Website: https://mtejaflow.com
Product: MtejaFlow™
Operated by: Lolla Technologies Ltd
Powered by: Mteja360
MtejaFlow™ is built to help businesses manage WhatsApp communication in a structured, secure and responsible way.
Because MtejaFlow™ may process customer names, phone numbers, WhatsApp conversations, bookings, orders, payment references, support requests, feedback and related business information, we take data protection seriously.
We are committed to protecting personal data, respecting customer consent, supporting responsible WhatsApp communication and helping businesses use customer information lawfully and transparently.
MtejaFlow™ is operated by Lolla Technologies Ltd and powered by Mteja360.
This Data Protection Notice explains how MtejaFlow™ approaches the protection of personal data when businesses use the platform to communicate with customers, automate workflows, manage support requests, send payment links, trigger reminders and analyze customer interactions.
It is intended to help:
This Notice should be read together with our Privacy Policy, Terms of Service and WhatsApp Opt-In Policy.
Depending on the situation, MtejaFlow™ / Lolla Technologies Ltd may act as:
3.1 Data Processor / Technology Provider
In many cases, a business uses MtejaFlow™ to communicate with its own customers. The business decides:
In this case, the business is generally the data controller, and MtejaFlow™ acts as a technology provider or data processor.
3.2 Data Controller
MtejaFlow™ / Lolla Technologies Ltd may act as a data controller for information collected directly by us, such as:
MtejaFlow™ may process the following categories of data depending on the client setup and workflows configured.
4.1 Customer Identity Data
4.2 Communication Data
4.3 Workflow Data
4.4 Payment-Related Data
MtejaFlow™ does not store mobile money PINs, card PINs or full card credentials.
4.5 Business Configuration Data
4.6 Technical and Security Data
MtejaFlow™ is guided by the following data protection principles.
5.1 Lawfulness, Fairness and Transparency
Personal data should be collected and used in a lawful, fair and transparent way.
Businesses using MtejaFlow™ should tell customers why their data is being collected and how it will be used.
5.2 Purpose Limitation
Personal data should only be used for clear and legitimate business purposes, such as:
5.3 Data Minimization
Only data that is necessary for the intended purpose should be collected and processed.
Businesses should avoid collecting unnecessary personal information through WhatsApp workflows.
5.4 Accuracy
Businesses should ensure that customer information, service details, prices, menus, account details and automated responses are accurate and up to date.
5.5 Storage Limitation
Personal data should not be kept longer than necessary for the purpose for which it was collected, unless retention is required for legal, contractual, audit or legitimate business reasons.
5.6 Integrity and Confidentiality
Personal data should be protected against unauthorized access, loss, misuse, alteration or disclosure.
MtejaFlow™ supports this through access controls, audit logs, secure integrations and responsible system administration.
5.7 Accountability
Businesses using MtejaFlow™ should be able to demonstrate that they handle customer data responsibly, including how consent is obtained, how opt-outs are managed and how staff access is controlled.
MtejaFlow™ supports WhatsApp communication between businesses and their customers.
Businesses are responsible for ensuring that customers have given appropriate consent where required before receiving WhatsApp messages.
Consent may be collected through:
Businesses should make it clear that the customer is agreeing to receive communication from the business through WhatsApp or related channels.
Customers should have a simple way to stop receiving non-essential WhatsApp messages.
MtejaFlow™ may support opt-out options such as:
Once a customer opts out, the business should stop sending non-essential or marketing messages unless further communication is required for legal, transactional or service-related purposes.
MtejaFlow™ may use AI to help businesses:
AI is used as a support tool. It should not replace human judgment in sensitive, complex or high-risk situations.
Businesses are responsible for reviewing and updating:
Where AI confidence is low or a customer requests human support, the conversation should be escalated to a staff member.
Businesses should only give MtejaFlow™ access to authorized staff.
Recommended access principles:
MtejaFlow™ supports role-based access and operational accountability depending on the client's selected plan and configuration.
MtejaFlow™ applies reasonable technical and organizational measures to protect data.
These may include:
No digital platform can guarantee absolute security, but MtejaFlow™ is designed to reduce avoidable risks and support responsible data handling.
Businesses using MtejaFlow™ are responsible for:
MtejaFlow™ provides the technology platform, but each business remains responsible for how it communicates with its customers.
Personal data may be shared only where necessary to provide the service, support the client or comply with legal obligations.
Data may be shared with:
MtejaFlow™ does not sell personal data.
MtejaFlow™ may depend on third-party platforms such as:
These third parties may have their own privacy policies, terms and data handling practices.
Businesses should review relevant third-party terms where applicable.
Some systems, infrastructure providers or support services used by MtejaFlow™ may process or store data outside Kenya.
Where cross-border processing occurs, MtejaFlow™ aims to use appropriate safeguards and reasonable contractual or technical measures to protect personal data.
Businesses with strict data residency requirements should notify MtejaFlow™ before onboarding.
Data is retained only for as long as necessary for the purpose for which it was collected or processed.
Retention may depend on:
Examples:
A client may request data export or deletion subject to legal, contractual, technical and payment limitations.
Subject to applicable law, individuals may have rights over their personal data, including the right to:
Where MtejaFlow™ processes data on behalf of a business, data subject requests may need to be handled by that business as the data controller.
Requests can be sent to:
If MtejaFlow™ becomes aware of a data security incident, we will take reasonable steps to:
Where legally required, affected parties or regulators may be notified.
Businesses using MtejaFlow™ should also maintain internal procedures for identifying and reporting suspected data incidents.
MtejaFlow™ may be used by schools, colleges or institutions to communicate with parents, guardians, students or applicants.
Where children's or student data is processed, the institution is responsible for ensuring that:
MtejaFlow™ provides the communication and workflow platform, but the institution remains responsible for lawful handling of student and education records.
Businesses using MtejaFlow™ should only send marketing or promotional messages where appropriate consent exists.
Marketing messages should:
MtejaFlow™ may support frequency throttling, approval workflows and opt-out tracking to help businesses manage responsible campaigns.
MtejaFlow™ promotes responsible data governance through:
Businesses should appoint responsible staff to manage data, customer communication, WhatsApp campaigns and support escalations.
For data protection questions, requests or concerns, contact:
MtejaFlow™ Data Protection Contact
Operated by Lolla Technologies Ltd
Website: https://mtejaflow.com
Email: support@mtejaflow.com
Sales: sales@mtejaflow.com
Phone / WhatsApp: +254 717 042 042
Location: Nairobi, Kenya
This Data Protection Notice may be updated from time to time to reflect changes in our platform, legal requirements, operating practices or third-party services.
The updated version will be posted on https://mtejaflow.com with a revised effective date.
MtejaFlow™ is built to help businesses use WhatsApp in a more structured, professional and responsible way.
Our goal is to help organizations communicate faster while respecting customer privacy, consent and data protection obligations.
MtejaFlow™ is powered by Mteja360 and operated by Lolla Technologies Ltd.