Contents

Last Updated: May 11, 2026

Privacy Policy

Your Privacy Rights Under Kenya Data Protection Act, 2019

Fully Compliant with Kenyan Data Protection Laws
Important: Peace Pulse 254 is committed to protecting your personal data in accordance with the Kenya Data Protection Act, 2019 (Act No. 24 of 2019) and the Data Protection (General) Regulations, 2021.

1. Introduction

Peace Pulse 254 ("we," "our," "us," or "the Platform") operates as a citizen-powered governance intelligence system in Kenya. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform, website, and services.

We are committed to protecting your privacy and ensuring transparency in our data processing activities. This policy is designed to comply with the Kenya Data Protection Act, 2019 and other applicable data protection regulations.

By using Peace Pulse 254, you consent to the data practices described in this Privacy Policy. If you do not agree with any part of this policy, please do not use our services.

2. Data Controller

Peace Pulse 254
Registered Office: Nairobi, Kenya
Data Protection Officer (DPO): Mr. John Kamau
Email: dpo@peacepulse254.co.ke
Phone: +254 700 123 456
Registration Number: PP254/2024/DPO-001
Data Protection Registration Number: Pending Registration with Office of the Data Protection Commissioner (ODPC)

Our Data Protection Officer is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO using the details above.

3. Personal Data We Collect

We may collect and process the following categories of personal data about you:

Category Data Collected Purpose
Identity Data Full name, username, date of birth, national ID number (optional), gender Account creation, verification, and personalization
Contact Data Email address, phone number, physical address, county, constituency Communication, verification, and geographic analysis
Account Data Username, password, role (citizen/government/donor), profile picture Platform access and personalization
Feedback Data Project feedback, ratings, experiences, photos, videos, location data (GPS coordinates) Citizen feedback collection and analysis
Technical Data IP address, browser type, device information, operating system, access times Platform security, analytics, and performance optimization
Usage Data Pages visited, time spent, features used, search queries, interaction patterns Platform improvement and user experience enhancement
Social Media Data Public posts, comments, hashtags, engagement metrics from connected platforms Social sentiment analysis and trend tracking
Sensitive Data We do NOT collect sensitive personal data (health data, biometric data, religious beliefs, political opinions, etc.) N/A - We explicitly avoid collecting sensitive data
Note on Location Data: We collect approximate location data (county/constituency) for geographic analysis. GPS coordinates are only collected when you explicitly choose to share your feedback location.

4. Purpose of Collection and Processing

We collect and process your personal data for the following legitimate purposes:

Platform Operations

To enable citizen feedback collection, project tracking, and impact assessment across Kenya.

Account Security

To authenticate users, prevent fraud, and ensure platform security.

Data Analysis

To generate insights, create dashboards, and support government accountability.

Communication

To respond to inquiries, send updates, and provide platform notifications.

Research & Development

To improve our services and develop new features.

Legal Compliance

To comply with legal obligations and regulatory requirements.

6. Data Sharing & Disclosure

We may share your personal data with the following categories of recipients:

Recipient Category Data Shared Purpose Safeguards
Government Agencies Aggregated feedback data, anonymized statistics, project impact data Service delivery improvement, policy making, accountability reporting Data Protection Agreements, limited to anonymized data
Development Partners/Donors Aggregated impact data, project performance metrics, anonymized success stories Funding verification, M&E reporting, impact assessment Non-disclosure agreements, anonymization
Service Providers Hosting data, technical logs, platform usage data Platform hosting, maintenance, security, analytics Data Processing Agreements (DPAs), confidentiality clauses
Research Institutions Anonymized data, aggregated statistics, non-identifiable feedback Academic research, policy analysis, development studies Research ethics approval, anonymization protocols
Legal & Regulatory As required by law (court orders, regulatory requests) Legal compliance, law enforcement Legal review, minimal necessary disclosure
Important: We do NOT sell, rent, or trade your personal data to third parties. Your data is only shared as described above with appropriate safeguards.

7. Your Data Subject Rights

Under the Kenya Data Protection Act, 2019, you have the following rights regarding your personal data:

You have the right to be informed about how your personal data is being collected, used, and shared. This Privacy Policy fulfills that obligation.

You have the right to request a copy of the personal data we hold about you. We will provide this free of charge within 30 days of your request.

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing.

You have the right to restrict the processing of your personal data under certain circumstances.

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

You have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe we have violated your data protection rights.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at:

Email: dpo@peacepulse254.co.ke
Phone: +254 700 123 456
Address: Peace Pulse 254, P.O. Box 12345-00100, Nairobi, Kenya

We will respond to your request within 30 days as required by Kenyan law. We may need to verify your identity before processing your request.

8. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption

AES-256 encryption for data at rest, TLS 1.3 for data in transit

Access Control

Role-based access, multi-factor authentication, principle of least privilege

Backup & Recovery

Regular encrypted backups, disaster recovery plan

Monitoring

24/7 security monitoring, intrusion detection systems

Security Testing

Regular penetration testing, vulnerability assessments

Staff Training

Regular data protection and security awareness training

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data Category Retention Period Justification
Account Data (active users) Duration of account + 2 years after closure Account management, legal obligations
Account Data (inactive users) 3 years of inactivity Platform operations, user re-engagement
Feedback Data 10 years (anonymized after 5 years) Historical analysis, government accountability
Technical Logs 12 months Security, troubleshooting, audit purposes
Marketing Data Until consent withdrawn Communication with consenting users
Aggregated/Anonymized Data Indefinite Research, analysis, public benefit
Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required for legal compliance or legitimate business purposes.

10. Cross-Border Data Transfers

We primarily store and process your personal data within Kenya. However, some of our service providers may be located outside Kenya. When transferring data outside Kenya, we ensure:

  • The destination country provides an adequate level of data protection as determined by the Office of the Data Protection Commissioner (ODPC); or
  • We implement appropriate safeguards, such as standard contractual clauses (SCCs) approved by the ODPC; or
  • The transfer is necessary for the performance of a contract with you or for your consent.
Data Localization: We prioritize Kenyan hosting providers to ensure data remains within Kenya's jurisdiction whenever possible.

11. Children's Data

Peace Pulse 254 is not intended for children under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that data promptly.

12. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. For detailed information, please see our Cookie Preferences page.

Types of Cookies We Use:
  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: Help us understand platform usage
  • Preference Cookies: Remember your settings
Your Cookie Choices:

You can manage your cookie preferences through our Cookie Preferences Center or by adjusting your browser settings.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Office of the Data Protection Commissioner (ODPC) within 72 hours of becoming aware of the breach
  • Communicate the breach to affected data subjects without undue delay
  • Document all breaches, including facts, effects, and remedial actions taken

You can report any suspected data breaches to our DPO at breach@peacepulse254.co.ke.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending an email notification to registered users (for significant changes)
  • Displaying a prominent notice on our platform

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Data Protection Officer

John Kamau
Email: dpo@peacepulse254.co.ke
Phone: +254 700 123 456

Physical Address

Peace Pulse 254
​3rd Floor, Nairobi Business Centre
P.O. Box 12345-00100
Nairobi, Kenya

Office of the Data Protection Commissioner (ODPC)

If you are not satisfied with our response, you have the right to lodge a complaint with the ODPC:

Website: www.odpc.go.ke
Email: info@odpc.go.ke
Phone: +254 20 222 2022
Address: P.O. Box 30917-00100, Nairobi, Kenya

By using Peace Pulse 254, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.