Afya Njema Kenya — Privacy Policy

1. Introduction

Afya Njema Kenya ("we", "us", "our") is a health technology platform operated by JAVI Research Support Services Limited. This Privacy Policy explains how we collect, use, store, and protect your personal and health information when you use our mobile application and web portal.

2. Information We Collect

2.1 Personal Information

• Phone number and/or email address (for authentication)
• Name, date of birth, gender
• National ID or Huduma number (optional)
• Location data (to find nearby facilities, pharmacies, and ambulances)

2.2 Health Information

• Symptoms and triage session data
• Health profile (blood group, allergies, chronic conditions)
• Appointment and consultation history
• Prescription and drug order history
• Insurance/SHA details

2.3 Payment Information

• M-PESA transaction references and payment history
• Subscription status and billing records

2.4 Technical Information

• Device type, operating system, app version
• IP address and usage analytics

3. How We Use Your Information

• To provide AI-powered symptom triage and health recommendations
• To connect you with nearby healthcare facilities, doctors, and pharmacies
• To process appointment bookings and drug orders
• To dispatch emergency ambulance services
• To process payments via M-PESA and other methods
• To send OTPs, appointment reminders, and service notifications
• To improve our services through anonymized analytics

4. Data Sharing

We do not sell your personal data. We share information only with:

• Healthcare providers — doctors, pharmacies, and facilities you interact with, to fulfill appointments and orders
• Payment processors — Safaricom (M-PESA) for payment processing
• SMS providers — HostPinnacle for OTP delivery
• Emergency services — ambulance providers when you request dispatch
• Legal authorities — when required by Kenyan law

5. Data Storage and Security

Your data is stored on secure servers hosted by DigitalOcean with encrypted connections (TLS/SSL). Health data is stored in a PostgreSQL database with access controls. We use industry-standard security measures including:

• Encrypted data transmission (HTTPS)
• Hashed OTPs and passwords (SHA-256, bcrypt)
• JWT-based authentication with token rotation
• Role-based access controls

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal and health data is permanently removed from our systems. Anonymized analytics data may be retained for service improvement.

7. Your Rights

Under Kenyan data protection law (Data Protection Act, 2019), you have the right to:

• Access — request a copy of your personal data
• Correction — update inaccurate information
• Deletion — permanently delete your account and data
• Suspension — temporarily deactivate your account
• Portability — request your data in a machine-readable format

To exercise these rights, visit Manage Your Account or contact us at the address below.

8. Children's Privacy

Afya Njema is not intended for children under 18. We do not knowingly collect data from minors. If you believe a child has provided us with personal data, please contact us for deletion.

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through the app or via SMS. Continued use of Afya Njema after changes constitutes acceptance.

10. Contact Us

For privacy-related inquiries:

• Company: JAVI Research Support Services Limited
• Email: [email protected]
• Phone: +254 714 282 133

Last updated: 16 March 2026