Mukulu Global ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website at mukuluglobal.com and our SaaS services, including website management, social media management, and digital growth services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.
1 Overview
Mukulu Global provides enterprise-grade digital infrastructure — websites, social media management, and analytics — to small and medium businesses globally. In the course of providing these services, we process two categories of data:
- Client Data — information you provide when signing up for or using our services (business information, contact details, billing data).
- End-User Data — data relating to visitors of our clients' websites or followers of social media accounts we manage on behalf of clients.
We act as a data controller for Client Data and as a data processor for End-User Data processed on your behalf. This distinction is important and is reflected throughout this policy.
2 Information We Collect
2.1 Information You Provide Directly
- Full name, business name, email address, and phone number (submitted via our contact form or onboarding).
- Billing and payment information (processed via third-party payment processors — we do not store raw card data).
- Business content, brand assets, copy, and social media credentials shared with us to deliver services.
- Communications sent to us via email or contact forms.
2.2 Information Collected Automatically
- IP address, browser type, operating system, and referring URLs.
- Pages visited, time on site, and click patterns (via privacy-friendly analytics — see Section 8).
- Cookie identifiers and session tokens (see Section 8).
2.3 Information from Third Parties
- Social media platform data (e.g., post reach, engagement metrics, follower counts) made available via platform APIs when you grant us access.
- Analytics data from tools integrated at your request.
| Data Type | Source | Purpose | Legal Basis |
|---|---|---|---|
| Contact details | You (form submission) | Service delivery, communications | Contract / Legitimate interest |
| Billing information | You (onboarding) | Payment processing | Contract |
| Brand assets & content | You (service delivery) | Website & social media management | Contract |
| Site analytics | Automatically collected | Platform improvement | Legitimate interest / Consent |
| Social media API data | Platform APIs | Reporting & content management | Contract / Consent |
3 How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery — to build and maintain websites, manage social media accounts, and deliver agreed services under your plan.
- Client Communications — to respond to enquiries, send service updates, monthly reports, and renewal notices.
- Billing & Invoicing — to process payments and maintain financial records as required by law.
- Platform Improvement — to understand how our website is used and improve our offerings.
- Legal Compliance — to comply with applicable laws, regulations, or enforceable government requests.
- Security — to detect, investigate, and prevent fraudulent activity and abuse.
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.
5 Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share information in the following limited circumstances:
5.1 Service Providers (Sub-processors)
We engage trusted third-party vendors to help us deliver services. These sub-processors are contractually bound to handle data securely and only for the purpose of delivering services to us:
- Hosting & Infrastructure — cloud hosting providers for website deployment.
- Payment Processing — PCI-DSS compliant payment processors (e.g., Stripe).
- Email Communications — transactional email providers for service notifications.
- Analytics — Plausible Analytics (privacy-friendly, EU-hosted, no personal data).
- Social Media Platforms — as required to deliver social media management services.
5.2 Legal Requirements
We may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Mukulu Global, our clients, or others.
5.3 Business Transfers
If Mukulu Global is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
6 Data Retention
We retain your information for as long as necessary to deliver our services and comply with legal obligations:
| Data Category | Retention Period | Reason |
|---|---|---|
| Active client records | Duration of contract + 3 years | Service delivery, dispute resolution |
| Billing & invoices | 7 years | Tax and legal compliance |
| Contact form submissions | 2 years | Enquiry follow-up |
| Website analytics | 13 months (rolling) | Platform improvement |
| Social media content & reports | Duration of contract + 90 days | Handoff and transition |
Upon expiry of retention periods, data is securely deleted or anonymised. You may request earlier deletion subject to legal limitations (see Section 9).
7 Security
We implement industry-standard technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. These include:
- SSL/TLS encryption for all data in transit.
- Encrypted storage for sensitive credentials and client assets.
- Access controls — only authorised team members can access client data, strictly on a need-to-know basis.
- Regular security reviews and dependency updates.
- Managed hosting infrastructure with 99.9% uptime SLA and proactive monitoring.
In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware, in accordance with applicable data protection laws, and will provide full details of the nature of the breach and remediation steps taken.
9 Your Rights
Depending on your location, you may have the following rights regarding your personal data. We will respond to all verified requests within 30 days.
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data, subject to legal retention requirements.
Right to Restrict Processing
Request that we limit how we use your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interest or for direct marketing purposes.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Right to Complain
Lodge a complaint with your local data protection authority if you believe we have violated your rights.
To exercise any of these rights, please contact us at hello@mukuluglobal.com with the subject line "Privacy Request." We may need to verify your identity before processing the request.
10 International Data Transfers
Mukulu Global operates across multiple countries, including in Africa, the United States, and Europe. Your information may be transferred to and processed in countries other than your own. We ensure that any such transfers comply with applicable data protection laws through:
- Standard Contractual Clauses (SCCs) approved by relevant data protection authorities.
- Transfers to countries with an adequacy decision from the applicable regulator.
- Data processing agreements with all sub-processors that include appropriate transfer safeguards.
11 Children's Privacy
Our services are directed exclusively at businesses and professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we have collected data from a minor, please contact us immediately.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. We will notify active clients of material changes via email at least 14 days before the changes take effect. The "Last Updated" date at the top of this page will always reflect the most recent revision.
Continued use of our services after the effective date constitutes acceptance of the updated policy. If you do not agree to material changes, you may terminate your service agreement in accordance with your contract terms.
13 Contact Us
If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
- Email: hello@mukuluglobal.com
- Website: mukuluglobal.com
- Subject Line: "Privacy Request" for data rights requests
Questions about your data?
Our team responds to all privacy enquiries within 2 business days.
Contact Us →
4 Social Media Management Services
When you engage Mukulu Global for social media management, we act on your instructions as a data processor. This section explains our specific practices for this service.
4.1 Platform Access & Credentials
To manage your social accounts, you grant us access via official platform APIs (e.g., Meta Business Suite, LinkedIn Campaign Manager, Instagram Graph API). We access only the permissions necessary to perform agreed services and do not store your platform passwords directly.
4.2 Content Ownership
All content created by Mukulu Global on your behalf — posts, graphics, copy, and campaigns — remains your intellectual property upon full payment. We retain no ownership or licensing rights to client-specific content after contract termination.
4.3 Audience & Follower Data
Analytics dashboards and engagement reports we generate may contain aggregated audience demographic data (age ranges, geographies, interests) provided by social platforms. This data is aggregated and non-personally-identifiable. We do not harvest, sell, or independently use follower data from your accounts.
4.4 Third-Party Platform Policies
Social media platforms (Meta, LinkedIn, Instagram, X/Twitter, TikTok, etc.) have their own privacy policies that govern their data practices. Your use of these platforms — and ours on your behalf — is also subject to those policies. We encourage you to review them.
Upon termination of social media management services, we will revoke our API access, return or delete any platform credentials shared with us, and deliver a final performance report within 14 business days.