Your Privacy is Our Duty
We built Zimasa to make health measurable, understandable, and actionable—while protecting your privacy at every step.
Security
Robust security measures protect your health data with encryption, access controls, and ongoing monitoring aligned to our obligations under the Kenya Data Protection Act 2019.
Learn about our securityPrivacy
See a clear summary of what we collect, how we use it, who we share it with, and where to find the full Zimasa privacy policy.
Read our privacy noticeTerms of Service
Clear, straightforward terms explain your rights, our responsibilities, and how we work together to improve your health.
View terms of serviceHow We Keep Your Data Safe
By working with trusted infrastructure partners and following sound security practices, we ensure your data is protected at every layer of the platform.
Security by Design
Security is built into Zimasa from the ground up—not added as an afterthought. Every feature is designed with privacy and protection as core principles.
Encrypted Storage
We separate user details from health information and store each type of data separately in encrypted servers with strict access controls.
Regular Testing
We regularly review and test our security systems to identify and address vulnerabilities before they become issues.
Compliance Team
Our dedicated Compliance Department ensures every employee fulfills their security responsibilities and follows best practices.
Security Commitments
Kenya DPA 2019
Privacy program aligned to applicable Kenyan data protection obligations
Recognized Security Practices
Controls are designed around encryption, access restriction, monitoring, testing, and vendor governance
Trusted Infrastructure & Partners
We rely on vetted infrastructure and service providers under security and confidentiality controls
Privacy at a Glance
Zimasa is a technology and engagement platform. It does not provide medical care, make clinical decisions, or replace licensed medical judgment.
Short Privacy Notice
AI on the platform is used for decision support only. Humans remain responsible for clinical and coverage decisions. This page gives you the short version; the full legal detail sits in our complete Privacy Policy.
What We Collect
Account and membership information
Account details, contact information, and eligibility or benefits information linked to your program, employer, or payer.
Health and wellness information you choose to share
Wellness goals, screening information, self-reported health details, and care-support information where relevant.
Activity, fitness, and device data
Step count / daily steps and activity data from device sensors, wearables, or Health Connect when you enable those features.
Location and technical data
Approximate or precise location where relevant, plus device, technical, usage, support, payment, and transaction information.
Why We Use It
Operate your account and benefits
To create and manage your account, verify eligibility, and support access to benefits and services.
Support wellness tracking and participation
To show progress, participation, steps, streaks, rewards, and other engagement features you choose to use.
Connect you to providers and services
To help you discover nearby services, coordinate bookings, and facilitate access to providers and support.
Improve, secure, and comply
To improve the platform, protect against fraud and abuse, respond to support requests, and meet legal obligations.
Who We Share Data With
Program and service delivery
Employers, payers, or sponsors where relevant to your benefits, plus healthcare and wellness providers involved in the service you use.
Trusted vendors
Cloud, analytics, communications, payment, support, and security vendors operating under contractual and confidentiality controls.
Telehealth boundary
Where you use telehealth through the platform, your licensed provider controls your clinical records and consultation data. Zimasa facilitates access but does not control those clinical records.
Legal obligations
Regulators, authorities, or other parties where disclosure is required by law, court order, or for safety, fraud, or legal defense reasons.
What We Do Not Do
Zimasa does not sell health data or other sensitive personal data.
We do not use or transfer health data, including Health Connect data, for advertising personalization, data brokerage, or creditworthiness decisions.
Retention and Deletion
We retain personal data only for as long as necessary for service delivery, legal compliance, security, fraud prevention, dispute resolution, and related lawful purposes.
You may request access, correction, deletion, restriction, or other privacy support by contacting our privacy team.
Where deletion is valid and no lawful retention obligation applies, we aim to complete eligible deletion actions within 30 days.
Your Rights Under Kenya DPA 2019
Want the full details?
Read the complete Zimasa Data Processing Policy and Privacy Notice for full information on lawful bases, transfers, security, deletion, and role allocation.
Clear & Fair Terms
Our terms are designed to be transparent about your rights, our responsibilities, and how we work together.
Service Agreement
Understand how you can use Zimasa, what we provide, and the responsibilities we share.
Read full termsUser Responsibilities
Guidelines for using Zimasa responsibly, protecting your account, and maintaining accurate information.
Learn your roleDisclaimers & Limitations
Important information about service limitations, warranties, and liability boundaries.
Read disclaimersUpdates & Changes
How and when we update our terms, and how we'll notify you of significant changes.
See update policyWant to Know More?
Our privacy team can help with access, correction, deletion, restriction, or general privacy questions.
Address
Turnkey House, No. 14 Chalbi Drive
Lavington, Nairobi, Kenya
Office of the Data Protection Commissioner (ODPC):
If you're not satisfied with our response, you can contact the ODPC directly at
www.odpc.go.ke