Sri Ayyappa Temple Nairobi
Sri Ayyappa Temple
Nairobi · Kenya

Legal

Privacy Policy

Effective May 2026. Last updated May 2026.

Sri Ayyappa Seva Samaj operates the website at ayyappakenya.org, the devotee portal at devotee.ayyappakenya.org, and the Sri Ayyappa Temple mobile app on iOS and Android (collectively, the "Services"). This policy explains what data we collect, how we use it, and the rights you have over it.

1. Data we collect

We collect only what we need to run the temple's bookings, donations and membership ledger:

  • Account data — your full name, email address, phone number, date of birth, and (optionally) your nakshatra, rashi, and gotra used by priests for sankalpam recitation.
  • Family tree — when you add a family member, the same fields for them. Family members under 18 do not need to provide an email.
  • Bookings, donations and membership records — what you booked, when, the amount paid, the payment method and reference (M-Pesa code, cheque number, etc.), and whether the priest has marked the pooja conducted.
  • Profile photo — optional, stored only if you choose to upload one.
  • Device push token — for the mobile app, an Apple / Google push token so we can send you booking confirmations, payment receipts and temple announcements. Stored against your account so we can stop sending when you sign out.
  • Operational logs — IP address, request paths, and timestamps, retained for up to 30 days for security investigation. We redact authorization headers, cookies and any name/email/phone fields from structured logs.

2. How we use it

  • To create and run your devotee account, book poojas, record donations and track your ATM membership.
  • To send you booking confirmations, payment receipts and temple announcements by email and (if enabled) push notification.
  • To let the temple priest recite the right name and astrological details during your sankalpam.
  • To produce financial reports for the temple committee — these are aggregated, not per-devotee.

We do not sell or rent your personal data to anyone. We do not use it for advertising or profiling.

3. Who we share with

  • Temple staff — committee members, treasurers and priests with a portal account can see your contact details, your bookings and your donation history insofar as their role requires.
  • Payment + delivery infrastructure — Gmail SMTP for outbound email, Apple Push Notification Service for iOS push, Firebase Cloud Messaging for Android push. These vendors process the message in transit and do not retain its content beyond delivery.
  • Hosting providers — the application runs on virtual servers hosted in a commercial European data centre, with database, object storage and Redis cache co-located.

4. Storage and security

Data is stored in a PostgreSQL database with daily encrypted backups. Access tokens are short-lived JWTs; refresh tokens are stored as hashed values in the database and as HttpOnly cookies in your browser. Passwords are Argon2id-hashed; sign-in uses a 6-digit one-time code sent to your email rather than a stored password by default. The mobile app and web portal only talk to the API over HTTPS / TLS 1.2+. We apply HSTS and rate-limit per IP at the API gateway.

5. Your rights

  • Access — your profile page shows the data we hold about you.
  • Correction— edit anything that's wrong directly in the app or portal.
  • Deletion — open the mobile app or portal, go to Profile, and tap Delete my account. We'll soft-delete your account immediately: you can no longer sign in, your email + phone + avatar are stripped from the user profile, and your password (if any) is wiped. Your booking and donation history stays on file for the temple's financial ledger as required by Kenyan accounting practice, and each retained transaction continues to show the full name + sankalpam details supplied at booking so the printed receipt can be re-issued on request. Step-by-step instructions — including how to request deletion by email if you've lost access to your account — are on the Account Deletion page.
  • Withdraw consent— turn off push notifications from your phone's settings, or unsubscribe from email by replying to any temple email.

To exercise any of these rights, email us at [email protected].

6. Children

The Services are not directed at children under 13. Family members under 18 can appear in their parent's family tree (so the priest can recite their sankalpam during a family pooja), but only an adult with their own email address can book poojas or hold a portal account.

7. International transfers

Our servers are located in Europe. If you access the Services from outside Europe, your data will be transferred and processed in Europe.

8. Retention

Active account data is kept while your account is open. After deletion, we retain anonymised booking / donation rows indefinitely for the temple's financial records. Operational logs are retained for up to 30 days.

9. Changes to this policy

We'll post any update here and bump the "Last updated" date. Material changes that affect what we collect or how we use it will be announced through an in-app notification before the change takes effect.

10. Contact us

Sri Ayyappa Seva Samaj
Shree Ram Mandir Complex, Bhanderi Road, Parklands, Nairobi, Kenya
Email: [email protected]