RaDa·Kapkong · Eldoret
Contact →
Privacy

Privacy policy.

Last updated · 14 May 2026

This policy explains how RADA SAT SVC LTD (“RaDa Intelligence”), a Kenyan company registered in Eldoret, collects, uses, stores, and protects your personal data when you use radaintelligence.com, the RaDa mobile app (Agent or Farmer), or any RaDa service that links to this notice.

The short version

  • We collect only what we need to run the service.
  • We store personal data in the EU (europe-west1) by architectural decision.
  • We do not sell your data. We do not run third-party ad trackers on the website.
  • You can delete your account at any time — see /account-deletion.
  • Questions: rada@radaintelligence.com.

Who is the data controller?

The sole data controller for the RaDa mobile app, the website, and all connected services is RADA SAT SVC LTD, a Kenyan company registered in Eldoret, Uasin Gishu County.

RaDa Intelligence is the product operated by RADA SAT SVC LTD. A future European controller may be established as the service expands; this policy will be updated if and when that happens.

What we collect

From the mobile app

  • Account identifiers — Firebase Auth record, sign-in email, Google OAuth identifier (if you sign in with Google), display name.
  • Profile data — first name, phone number, county, preferred language, optional photo.
  • Farm data — farm boundary polygons you draw or walk, pixel maps derived from those boundaries, planting and harvest records you enter.
  • Observations — disease-check photos, field-report notes, calibration captures, farm-walk GPS tracks. Each observation is tagged with the device's coarse location at capture time (the 10 m satellite pixel) — not a fine-grained movement history.
  • Device & diagnostic — app version, device model, OS version, FCM push token, crash logs, sync queue metadata.

From the website

  • Server-side request logs (IP, user-agent, path, status code) retained 30 days for security and abuse prevention.
  • Anonymised page-level traffic counts via Firebase Hosting's built-in metrics. No cross-site cookies, no ad networks, no third-party analytics SDKs.

What we do NOT collect

  • Continuous background location.
  • Microphone or contacts data.
  • Health, financial-account, biometric, or other special-category data.
  • Children's data — the service is not directed at children under 13.

Why we collect it (legal basis)

  • Performance of the service (GDPR Art. 6(1)(b); KE DPA s. 30(1)(b)) — authenticating you, rendering your farms, syncing observations, delivering alerts.
  • Legitimate interests (GDPR Art. 6(1)(f); KE DPA s. 30(1)(f)) — improving the calibration model, debugging the app, preventing abuse.
  • Consent (GDPR Art. 6(1)(a); KE DPA s. 30(1)(a)) — push notifications, optional research enrolment, optional retention of anonymised observations after deletion.

Where the data lives

Personal data is stored in Google Cloud Platform's europe-west1 (Belgium) region. The choice is architectural, not regulatory cover: it gives us GDPR baseline by default, faster latency to East Africa than US regions, and clean separation from any future AWS exposure.

Cross-border transfer from Kenya to the EU is performed under standard contractual clauses recognised by the Office of the Data Protection Commissioner (Kenya) and Schrems II-compliant safeguards on the EU side.

Who else processes the data

We use the following sub-processors. None of them are permitted to use your data for their own purposes:

  • Google Cloud Platform / Firebase — hosting, auth, database, storage, push.
  • Google Earth Engine — satellite-imagery processing on aggregated farm polygons.
  • Google Vertex AI — model inference for disease classification and stress detection.
  • Mapbox — base-map tiles in the app (when offline tiles are unavailable).
  • Workspace email (Google) — for inbound and outbound mail at radaintelligence.com.

How long we keep it

  • Active account data — for the life of your account. Logs of changes you make (audit trail) are retained 24 months.
  • Satellite telemetry per farm — 24 months rolling per farm (“digital twin depth”).
  • Diagnostic logs — 90 days, then purged.
  • Backups — encrypted, 90-day rolling window, then overwritten.
  • After account deletion — see /account-deletion for the full erasure timeline and the narrow set of items that may persist in anonymised form.

Your rights

Under GDPR and Kenya DPA 2019 you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Erase your data (see /account-deletion).
  • Object to processing based on legitimate interests.
  • Port your data to another controller in a structured, machine-readable format.
  • Lodge a complaint with your supervisory authority — the EDPB in the EU, or the Office of the Data Protection Commissioner in Kenya.

We respond to all rights requests within 30 days. Send any such request to rada@radaintelligence.com.

Security

  • Transport: TLS 1.2+ for everything on the wire.
  • Storage: encryption at rest on Google Cloud (AES-256, Google-managed keys).
  • Access: principle of least privilege; production access logged and reviewed.
  • Breach disclosure: within 72 hours of confirmed material breach, per GDPR Art. 33 and KE DPA s. 43.

Changes to this policy

We will update this page when material changes occur and bump the “Last updated” date above. We will additionally notify active users by in-app message for changes that expand the scope of processing.

Contact

Privacy & general contact · rada@radaintelligence.com

RADA SAT SVC LTD
Kapkong · Eldoret · Uasin Gishu County, Kenya

See also: Data Governance · Kenya DPA 2019 notice · Account deletion.