Privacy Centre

Privacy Center

We built Zimasa to make health measurable, understandable, and actionable—and to protect your privacy. Below we explain what we collect, why, your choices, and how to contact us. We follow Kenya’s Data Protection Act (2019) and the Data Protection (General) Regulations, 2021.

How we use your data (plain-language purposes)

What we collect

  • Account details (name, contacts), program eligibility (from your employer/payer), bookings/check-ins, feedback/NPS, app usage.
  • Health-related data you choose to share (eg, screening results, categories booked, participation/streaks).
  • Device + technical info (for security and app performance).

Why we collect it

  • To run the service (create your account, show benefits, book providers).
  • To personalize engagement (nudges, reminders, suggested next steps).
  • To measure results in aggregate (Activation %, Redemption %, streaks, NPS).
  • To keep the platform secure and comply with the law.

Lawful bases

  • Your consent (especially for health/sensitive data and certain analytics).
  • Contract (to provide services you or your organization asked for).
  • Legitimate interests (eg, security, preventing fraud), balanced against your rights.
  • Legal obligation, when applicable.
    (We explain the specific basis in product screens/notices where needed.)

Who we share with

  • Your organization (insurer/TPA/employer or program sponsor) for participation and billing, using aggregated or role-appropriate views.
  • Providers you book with (only what’s needed to deliver care/services).
  • Vendors who help us run Zimasa (under contract).
  • Regulators if required by law.
    (We don’t sell personal data.)

Where we store & transfer
We store data in secure environments. If we transfer data outside Kenya, we use required safeguards and document them.

How long we keep it
We keep personal data only as long as needed for the purposes above, then anonymise or delete it under our retention schedule.

Your choices & consent (opt-in/out, preferences)
  • Granular consent: we ask for clear, separate consent for sensitive/health features and optional analytics/marketing.
  • Change your mind anytime: withdraw consent in the app or email us—your choice won’t affect services already delivered.
  • Preference centre: choose the nudges you want (channels, frequency), and what you want to see in your feed.
    (We use plain-language notices and layered screens.)
Your rights (Kenya DPA 2019)

You can: access, correct, delete, object/opt-out, restrict, port certain data, and complain to the ODPC if you’re unhappy with our response. We’ll respond within legal timelines.

How to exercise your rights
Use Settings → Privacy, or email DPO@zimasahealth.com. We may ask for verification.

How we use AI (short)

We use AI to suggest next best steps, time reminders, match providers, and flag anomalies—always with human review of important decisions. We provide short, plain-language explanations in-app. You can opt out of optional AI features.

Security & breaches (short)

We use administrative, technical, and physical safeguards to protect your data. If a breach happens that risks harm, we’ll notify ODPC within 72 hours and, where required, inform affected users. (Our processors must notify us promptly—within 48 hours.)

Proof Ladder methodology

To show program progress, we publish aggregated trends:

  • Activation % (eligible members who activated)
  • Redemption % (members completing ≥1 activity/week)
  • Outcome signals (eg, 4-week streaks, completion rates, NPS)

We don’t publish personally identifiable health information.

Contact our Data Protection Officer

Data Protection Officer
Email: DPO@zimasahealth.com
Address: Turnkey House, No. 14 Chalbi Drive, Lavington, Nairobi
ODPC: You can also contact the Office of the Data Protection Commissioner if you’re not satisfied with our response.

Terms of Service (Simple Stub)

Plain-English note: This summary is for clarity. The full Terms apply.

Terms of Service

1) Who we are
Zimasa Limited (“Zimasa”, “we”, “us”). Contact: support@zimasahealth.com, Turnkey House, No. 14 Chalbi Drive, Lavington, Nairobi.

2) What we provide
We provide a health engagement platform (member app, bookings, reminders, programs) and operational tools for payers/employers/providers. We do not provide medical services or clinical advice. Always follow your clinician’s guidance.

3) Using Zimasa

  • You must be legally allowed to use the service and keep your account secure.
  • Use the platform lawfully and don’t disrupt others (no scraping, hacking, spam, or misuse).
  • Some features are offered via your employer, insurer/TPA, SACCO, or program sponsor—their terms may also apply.

4) Payments
If your organization funds your access, they handle payment with us. Individuals paying directly will see price and billing terms in-app or on the web checkout.

5) AI features
AI may suggest actions, timings, or providers. These are assistive only; final choices are yours. Zimasa’s AI does not make medical or employment decisions on its own.

6) Privacy
Our Privacy Centre explains what we collect, why, sharing, and your rights (Kenya DPA). Where required, we’ll ask for explicit consent.

7) Third-party services & providers
When you book a provider, you form a separate relationship with them. We are not responsible for care quality or third-party services.

8) Intellectual property
The platform, content, and brand are owned by Zimasa or our licensors. We grant you a limited, non-transferable license to use the service while you follow these Terms.

9) Service changes & availability
We may improve or change features. We aim for high availability but don’t guarantee uninterrupted service. We’ll give reasonable notice for material changes.

10) Suspension/termination
We may suspend or end access if you breach these Terms or applicable law, or for security. You can stop using the service at any time.

11) Disclaimers
The service is provided “as is”. We don’t guarantee specific health or financial outcomes.

12) Limitation of liability
To the extent allowed by law, we’re not liable for indirect or special losses. Our total liability is capped at the amounts you (or your sponsor) paid in the last 12 months.

13) Governing law & disputes
These Terms are governed by the laws of Kenya. Disputes will be resolved in Nairobi courts (or arbitration, if we later agree in writing).

14) Changes to these Terms
If we make material changes, we’ll notify you (email/app) and post the updated date. Continued use means you accept the new Terms.

15) Contact
support@zimasahealth.com | +254 710 241 892