission, then permanently deleted unless an ongoing relationship requires longer retention.
- Directory listing data — retained for as long as the listing is active. If you request removal of a listing, the data is deleted within 30 days of the request.
- Server logs (IP addresses) — retained for 30 days for security and fraud prevention purposes, then automatically purged.
- Google Analytics data — retained for 26 months in line with Google’s default retention settings. We have enabled IP anonymisation.
When data reaches the end of its retention period, it is securely deleted or anonymised so it can no longer be attributed to an individual.
Your rights under Kenyan law
The Kenya Data Protection Act 2019 grants you the following rights in relation to personal data we hold about you. You can exercise any of these rights by contacting us at the details in Section 12.
You can request a copy of the personal data we hold about you and information about how we use it.
If any data we hold about you is inaccurate or incomplete, you can ask us to correct it.
You can ask us to delete personal data we hold about you, subject to certain legal exceptions.
You can object to processing based on legitimate interests or for direct marketing at any time.
You can ask us to pause processing of your data in certain circumstances while a dispute is resolved.
Where processing is based on consent, you can request your data in a structured, machine-readable format.
Where we rely on consent, you can withdraw it at any time without affecting prior processing.
You can lodge a complaint with the Office of the Data Protection Commissioner (ODPC Kenya) if you believe your rights have been violated.
Children’s privacy
The UX Potential directory is a business-to-business service intended for adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe a child has submitted personal data to us, please contact us immediately at privacy@uxpotential.co.ke and we will delete the data promptly.
Data security
We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include:
- HTTPS encryption on all pages of the website (SSL/TLS)
- Password protection and two-factor authentication for all administrator accounts
- Regular WordPress core, theme, and plugin security updates
- Automated daily backups stored securely off-site
- Access to personal data restricted to personnel who need it to perform their role
No method of transmission over the internet is 100% secure. While we implement industry-standard safeguards, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Office of the Data Protection Commissioner as required by Section 43 of the Kenya Data Protection Act 2019.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where the changes are significant, provide a more prominent notice.
We encourage you to review this policy periodically. Your continued use of the UX Potential directory after changes are posted constitutes your acknowledgement of the updated policy.
Previous versions of this policy are available on request by emailing privacy@uxpotential.co.ke.
How to contact us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to raise a concern about how we handle your personal data, please contact us using the details below.
UX Potential — Data Controller
📧 Email: privacy@uxpotential.co.ke
🌐 Website: uxpotential.co.ke
📍 Country: Kenya
We aim to respond to all privacy enquiries within 72 hours. For formal data subject requests, our maximum response time is 21 days under the Kenya Data Protection Act 2019.
If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner: