Home Privacy Policy
Legal Document

Privacy Policy

Your privacy matters deeply to us. Here is exactly what data we collect, why we collect it, and how we protect it.

No data selling
Encrypted sessions
Delete in 30 days
Effective: June 3, 2026 Kenya Data Protection Act 2019 & GDPR compliant
1

Who We Are

The Writora ("we", "us", "our") is the operator of thewritora.com, a global, independent, multi-author digital publishing platform providing access to journalism, long-form analysis, opinion writing, and creative content. The Writora operates from the Republic of Kenya and serves a global readership.

This Privacy Policy describes how The Writora collects, uses, stores, shares, and protects the personal data of individuals who visit, register on, or otherwise interact with the Platform ("you", "your", "User"). This Policy applies to all personal data collected through the Platform, our emails, and any related services or communications.

The Writora acts as the data controller in respect of the personal data you provide to us. This means we determine the purposes and means of processing your personal data, and we are responsible for ensuring that such processing complies with applicable data protection laws, including the Kenya Data Protection Act 2019, the EU General Data Protection Regulation (GDPR), and the UK GDPR, to the extent that these laws apply to our processing activities.

For all privacy-related enquiries, requests to exercise your data rights, or concerns about our data practices, please contact our dedicated Privacy Team at [email protected]. We are committed to responding to all privacy enquiries within 30 days of receipt.

2

Information We Collect

We collect personal information only to the extent necessary to provide and improve the Platform. The categories of data we collect are as follows:

👤

Account & Registration Data

When you create an account, we collect your full name, email address, and a password. Your password is immediately hashed using industry-standard cryptographic algorithms (bcrypt) and is never stored in plain text. We never have access to your plain-text password at any point.

✏️

Profile & Author Data

You may optionally provide additional profile information such as a profile photograph (avatar), a short biography, social media profile links, and a personal website URL. This information is voluntary and may be publicly visible to other users and visitors to the Platform. Authors who publish content on the Platform may have their name and profile displayed alongside their published articles.

💳

Subscription & Billing Data

We store your subscription status (active, expired, or cancelled) and the date your current subscription period expires. We do not store your card number, mobile money PIN, bank account number, or any other sensitive financial credentials. All payment information is handled exclusively and securely by Paystack, our payment processor. We receive only a transaction confirmation reference and your Paystack customer code, which we use to manage your subscription status.

📖

Usage & Interaction Data

We collect data about how you interact with the Platform, including the articles you read or bookmark, comments you post, reactions or likes you submit, authors you follow, and search queries you enter. This data helps us understand how the Platform is used, personalise your experience, and improve our content recommendations.

🔧

Technical & Device Data

We automatically collect certain technical information when you access the Platform, including your IP address, browser type and version, operating system and device type, screen resolution, referring URL, pages visited, time spent on pages, and general geographic location (derived from your IP address at the country or city level only). This data is used for security, fraud prevention, and analytics purposes.

📧

Communications Data

If you contact us directly by email or through any support channel, we will retain the content of your communication, your email address, and any other information you choose to provide, for the purpose of responding to your enquiry and maintaining a record of our correspondence.

3

How We Use Your Information

We process your personal data only for specific, legitimate, and clearly defined purposes. We do not use your personal data for purposes incompatible with those described below. The legal bases upon which we rely for each category of processing are as stated:

To create and manage your account — Processing your registration data is necessary to perform the contract between you and The Writora when you register for an account.
To process and manage your Premium subscription — Including granting access to premium content, verifying payment status, and sending subscription-related notifications. This processing is necessary to perform your subscription contract.
To send transactional and service emails — Such as email address verification, password reset notifications, subscription expiry reminders, and payment confirmation receipts. These communications are necessary for the performance of your contract with us and cannot be opted out of while your account is active.
To personalise your reading experience — Including showing you relevant content recommendations, remembering your preferences, and displaying your reading history. This is processed on the basis of our legitimate interest in improving user engagement.
To display advertising to free-tier users — We work with Google AdSense to display personalised advertisements to users who are not Premium subscribers. This processing is based on your consent where required by law, and on our legitimate interest in generating revenue to sustain the Platform.
To maintain Platform security and prevent fraud — Including monitoring for suspicious activity, enforcing our Terms of Service, and protecting the integrity of the Platform. This is processed on the basis of our legitimate interests and legal obligations.
To analyse and improve the Platform — We use aggregated and anonymised data to understand how users interact with the Platform, identify technical issues, and develop new features. This processing is based on our legitimate interest in improving our services.

We will never sell, rent, or trade your personal data to any third party for their own marketing purposes. We do not use your personal data to make automated decisions that would have a significant legal or similarly significant effect on you without human review.

4

Cookies & Tracking Technologies

The Writora uses cookies and similar tracking technologies to operate, secure, and improve the Platform. A cookie is a small text file that is placed on your device when you visit a website. Cookies serve a variety of functions, from keeping you logged in to helping us understand how users engage with our content.

We use the following categories of cookies:

Strictly Necessary Cookies

These cookies are essential for the Platform to function and cannot be switched off. They are set in response to actions you take such as logging in, setting your preferences, or filling in forms. Without these cookies, the Platform cannot function correctly. They include session authentication tokens that keep you securely logged in during your visit.

Functionality Cookies

These cookies allow the Platform to remember choices you have made, such as your display preferences, reading history, and account settings, in order to provide a more personalised experience.

Analytics Cookies

These cookies help us understand how visitors interact with the Platform by collecting and reporting information anonymously or in aggregate. This data helps us identify which articles are most popular, how users navigate the Platform, and where we can make improvements.

Advertising Cookies (Free-tier Users Only)

For users who are not Premium subscribers, Google AdSense may place advertising cookies on your device to serve you relevant, interest-based advertisements. These cookies track your browsing behaviour across websites to build a profile of your interests. Premium subscribers are not shown ads and are not subject to advertising cookies from The Writora's systems.

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. However, please note that disabling or refusing certain cookies may impact the functionality of the Platform — for example, you may not be able to remain logged in if session cookies are blocked. For more information about managing cookies, visit allaboutcookies.org.

5

Third-Party Services & Data Sharing

The Writora works with a limited number of trusted third-party service providers to operate the Platform. We share your personal data with these providers only to the extent necessary to deliver the services described, and we require them to maintain appropriate security and confidentiality standards. We do not sell your personal data to any third party.

P

Paystack (Payment Processing)

When you initiate a payment, we share your email address with Paystack to create or retrieve your customer record. Paystack processes your payment information directly and securely on their PCI-DSS compliant platform. We receive back only a transaction status, reference number, and customer code — never your card, bank, or mobile money credentials. Paystack's use of your data is governed by their own Privacy Policy, which we encourage you to read.

G

Google AdSense (Advertising)

We display advertisements to free-tier (non-Premium) users on the Platform through Google AdSense. Google may use cookies and device identifiers to serve you personalised advertisements based on your browsing history across different websites. Premium subscribers do not see advertisements. You can opt out of personalised advertising from Google at any time via google.com/settings/ads.

CF

Cloudflare (Security & Performance)

We use Cloudflare to provide content delivery network (CDN) services, DDoS attack protection, web application firewall (WAF) functionality, and performance optimisation. Cloudflare processes web traffic data including IP addresses as part of these services. Cloudflare's data practices are governed by their own Privacy Policy.

E

Email Service Provider (Transactional Email)

We use a third-party email service provider to deliver transactional emails such as account verification, password reset, and subscription notifications. We share your email address and the relevant notification content with this provider solely for the purpose of delivering these emails. We do not use this provider for marketing email campaigns without your explicit consent.

Beyond the above, we may disclose your personal data to law enforcement, regulatory authorities, or other third parties if required to do so by applicable law, court order, or regulatory requirement; or where we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of The Writora, our users, or the public.

6

Data Retention

We retain your personal data for as long as your account remains active, or for as long as is necessary to fulfil the purposes for which it was collected as described in this Policy, whichever is longer. We apply the following retention guidelines:

Account data (name, email, password hash): Retained for the lifetime of your account. Upon account deletion, this data is permanently removed within 30 days.
Subscription and billing records: Retained for a minimum of 7 years after the relevant transaction date to comply with financial record-keeping and tax obligations under Kenyan law and other applicable regulations.
Usage and interaction data: Retained for a period of up to 2 years from collection, after which it is either deleted or anonymised so that it can no longer be attributed to you personally.
Technical and device data (logs): Server logs are typically retained for 90 days for security and debugging purposes, after which they are deleted or anonymised.
Communications data: Correspondence with our support team is retained for up to 3 years for the purpose of maintaining a record of how we have addressed your enquiries.

You may request the deletion of your account and all associated personal data at any time by emailing [email protected]. Deletion requests will be processed within 30 calendar days. Note that certain data may be retained after deletion where we have a legal obligation to do so (for example, financial records required by tax law), and such retained data will be kept strictly for compliance purposes and not used for any other processing.

7

Data Security

🔒

HTTPS Encryption

TLS enforced on all connections

🔑

Hashed Passwords

bcrypt — never stored in plain text

🛡️

Encrypted Sessions

Secure, SameSite cookie policy

The Writora takes the security of your personal data seriously and implements a range of technical and organisational measures designed to protect your data against unauthorised access, loss, destruction, or alteration. These measures include:

All data transmitted between your browser and the Platform is encrypted using Transport Layer Security (TLS/HTTPS). HTTP connections are automatically redirected to HTTPS.
All user passwords are hashed using the bcrypt algorithm with an appropriate cost factor before being stored in our database. We never store or have access to plain-text passwords.
Session data is encrypted at rest. Session cookies are configured with the Secure, HttpOnly, and SameSite=Lax attributes to prevent interception and cross-site request forgery attacks.
The Platform is protected by HTTP security headers including Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Strict-Transport-Security (HSTS).
Access to user data within our administrative systems is restricted to authorised personnel only, on a strict need-to-know basis.
Rate limiting is applied to authentication endpoints to protect against brute-force and credential-stuffing attacks.

While we implement these and other rigorous security measures, please be aware that no method of transmitting data over the internet or storing data electronically is completely secure. We cannot guarantee absolute security, and we encourage you to use strong, unique passwords for your account and to notify us immediately at [email protected] if you believe your account has been compromised or if you discover a potential security vulnerability.

8

Your Rights

Under the Kenya Data Protection Act 2019, the EU GDPR, UK GDPR, and other applicable privacy laws, you have comprehensive rights over your personal data. We are committed to honouring these rights promptly and without unnecessary barriers. The rights available to you include:

Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we use it, who we share it with, and how long we retain it.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected or completed without undue delay.

Right to Erasure ("Right to be Forgotten")

You have the right to request that we delete your personal data where it is no longer necessary for the purposes it was collected, you withdraw your consent, or you object to our processing and we have no overriding legitimate grounds.

Right to Data Portability

Where we process your data by automated means on the basis of your consent or to perform a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while you contest the accuracy of the data, or while an objection is being assessed.

Right to Object

You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. You may also object to processing for direct marketing purposes at any time, without needing to give a reason.

Right to Withdraw Consent

Where we process your data on the basis of your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint

If you believe that our processing of your personal data violates applicable law, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya or the supervisory authority in your jurisdiction.

To exercise any of the above rights, please submit a written request to [email protected] from the email address associated with your account. We will respond to all requests within 30 calendar days. In complex cases or where we receive a high volume of requests, we may extend this period by a further two months, in which case we will notify you of the extension within the initial 30-day period. We may need to verify your identity before fulfilling your request.

9

Children's Privacy

The Writora is not directed at, and is not intended for use by, children under the age of 13. We do not knowingly collect, solicit, or process personal data from children under the age of 13 (or under the applicable age threshold in your jurisdiction — for example, 16 in certain EU member states under GDPR). If you are under the applicable minimum age, you must not register for an account, provide any personal information to us, or use any features of the Platform that require you to submit personal data.

If you are a parent or legal guardian and you believe that your child has provided us with personal data without your consent, please contact us immediately at [email protected]. Upon receiving verifiable notification, we will take prompt steps to delete the relevant personal data from our systems, typically within 14 days of confirmation.

While the Platform contains written content intended for a general adult readership, we acknowledge that some content may be suitable for older teenagers. Users between the ages of 13 and 18 are encouraged to use the Platform only with the knowledge and supervision of a parent or legal guardian, who should review and agree to these Terms on the minor's behalf. The Writora does not use the data of users under 18 for any advertising profiling purposes.

10

International Data Transfers

The Writora operates primarily from Kenya, and our servers and primary data storage are located within or connected to services available in the Republic of Kenya. However, because we use third-party service providers such as Paystack, Google AdSense, and Cloudflare — which operate globally — your personal data may be transferred to, stored in, or processed in countries outside of Kenya, including countries within the European Economic Area (EEA) or the United States.

Where we transfer your personal data outside of Kenya or the EEA to countries that may not provide the same level of data protection as your home jurisdiction, we take steps to ensure that appropriate safeguards are in place. These safeguards may include relying on Standard Contractual Clauses (SCCs) approved by the relevant data protection authorities, binding corporate rules, adequacy decisions, or other legally recognised mechanisms for international data transfers.

By using the Platform and providing your personal data to us, you acknowledge and consent to the transfer of your personal data to countries outside your jurisdiction in the circumstances described above. If you would like more information about the specific safeguards we rely on for international transfers, or if you are a data subject in the EU or UK and have concerns about the adequacy of protections for your data, please contact us at [email protected].

11

Changes to This Policy

The Writora reserves the right to update, revise, or amend this Privacy Policy at any time to reflect changes in our practices, legal requirements, the services we offer, or for other operational or regulatory reasons. We will not reduce your rights under this Privacy Policy without your explicit consent where required by applicable law.

When we make material changes to this Policy — that is, changes that significantly affect how we collect, use, or share your personal data — we will notify you by sending an email to the address associated with your account at least seven (7) days before the changes take effect, and by prominently updating the "Effective Date" displayed at the top of this page. We encourage you to review this Policy periodically to stay informed of how we are protecting your personal data.

For minor or administrative updates that do not materially affect your rights, we may update this Policy without sending individual notifications, though the Effective Date will always be updated to reflect when the Policy was last changed. Your continued use of the Platform following the effective date of any updated Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with any changes, you should cease using the Platform and, if desired, request deletion of your account and personal data before the changes take effect.

The current version of this Privacy Policy will always be accessible at thewritora.com/privacy. If you have any questions about a change we have made or are planning to make to this Policy, please contact us at [email protected].

12

Contact Our Privacy Team

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to reach out to us. We take privacy enquiries seriously and aim to respond to all requests promptly and transparently. You may contact us through any of the following channels:

Privacy & Data Rights

[email protected]

General Support

[email protected]

The Writora · thewritora.com · Republic of Kenya. We respond to privacy requests within 30 calendar days. For urgent data protection matters, please mark your email subject line as "URGENT DATA REQUEST". You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya at odpc.go.ke.

Effective: June 3, 2026 · The Writora
Terms of Service · Contact Privacy Team

Free Newsletter

The best articles, every week.

Join readers getting handpicked stories from The Writora. No spam, ever.