Friday, April 10, 2026 ยท Mombasa, Kenya
Sign InSubscribe

Privacy Policy

Last updated: January 2025

Mombasa Journal respects your privacy. This policy explains what data we collect, why, and how we protect it.

1. Data We Collect

We collect data in the following ways:

  • Account data: Name, email, username when you register
  • Usage data: Pages visited, articles read, time on site (via anonymous analytics)
  • Comments: Your name, email (if guest), and comment content
  • Newsletter: Your email address if you subscribe
  • Event submissions: Organizer contact details you provide
  • Technical data: IP address, browser type, device type (for security and analytics)

2. How We Use Your Data

  • To operate and improve the Site
  • To send you the newsletter (only if subscribed)
  • To authenticate your account securely
  • To moderate comments and prevent abuse
  • To respond to your enquiries
  • To detect and prevent security threats

We never sell your personal data to third parties.

3. Cookies

We use the following cookies:

  • Authentication cookies: Keep you signed in (essential, cannot be disabled)
  • CSRF token: Security protection for form submissions (essential)
  • Analytics cookies: Anonymous usage statistics (can be disabled)

We do not use advertising or tracking cookies.

4. Data Security

We protect your data using industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Bcrypt hashing for passwords (never stored in plain text)
  • JWT authentication with short-lived access tokens
  • Regular security audits
  • Access controls limiting staff access to personal data

5. Your Rights

Under Kenyan data protection law (DPA 2019), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and data
  • Withdraw consent for newsletters at any time
  • Object to processing of your data

To exercise these rights, email privacy@mombasajournal.co.ke

6. Data Retention

We retain account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Comment content may be retained in anonymised form.

7. Third-Party Services

We use the following third-party services that may process your data:

  • Cloudinary: Image hosting and optimisation
  • Vercel / AWS: Hosting infrastructure
  • Email provider: Newsletter delivery

Each is bound by their own privacy policies and GDPR/DPA compliance.

8. Contact

Questions or data requests: privacy@mombasajournal.co.ke