Effective Date: January 29, 2024
Last Updated: February 20, 2026
This Privacy Policy explains how UzimaNexus ("UzimaNexus," "we," "us," or "our") collects, uses, stores, discloses, and protects personal data when you use our websites, mobile applications, APIs, and related services (collectively, the "Services").
This Policy is designed to align with major global privacy requirements and app marketplace requirements, including principles under GDPR, UK GDPR, CCPA/CPRA, and Google Play and Apple App Store privacy disclosure expectations.
This Policy applies to personal data processed by UzimaNexus as a data controller or business operator in connection with the Services. In some cases (for example, when healthcare institutions use our platform), UzimaNexus may act as a processor/service provider on behalf of a healthcare customer.
Controller contact: UzimaNexus
Postal address: UzimaNexus, Nairobi, Kenya (full legal address available on request)
Email: info@uzimanexus.com
Support: admin@uzimanexus.com
Data Protection Contact / DPO Office: info@uzimanexus.com
Where required by law (e.g., GDPR/UK GDPR), we rely on one or more of the following legal bases:
We do not sell personal data. We do not share personal health data for third-party advertising profiling. We share personal data only as necessary for legitimate operations, including:
All processors/service providers are subject to contractual restrictions and appropriate security controls.
Your personal data may be processed in countries other than your own. Where required, we implement transfer safeguards, such as Standard Contractual Clauses (SCCs), International Data Transfer Agreements, or other recognized legal mechanisms.
We retain personal data for as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on data type, legal requirements, and operational needs.
We implement technical and organizational safeguards appropriate to risk, including encryption in transit and at rest, least-privilege access controls, role-based permissions, multi-factor authentication for administrative access, secure development practices, vulnerability management, and continuous monitoring. No system is 100% secure, but we continuously improve our protections.
If a notifiable data breach occurs, we will investigate promptly and provide notifications in line with applicable law, including GDPR/UK GDPR and Kenya Data Protection Act obligations where those laws apply.
Depending on your location, you may have rights to:
To submit a request, contact info@uzimanexus.com. We may need to verify your identity before processing requests. We aim to acknowledge requests within 7 days and respond within 30 days, subject to lawful extensions.
Account deletion: You can request deletion in-app through Profile > Settings > Privacy > Delete Account, or by emailing info@uzimanexus.com. We will delete or anonymize eligible data, subject to legal or healthcare record retention obligations.
Automated decision-making: We do not make solely automated decisions that produce legal or similarly significant effects without meaningful human involvement. If this changes, we will update this policy and provide required rights notices.
Our Services are not directed to children under the age where parental consent is required by applicable law (for example, under 13 in the U.S., or under 16 in certain regions) unless specifically designed for pediatric care through authorized guardians and healthcare providers. If we learn we collected personal data from a child unlawfully, we will delete it.
UzimaNexus may process health information and other sensitive data. Such processing is handled with heightened protections, role-based access controls, and contractual/legal safeguards. Where applicable, we support healthcare privacy frameworks and contractual requirements (such as data processing agreements and business associate terms when required). We do not use personal health data for third-party behavioral advertising.
The Services are intended to support healthcare administration and information management; they do not replace emergency services. If you are experiencing a medical emergency, contact local emergency services immediately.
We use cookies and similar technologies for authentication, preferences, security, analytics, and product improvement. Mobile apps may use SDK-based identifiers for analytics and fraud prevention. Where required by law, we request consent before non-essential tracking and provide opt-out controls. On iOS, app tracking follows Apple's AppTrackingTransparency (ATT) framework where applicable.
The Services may include links to third-party websites, SDKs, or integrations. Third-party services are governed by their own privacy notices and terms, and we encourage you to review them. We maintain contractual controls (such as DPAs) with processors where required.
We may update this Privacy Policy from time to time. Material changes will be notified through reasonable channels, such as in-app notifications or updates on our website. Continued use of the Services after updates indicates acceptance, to the extent permitted by law.
For privacy questions, rights requests, or complaints:
If you are in a jurisdiction that grants the right to lodge a complaint with a supervisory authority, you may do so at any time. For EEA/UK users, representative details will be published here once designation is complete where legally required.