Controller & registration
- Data controller · RADA SAT SVC LTD — sole controller, Kenyan company.
- Registered office · Kapkong, Eldoret, Uasin Gishu County.
- ODPC registration · Application submitted; certificate number to be published here upon issuance.
- Data Protection Officer · rada@radaintelligence.com.
The eight principles (s. 25 of the Act)
RaDa Intelligence processes personal data in accordance with the eight principles set out in s. 25 of the Kenya Data Protection Act 2019:
1 · Lawfulness, fairness, transparency
Every processing operation has a lawful basis under s. 30 (most commonly performance of contract, consent, or legitimate interests). This page and the privacy policy spell out what we do and why.
2 · Purpose limitation
Data is collected for specified, explicit, and legitimate purposes — running the app, improving the calibration model so RaDa Intelligence understands the farm better, and sending the farmer sharper guidance the next time the satellite passes. It is not further processed in a manner incompatible with those purposes, and we do not sell or broker personal or farm-level data to third parties.
3 · Data minimisation
We collect only what we need. We do not collect background location, microphone, or contacts data. Disease photos are tagged with the 10 m pixel — not a precise GPS coord.
4 · Accuracy
You can correct any inaccurate data via Settings → Profile in the app, or by writing to rada@radaintelligence.com. Audit trails record every change.
5 · Storage limitation
Retention windows are published in the Data Governance page. Active account data persists for the life of the account; satellite telemetry rolls 24 months per farm; diagnostic logs are purged after 90 days.
6 · Integrity & confidentiality
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 on Google Cloud). Access to production data is logged and reviewed.
7 · Accountability
We maintain a register of processing activities. We publish postmortems when we discover and fix issues (e.g. the May 2026 region-misroute audit) — see the HANDOFF logs in the public repository.
8 · Lawful cross-border transfer
Personal data is transferred from Kenya to Google Cloud's europe-west1 region (Belgium) for storage and processing. The transfer is performed under standard contractual clauses recognised by the ODPC, and the receiving jurisdiction (EU) provides an adequate level of protection equivalent to the Act.
Rights of the data subject (Part V of the Act)
If you are in Kenya, you have the right to:
- Be informed of the use to which your personal data is to be put.
- Access your personal data held by the controller.
- Object to the processing of all or part of your personal data.
- Correction or deletion of false or misleading data about you.
- Erasure — see /account-deletion.
- Lodge a complaint with the ODPC at www.odpc.go.ke if you believe your rights have been infringed.
We respond to rights requests within 30 days. Send any such request to rada@radaintelligence.com.
Children
The service is not directed at children under 18. We do not knowingly collect data from children. If we become aware that we have, we delete it.
Sensitive personal data
We do not process special-category data under s. 44 of the Act (health, genetic, biometric, racial or ethnic origin, etc.). If a farmer voluntarily includes such data in a free-text field, we treat it under the Act's special-category rules and may ask for separate consent.
Breach notification
In the event of a confirmed personal-data breach materially affecting Kenyan data subjects, we will notify the ODPC within 72 hours and affected data subjects without undue delay, per s. 43 of the Act.
Contact
Data Protection Officer · rada@radaintelligence.com
RADA SAT SVC LTD
Kapkong · Eldoret · Uasin Gishu County · Kenya
Office of the Data Protection Commissioner
www.odpc.go.ke
See also: Privacy policy · Data Governance · Account deletion.