Privacy Policy

iACCESS is a digital Sexual and Reproductive Health and Rights (SRHR) platform operated by NairoBits Trust, a registered non-governmental organisation in Kenya. NairoBits Trust is the data controller responsible for your personal information collected through the iACCESS website, mobile platform, and iAgent service.

We collect only the information necessary to deliver our services. We never ask for more personal information than we need.

Information you provide directly

• Name and email address when you create an account or submit a form
• Voluntary health-related queries submitted to iAgent (our AI health companion)
• Stories, feedback, or other content you choose to share with us
• Donation information (processed securely by third-party payment providers)

Information collected automatically

• Device type, browser, and operating system (for technical compatibility)
• Pages visited and time spent on each page (for improving the platform)
• Approximate geographic location (county-level only, to show relevant providers)
• Cookies and similar tracking technologies (see our Cookie Policy)

We use the information we collect to:

• Provide and improve iACCESS services, including iAgent responses
• Personalise your experience (e.g., showing nearby health providers)
• Communicate updates, service notices, and health campaigns
• Analyse usage patterns to improve platform accessibility and content
• Comply with legal obligations and protect against misuse

Under Kenyan and applicable data protection laws, we process your data based on:

• Consent — when you opt in to receive communications or share stories
• Contract — when you create an account or use our services
• Legitimate interests — to improve our platform and keep it secure
• Legal obligation — when required by law or regulatory authorities

We do not sell your personal data. We only share information with:

• Service providers — trusted partners who help us operate the platform (e.g., hosting, analytics, payment processing)
• Health providers — only when you voluntarily contact them through the Health Finder
• Legal authorities — only when required by law or to protect safety

All third parties are bound by confidentiality agreements and data protection obligations.

We keep your personal information only as long as necessary:

• Account data — for as long as your account is active
• iAgent conversations — 90 days, unless you request earlier deletion
• Analytics data — anonymised after 12 months
• Donation records — 7 years for legal and tax compliance

You can request deletion of your data at any time by contacting us.

You have the following rights regarding your personal data:

• Access — request a copy of your personal data
• Correction — update inaccurate or incomplete information
• Deletion — request removal of your data ("right to be forgotten")
• Portability — receive your data in a usable format
• Objection — opt out of certain processing activities
• Withdraw consent — at any time, without affecting lawful processing before withdrawal

To exercise these rights, email privacy@nairobits.com.

iAgent uses AI to provide health information. Important privacy notes:

• Conversations are stored temporarily to improve response quality
• Your identity is not linked to conversation logs
• iAgent does not collect names, phone numbers, or location unless you voluntarily share them
• Conversations are reviewed by our health team for quality assurance (anonymised)

iAgent is not a substitute for professional medical advice. Always consult a qualified healthcare provider for personalised care.

iACCESS is designed for young people. We take extra care to protect minors:

• Users under 13 require parental consent to create an account
• iAgent is configured to provide age-appropriate information
• We do not knowingly collect data from children under 13 without consent
• Parents/guardians may request access to or deletion of their child's data

We implement appropriate technical and organisational measures to protect your data:

• SSL/TLS encryption for all data transmission
• Regular security audits and vulnerability assessments
• Access controls and staff training on data protection
• Incident response plan for data breaches

While we strive to protect your data, no online platform is 100% secure. Please use strong passwords and keep your account credentials confidential.

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Post the updated policy on this page with a revised effective date
• Notify active users via email or platform notification
• Highlight key changes at the top of this document

Last updated: 1 June 2026

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

We aim to respond to all privacy-related inquiries within 7 business days.