PRIVACY POLICY

Last Updated: November 21, 2025

This Privacy Policy (the "Policy") outlines how Usalama Barabarani ("we," "us," or "our") collects, uses, processes, and protects your Personal Data in compliance with the Kenya Data Protection Act, 2019 (DPA) and its attendant Regulations.

By using our mobile application and services (the "App"), you expressly consent to the collection and processing of your Personal Data, including high-risk and sensitive data, as described in this Policy.

1. IDENTITY AND CONTACT DETAILS (Data Controller)

Data Controller: Panacea Innovative Solutions

Registration Status: We have applied for registration with the Office of the Data Protection Commissioner (ODPC) of Kenya.

Address:

Email for Privacy Concerns: panaceainnovativesolutions254@gmail.com

2. PERSONAL DATA COLLECTED AND LEGAL BASIS

We collect and process your Personal Data based on the legal ground of Explicit Consent, as the data collected is necessary for the performance of the core services of the App.

Category of Data	Specific Data Elements	Purpose of Processing (Why it is necessary)	Necessity Justification (DPA Principle of Data Minimization)
A. Identity & Contact Data	Full Name, Email Address, Phone Number	To create and manage your user account, verify identity, facilitate password recovery, and send essential service communications.	Necessary for contractual setup and delivery of core user services.
B. Professional Data	Occupational Details (Job Title, Company/Industry, etc.)	To tailor the App’s features to your professional context, provide relevant content, and inform service improvements.	Necessary to provide customized and professionally relevant service features.
C. High-Risk Communication Data	SMS Content & Call Logs (state - missed/answered/duration)	To automatically detect and track calls interactions relevant to road safety regulations that prohibit driving at high speeds while driving. For the SMS it is to be used to send communications offline.	Crucially necessary for the App’s core function of offline communication and call duration monitoring. Without this data, the App cannot perform the stated service. This requires strict, express consent.
D. Location Data	Real-Time and Background Geolocation Data	To provide location-based services (e.g., speed, location of incidences such as accidents and overspeeds) only when the app is in use or running in the background.	Necessary for the App's core functionality to track location-dependent tasks or provide continuous monitoring.
E. Usage Data	IP address, device identifiers, operating system version, time spent in App features.	To monitor the performance of the App, prevent fraud, and ensure the security and stability of our services.	Necessary for service improvement, maintenance, and compliance with data security principles.

3. PRINCIPLES FOR PROCESSING HIGH-RISK DATA

The collection of Background Location, SMS Logs, and Call Logs is considered intrusive and we adhere to the strictest principles mandated by the Kenya DPA:

Explicit Consent: We will obtain your express, unequivocal, free, specific, and informed consent for each category of high-risk data (Location, SMS, and Calls) before enabling these features.
Withdrawal: You have the absolute right to withdraw your consent for the collection of any or all of this data at any time through the App settings or by contacting our Privacy Email. Withdrawal will result in the suspension or termination of services that rely on that specific data.
Data Minimisation: We only collect the minimal amount of data necessary to achieve the stated purposes. We do not unnecessarily reveal information relating to your family or private affairs.
Security: We employ robust technical and organizational measures, including encryption and strict access controls, to protect this sensitive data from unauthorized access or breach.

4. SHARING AND DISCLOSURE OF PERSONAL DATA

We will only share your Personal Data with third parties in the following circumstances:

Service Providers: With third-party service providers (e.g., cloud hosting, analytics) who process data strictly on our behalf and are bound by contractual data protection obligations that meet DPA standards.
Legal Obligation: Where required to do so by any law, court order, or governmental authority in Kenya, including the Office of the Data Protection Commissioner (ODPC).
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred, provided the receiving party agrees to adhere to the standards set out in this Policy.
With Your Consent: If you have given us explicit, specific consent to share your data for a particular purpose.

Cross-Border Transfer: If we transfer your Personal Data outside of Kenya, we will ensure that appropriate safeguards are in place, such as proof of commensurate data protection laws in the recipient country or your explicit consent, as required by the DPA.

5. YOUR DATA SUBJECT RIGHTS (DPA Rights)

Under the Kenya DPA, you have the following rights regarding your Personal Data:

Right to Be Informed: The right to be clearly informed about the processing of your Personal Data (which this Policy serves to do).
Right of Access: The right to request and receive a copy of the Personal Data we hold about you.
Right to Rectification: The right to request the correction of any incomplete or inaccurate data we hold about you.
Right to Object/Restrict: The right to object to the processing of your Personal Data, including for direct marketing purposes.
Right to Erasure (Deletion): The right to request the deletion of your Personal Data where there is no lawful reason for us to continue processing it (subject to legal retention requirements).
Right to Data Portability: The right to request your Personal Data in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent: The right to withdraw your consent to processing at any time, which will not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at the Privacy Email provided in Section 1. We will respond to your request within the period prescribed by the DPA.

6. CHANGES TO THIS POLICY

We reserve the right to amend this Policy at any time. We will notify you of any material changes via email or through the App before the changes take effect. Your continued use of the App after the effective date of the revised Policy constitutes your acceptance of the new terms.