Skip to content
Reseni Labs

Privacy

Privacy notice

This site is built to need as little personal data as possible. The notice below explains exactly what we collect, why, and how to exercise your rights.

Last updated: 31 May 2026 · Version 1.0

1. Who we are

Reseni Labs is an independent research lab based in Nairobi, Kenya. We act as the data controller for personal data collected through this website. Contact: privacy@reseni.io.

2. What we collect

  • Contact form: name (optional), email address, topic, and message. Used only to respond to your enquiry.
  • Newsletter (if subscribed): email address only, with double opt-in confirmation. One-click unsubscribe per RFC 8058.
  • Analytics: aggregate, cookieless usage data via self-hosted Plausible. No cross-site tracking, no fingerprinting, no identifiers stored. Honours Global Privacy Control.
  • Server logs: short-lived request metadata for security and reliability, retained ≤30 days, with IP addresses truncated.

3. What we do not collect

  • No third-party analytics (no Google Analytics, no Meta Pixel).
  • No advertising cookies. No session replay. No A/B test trackers.
  • No third-party fonts or JavaScript on content pages.

4. Lawful bases

We rely on (a) legitimate interests for hosting, reliability, and aggregate analytics that cannot identify you, (b) contract / pre-contract for responding to your enquiries, and (c) consent for newsletter subscriptions.

5. Retention

  • Contact submissions: 90 days unless an engagement begins.
  • Newsletter records: until you unsubscribe.
  • Server logs: ≤30 days, IP truncated at write time.
  • Backups: 30 days, encrypted, geographically separate.

6. Your rights

Under GDPR, the Kenya Data Protection Act 2019, and similar regimes you have rights of access, rectification, erasure, restriction, portability, and to object. To exercise any right, email privacy@reseni.io. We respond within 30 days.

7. International transfers

Where data is processed outside your jurisdiction we use appropriate safeguards (e.g. Standard Contractual Clauses, adequacy decisions). Our current sub-processors are listed in our trust center.

8. Security

We follow OWASP ASVS L2 controls and the technical measures described on our security page, including TLS 1.3, a strict Content Security Policy with per-request nonces, and HSTS preload.

9. Changes

We will note material changes in the changelog below and on our writing feed.

10. Complaints

You may lodge a complaint with your supervisory authority — in Kenya, the Office of the Data Protection Commissioner; in the EU, your local DPA.

Privacy notice · Reseni Labs