Privacy Policy

1. Introduction

Welcome to Bimaspace ("we," "our," or "us"), a product of Namespace Limited. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our insurance management platform.

This Privacy Policy is governed by the laws of the Republic of Kenya, including the Data Protection Act, 2019, and any regulations made thereunder.

By using Bimaspace, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Register for an account using Google OAuth
• Add client information to your account
• Create and manage insurance policies
• Send SMS messages through our platform
• Contact us for support

This information may include:

• Name and email address (from Google account)
• Profile picture (from Google account)
• Client information (names, email addresses, phone numbers, dates of birth)
• Insurance policy details (policy numbers, insurers, dates, premiums)
• Phone numbers for SMS communications
• Any other information you choose to provide

2.2 Automatically Collected Information

When you access our platform, we automatically collect certain information, including:

• Log data (IP address, browser type, pages visited, time spent)
• Device information (device type, operating system)
• Cookies and similar tracking technologies
• Usage data and analytics

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our insurance management platform
• To authenticate your account using Google OAuth
• To manage your client and policy information
• To send SMS reminders and notifications via Africa's Talking
• To improve and personalize your experience
• To analyze usage patterns and optimize our services
• To communicate with you about updates, security alerts, and support
• To comply with legal obligations under Kenyan law
• To detect, prevent, and address technical issues and security concerns

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our platform:

• Google OAuth: For secure authentication and account management
• Africa's Talking: For sending SMS messages to your clients
• Hosting providers: For data storage and application hosting

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities in Kenya, including:

• Compliance with court orders or legal processes
• Protection of our rights, property, or safety
• Investigation of potential violations of our Terms of Service
• Compliance with the Data Protection Act, 2019

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication using Google OAuth 2.0
• Regular security audits and updates
• Limited access to personal information by authorized personnel only
• Secure data centers with physical security measures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymize it.

Factors we consider in determining retention periods include:

• The nature and sensitivity of the information
• Legal and regulatory requirements under Kenyan law
• The purposes for which we collected the information
• Your account status and preferences

7. Your Rights Under Kenyan Law

Under the Data Protection Act, 2019 of Kenya, you have the following rights regarding your personal information:

• Right to Access: Request copies of your personal information
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information
• Right to Restrict Processing: Request limitation of how we use your information
• Right to Data Portability: Request transfer of your information to another service
• Right to Object: Object to our processing of your personal information
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise any of these rights, please contact us using the information provided in Section 11. We will respond to your request within 21 days as required by Kenyan law.

8. International Data Transfers

Your information may be transferred to and processed in countries other than Kenya. These countries may have different data protection laws than Kenya. However, we ensure that any such transfers comply with the Data Protection Act, 2019, and that your information receives adequate protection.

Where required, we implement appropriate safeguards such as standard contractual clauses approved by the Office of the Data Protection Commissioner of Kenya.

9. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our platform
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

Your continued use of Bimaspace after any changes indicates your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

12. Complaints to the Data Protection Commissioner

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya:

13. Consent

By using Bimaspace, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our service.