Privacy Policy

This Policy applies to all users of the DHP platform, including patients, clinicians, pharmacists, Community Health Promoters (CHPs), wholesalers, manufacturers, donors, and administrators. It covers data collected through our web application, mobile PWA, API integrations, and any associated services.

By registering an account or using our services, you acknowledge that you have read, understood, and consent to the practices described in this Policy.

We process your personal data on the following legal bases under Section 30 of the KDPA:

• Explicit Consent — for sensitive health data including medical history, diagnoses, treatment plans, and reproductive health information.
• Contractual Necessity — to provide the services you have signed up for (e.g., e-pharmacy orders, treatment fund management).
• Legal Obligation — to comply with the Digital Health Act 2023, the Pharmacy and Poisons Act (Cap 244), and the Cancer Prevention and Control Act 2012.
• Legitimate Interests — for platform security, fraud prevention, and aggregate analytics that do not override your fundamental rights.
• Vital Interests — in emergency situations where sharing your data may be necessary to protect your life or the life of another person.

3.1 Identity and Contact Data

• Full name, date of birth, gender, national ID or passport number
• Email address and mobile phone number
• County, sub-county, and ward of residence

3.2 Sensitive Health Data (Special Category)

⚠ This data is classified as sensitive personal data under Section 2 of the KDPA and is processed only with your explicit consent or as required by law.

• Medical diagnoses, clinical history, and treatment plans
• Oncology cycle data, chemotherapy records, and drug dispensation history
• Reproductive health information, contraceptive use, and family planning records
• Genomic and biomarker data (where consented)
• Adverse event reports and side-effect disclosures
• Community household health records (for CHPs)

3.3 Professional Credentials (Healthcare Providers)

• PPB licence number and premise licence number
• Medical board registration number
• CPD training records and certification history

3.4 Financial and Transaction Data

• M-Pesa transaction identifiers (not your PIN or full account details)
• Insurance details (SHIF/NHIF membership numbers)
• Crowdfunding contributions and treatment fund ledger entries
• Loyalty points balances and redemption history

3.5 Technical and Usage Data

• IP address, browser type, device type, and operating system
• Session tokens (encrypted, stored as HTTP-only cookies)
• Page views, feature usage, and navigation paths (anonymised)
• Error logs and performance metrics

• Service Delivery — managing your health profile, treatment cycles, drug orders, and loyalty programme.
• Safety and Clinical Triage — detecting adverse events or emergency "red flag" symptoms via our AI chatbot and directing you to care.
• Regulatory Reporting — submitting mandatory reports to the National Cancer Institute of Kenya (NCI-K), the PPB pharmacovigilance system, and the Kenya Health Information System (KHIS).
• Health Information Exchange (HIE) — sharing your records with authorised providers through the Digital Health Agency's Enterprise Service Bus, subject to your consent and as required by the Digital Health Act 2023.
• Platform Security and Compliance — maintaining immutable audit logs, detecting fraud, and conducting Data Protection Impact Assessments (DPIAs).
• Research and Public Health Analytics — generating de-identified, aggregate statistics to support Kenya's FP2030 goals and national health reporting. Individual-level data is never shared without explicit consent.
• Communication — appointment reminders, prescription refill alerts, and platform notifications (you may opt out of non-essential communications).

We do not sell your personal data. We share data only as follows:

In accordance with Section 47 of the Digital Health Act 2023 and supporting regulations, we retain health records for a minimum of 20 years from the date of last interaction or as required by specific legislation, whichever is longer. Other data categories are retained as follows:

• Health / Clinical records: 20 years (mandatory)
• Financial transaction records: 7 years (KRA compliance)
• Audit logs: 7 years in write-once immutable storage
• Session tokens: 24 hours (auto-expiry)
• Marketing preferences: Until withdrawal of consent
• Account data (inactive accounts): 3 years after last login, then anonymised

Upon expiry of retention periods, data is securely deleted or anonymised in a manner that prevents re-identification, using NIST 800-88 compliant methods.

We implement the following technical and organisational measures to protect your data:

• Encryption in Transit: TLS 1.3 for all data transmitted to and from the platform.
• Encryption at Rest: AES-256 disk encryption on all Google Cloud storage services.
• Field-Level Encryption: Sensitive health fields (e.g., diagnosis, medication dosage) are additionally encrypted using Google Cloud KMS envelope encryption.
• Role-Based Access Control (RBAC): All platform access is gated by strict role permissions. No user can access data beyond their authorised scope.
• Multi-Factor Authentication (MFA): Mandatory for all healthcare professional accounts.
• Immutable Audit Logs: All PHI access events are logged in write-once Cloud Audit Logs, exported to BigQuery.
• Firebase App Check: Ensures only registered app instances can access our backend services.
• Data Sovereignty: At least one serving copy of health data is maintained within Kenya/East Africa Google Cloud regions.

As a data subject, you have the following rights under Sections 26–34 of the Kenya Data Protection Act 2019:

• Right of Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.
• Right to Restriction: Temporarily restrict our processing of your data while a dispute is resolved.
• Right to Data Portability: Receive your data in a structured, machine-readable format (FHIR/JSON).
• Right to Object: Object to processing based on legitimate interests, including profiling.
• Right to Withdraw Consent: Withdraw consent at any time without affecting lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with the ODPC at https://www.odpc.go.ke or call 0800 722 722.

To exercise any of these rights, contact our Data Protection Officer at dpo@dhp.ke. We will respond within 21 days as required by the KDPA.

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies (e.g., session authentication) cannot be disabled. You may manage preferences for non-essential cookies from your account settings or our cookie consent banner.

Our platform is not directed at children under the age of 18 without parental/guardian consent. For adolescent reproductive health services, we comply with the Sexual Offences Act and applicable Ministry of Health guidelines on youth-friendly services. Parental consent is obtained and documented where required by law.

As we use Google Cloud / Firebase services, your data may be processed on servers outside Kenya. We ensure all transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) and Google's HIPAA Business Associate Agreement. We require all international processors to maintain equivalent data protection standards to the KDPA.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email and/or a prominent notice on the platform at least 30 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.