Privacy Policy

Last updated: 2026-04-18 · Kenya Data Protection Act 2019 compliant

1. What we collect

Account data — email, display name, county (optional), role. Stored when you sign up.

Triage sessions — symptoms you pick, duration, severity, age band, sex, county. Tied to your UID when logged in; anonymous otherwise.

Usage telemetry — page visits (date-bucketed), top counties, top symptoms. Aggregated, not per-user.

Feedback — anything you send via the contact form (name, email, message).

What we do NOT collect — precise location, contacts, photos, files, SMS, device identifiers beyond browser user-agent.

2. How we use it

  • Run the symptom checker and surface matching facilities.
  • Detect outbreak patterns from aggregated, anonymised triage sessions.
  • Improve disease content and facility data accuracy.
  • Respond to your feedback and fix reported bugs.

We never sell your data. We never serve third-party advertising.

3. Storage & security

  • Data lives in Google Firebase Realtime Database, encrypted at rest and in transit.
  • Access is gated by role-based security rules (customer / admin / superadmin).
  • Admin access is logged via sign-in tokens; no plaintext passwords are ever stored.
  • Backups are retained for 30 days then purged.

4. Sharing

We share anonymised, aggregated outbreak signals with the Ministry of Health when a potential cluster is detected. No PII leaves the platform in these reports.

We do not share data with advertisers, brokers, or insurers.

5. Your rights

Under Kenya's Data Protection Act 2019, you have the right to:

  • Access your personal data and triage history from your profile page.
  • Correct any inaccurate profile data.
  • Delete your account and all associated sessions — email compliance@cybervaultke.ac.ke.
  • Object to processing (lodge a complaint with the Office of the Data Protection Commissioner).

6. Children

We do not knowingly collect data from children under 13. Adults may record triage sessions on behalf of dependants; no child-identifying data is required.

7. Medical disclaimer

Triage output is a screening signal, not a medical diagnosis. Always consult a licensed clinician for persistent, worsening, or emergency symptoms. The platform and its operators are not liable for decisions made solely on the basis of screening output.

8. Contact

Privacy questions: compliance@cybervaultke.ac.ke

Technical issues: tech.lead@cybervaultke.ac.ke