Our privacy posture

KCFR is a public registry — but its public surface is the report, not the reporter. This page describes what we collect, what we publish, and what we deliberately keep out of the database.

Last updated: 09 May 2026

What we collect when you file a report

• The narrative, scam type, and amount you submit.
• Identifiers you cite (wallet, M-Pesa phone/Pochi/till, social handle, domain).
• A salted hash of your IP address and your browser’s user-agent string. We store the hashes so we can investigate abuse and rate-limit obvious bots; we do not store the raw IP.

Reports can be filed without an account. We do not require you to identify yourself.

What we publish

• The scam type, narrative, amount, incident date, and identifiers from the report.
• For unverified reports, identifier values are partially redacted on every public surface.
• For verified clusters, identifier values are shown in full alongside the cluster.

We do not publish IP hashes, user-agent strings, reporter contact details, or any field that could deanonymize a reporter. Those are excluded from every public DTO and from authority-handoff exports.

If you are named in a report

Anyone whose identifier is cited in a published report can file an appeal via Right to reply. A moderator reviews every appeal — usually within 14 days.

Cookies and tracking

The public site sets one cookie, only after sign-in: a session cookie for moderators. There is no analytics cookie, no third-party tracker, and no advertising pixel. Pages can be browsed entirely cookie-free if you don’t sign in.

Bot mitigation

Form submissions on /report and /right-to-reply may include a Cloudflare Turnstile challenge to filter out automated abuse. Turnstile is configured to use the privacy-preserving managed mode — it does not fingerprint browsers.

Authority requests

See For investigators for the formal handoff process. We will not share data with an authority outside that process. Subject-of-investigation tips are out of scope; we do not warn the people we publish about.

Retention

Reports are kept indefinitely (a clean record for a wallet ten years from now is still useful). Sessions expire after 30 days of inactivity. Audit logs are kept for the lifetime of the registry.

Contact

Privacy questions: privacy@kcfr.ke. To exercise a data-protection right under Kenya’s Data Protection Act, identify the report ID(s) you are contacting about.