Paul’s Notes VRL Courses VRL Resources VRL Connect VRL Playbooks VRL Hotline VRL Circle VRL Launchpad VRL Turnaround VRL Scale VRL Studio VRL Ventures Paul’s Notes VRL Courses VRL Resources VRL Connect VRL Playbooks VRL Hotline VRL Circle VRL Launchpad VRL Turnaround VRL Scale VRL Studio VRL Ventures

About Us Our Brands Contact Us Careers Disclaimer Policy Privacy Policy Disputes Policy Refund Policy Terms and Conditions Do Not Sell My Info About Us Our Brands Contact Us Careers Disclaimer Policy Privacy Policy Disputes Policy Refund Policy Terms and Conditions Do Not Sell My Info

Privacy Policy

The short version

VRL collects only what it needs to run its programs and the Connect network. It does not sell your data. It does not share your data with advertisers. It stores your information securely and gives you the right to access or delete it.

The full version below explains how this works in practice.

Who this policy applies to

This Privacy Policy applies to everyone who interacts with VRL, including:

Visitors to vrl.co.ke.
Applicants to any VRL Advisory program (Hotline, Launchpad, Turnaround, Scale).
VRL Circle subscribers.
Providers and seekers on VRL Connect.
Enquirers about VRL Venture.

VRL is the trading name of VIRIOL Limited, a company registered in Kenya. We are the organisation responsible for deciding how your personal information is collected and used.

What data we collect

When you visit vrl.co.ke

We collect standard website analytics data: pages visited, time on page, device type, browser type, and approximate location (country and city). This data is aggregated. It is used to understand how the site is used and to improve content.

We do not use tracking cookies for advertising purposes.

When you subscribe to free content

If you opt in to receive Paul’s Notes or any other VRL content by email, we collect your email address and, where provided, your name. We use this to send you the content you requested. We do not share this list with third parties.

When you apply to an Advisory program

We collect your name, contact details, business name, revenue information, and details about your business operations. This information is used to assess fit, scope the engagement, and deliver the program.

When you purchase a Playbook or Hotline session

We collect your name, contact details, and payment details as required to process the transaction. Payment processing is handled through M-Pesa or a third-party payment gateway. VRL does not store full payment credentials.

When you apply to VRL Connect as a provider

We collect your name, contact details, professional qualifications, credentials, certifications, identification documents (national ID or passport), portfolio samples, and professional references.

We use this information to verify your eligibility to join the network, to build your provider profile, and to match you with seekers.

When you use VRL Connect as a seeker

We collect your name, contact details, and the details of your service request. We use this to match you with a suitable provider.

When you enquire about VRL Venture

We collect your name, contact details, and information about your business. This is used to assess whether Venture is appropriate and to begin any due diligence process.

How we use your data

We use your data to:

Deliver the service or program you have signed up for.
Communicate with you about your engagement or account.
Send you content you have explicitly opted into.
Improve our programs and services.
Comply with legal obligations.

We do not use your data to:

Sell to advertisers.
Build advertising profiles.
Share with third parties for their own marketing purposes.

Who we share your data with

Within a VRL Connect match

When a match is made, VRL shares relevant contact and profile information between the provider and the seeker so they can communicate and arrange the service. Both parties are informed that this sharing will happen before the match is made.

Service providers

VRL uses third-party tools to operate its business. These include email delivery services, payment processors, and cloud storage providers. These providers access your data only to the extent necessary to deliver their service to us. They are required to handle your data securely and are not permitted to use it for their own purposes.

Legal requirements

We will share your data if required to do so by Kenyan law, court order, or regulatory authority.

Business transfers

If VRL is ever acquired or merged, your data may transfer to the new entity. We will notify you if this happens and, where legally required, seek your consent.

How long we keep your data

We keep your data for as long as needed to deliver the service and for a reasonable period afterwards for legal and administrative purposes.

For Advisory clients: engagement records are retained for 7 years after the end of the engagement, consistent with Kenyan commercial record-keeping norms.

For VRL Connect providers: profile and vetting records are retained for the duration of your active membership and for 3 years after removal or voluntary departure.

For email subscribers: your data is held until you unsubscribe.

For Hotline and Playbook purchasers: purchase records are retained for 7 years.

Your rights under Kenyan law

The Kenya Data Protection Act 2019 gives you specific rights over your personal data. These include:

The right to access. You can ask VRL what personal data we hold about you and receive a copy.

The right to correction. You can ask us to correct any inaccurate data we hold.

The right to deletion. You can ask us to delete your data. We will do this unless we have a legal obligation to retain it.

The right to restrict processing. You can ask us to stop processing your data in certain circumstances.

The right to object. You can object to our use of your data for specific purposes, including direct marketing.

The right to data portability. You can ask for a copy of your data in a format you can take elsewhere and use with another service.

To exercise any of these rights, contact us at privacy@vrl.co.ke. We will respond within 30 days.

Cookies

vrl.co.ke uses a small number of cookies for basic functionality and analytics.

We do not use cookies for advertising or tracking across other websites.

You can manage cookies through your browser settings. Disabling cookies may affect some features of the site.

Data security

VRL takes reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

All sensitive data is stored in access-controlled systems. VRL Connect provider credentials and identification documents are stored with restricted access.

VRL staff access your data only to the extent required to do their jobs.

Changes to this policy

VRL may update this Privacy Policy from time to time. Changes will be posted on vrl.co.ke/privacy with the updated effective date. If the changes are material, we will notify active clients and subscribers by email.

Contact

For any privacy-related questions or to exercise your data rights:

Address: Pinetree Plaza, Kilimani, Nairobi, Kenya

Phone: +254 114 837 663

Email: privacy@vrl.co.ke

Website: vrl.co.ke/privacy

Post: VIRIOL Limited, Pinetree Plaza, Kilimani, Nairobi, Kenya.

You also have the right to file a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya if you believe we have mishandled your data.

This Privacy Policy is effective as of 1 May 2026. VIRIOL Limited. Registered in Kenya.