Data Protection Privacy First

Data Protection & Privacy

AfyaX treats data as both a strategic asset and a responsibility requiring disciplined stewardship.

Our Data Principles
Our Framework

Data Protection Principles

AfyaX operates under defined principles that guide how we collect, use, and protect your data

Participant Data Rights

Buyers and sellers retain full rights over their proprietary operational and transactional data. Your data belongs to you.

Platform Aggregation Rights

AfyaX may utilize aggregated and anonymized ecosystem data for analytics, optimization, and reporting.

Confidentiality Protection

Cross-entity data visibility is strictly restricted to prevent unauthorized access to sensitive information.

Regulatory Compliance

Data retention and disclosure policies align with applicable regulatory frameworks, including Kenya's Data Protection Act.

Data Minimization

We collect only the data necessary to facilitate healthcare commerce and maintain compliance.

Security by Design

Data protection is embedded into our system architecture, not added as an afterthought.

Data Collection

What Data We Collect

AfyaX collects only the information necessary to operate the healthcare commerce ecosystem and meet regulatory requirements.

Identity & Verification Data

Business registration, PPB licenses, KRA PIN, professional credentials, contact information

Financial Information

Wallet balances, transaction history, payment method details (processed securely by payment partners)

Transactional Data

Order history, product purchases, fulfillment records, delivery confirmations

Technical Data

IP addresses, device information, browser type, platform interaction logs (for security and optimization)

Data We DO NOT Collect

Patient Medical Records

AfyaX is a B2B platform and does not handle individual patient data

Sensitive Personal Information

We do not collect race, religion, political opinions, or biometric data

Payment Card Details

All payments are processed by PCI-DSS compliant partners; we never store full card details

Data Minimization Principle: We collect only what's necessary and nothing more.
Data Usage

How We Use Your Data

Your data enables the healthcare commerce ecosystem while maintaining your privacy

Platform Operations
  • Processing orders and transactions
  • Managing user accounts and access
  • Facilitating communication between buyers and sellers
  • Escrow management and settlement
Compliance & Verification
  • Verifying PPB licenses and credentials
  • Maintaining audit trails for regulatory review
  • Fraud detection and prevention
  • Dispute resolution
Platform Improvement
  • Analyzing usage patterns to improve user experience
  • Developing new features based on user needs
  • Performance optimization
  • Market intelligence (using anonymized data)
Customer Support
  • Responding to inquiries and support requests
  • Resolving issues and disputes
  • Providing order and transaction assistance
  • Platform guidance and training
We do not sell your personal data to third parties.

Your information is used only for the purposes described in this policy.

Data Sharing

When We Share Your Data

AfyaX shares data only in limited circumstances and always with appropriate safeguards.

Third-Party Processors

Payment Processing PCI-DSS Compliant
Cloud Infrastructure ISO 27001 Certified
Logistics Partners Data Protection Agreements
Customer Support Tools GDPR Compliant
All third parties are bound by data processing agreements that prohibit them from using your data for their own purposes.
Security

Data Security Measures

We employ industry-standard security controls to protect your information

Encryption

All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256.

Access Controls

Strict role-based access controls ensure users only see data necessary for their role.

Audit Logging

All access to sensitive data is logged and monitored for unusual activity.

Regular Audits

We conduct regular security assessments and penetration testing.

Data Segregation

Organizational data is strictly segregated to prevent cross-entity access.

24/7 Monitoring

Our security team monitors for threats and suspicious activity around the clock.

Your Rights

Your Data Rights

Under Kenya's Data Protection Act and our commitment to transparency, you have the following rights:

  • Right to Access

    Request a copy of the personal data we hold about you

  • Right to Rectification

    Correct inaccurate or incomplete information

  • Right to Erasure

    Request deletion of your data (subject to legal retention requirements)

  • Right to Restrict Processing

    Limit how we use your data in certain circumstances

  • Right to Data Portability

    Receive your data in a structured, commonly used format

  • Right to Object

    Object to processing based on legitimate interests

Exercise Your Rights

To exercise any of your data rights, please contact our Data Protection Officer:

Email
dpo@afyax.health
Phone
+254 700 123456
Mail
Data Protection Officer
AfyaX
Nairobi, Kenya
Response Time: We will respond to your request within 30 days as required by law.
Submit Data Request
Retention

Data Retention Policy

We retain your data only as long as necessary to fulfill the purposes for which it was collected.

Account Information Active account + 5 years
Transaction Records 7 years (regulatory requirement)
Compliance Documents 5 years after license expiry
Support Communications 3 years
Anonymized Analytics Indefinite (anonymized)

Account Deletion

When you close your account, we will delete or anonymize your personal data, except where we are required to retain it for legal or regulatory reasons.

Request Account Deletion Download My Data
Cookies

Cookie Policy

AfyaX uses cookies and similar technologies to enhance your experience, analyze platform usage, and maintain security.

Types of Cookies We Use:
Essential Cookies Always Active

Required for platform functionality, authentication, and security.

Functional Cookies Optional

Remember your preferences and settings.

Analytics Cookies Optional

Help us understand how visitors use the platform.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Cookie Preferences

Your Data, Protected by Design

AfyaX treats data protection as a fundamental responsibility. If you have questions about how we handle your information, please contact us.

Contact DPO Privacy Policy
Data Protection

Your trust is our priority