Privacy Policy
Last updated: June 5, 2026 ·
Effective date: June 5, 2026 ·
Compliant with the Kenya Data Protection Act, 2019
1. Who we are
SahihiMinds ("we", "us", "our") is a mentorship platform operated by Sahihi Media, a company registered in Kenya. Our platform is accessible at https://minds.sahihimedia.co.ke. For data protection purposes, Sahihi Media is the data controller.
Contact: admin@sahihimedia.co.ke · Nairobi, Kenya
2. What data we collect
We collect the following categories of personal data:
- Account data: name, email address, password (stored as a bcrypt hash — never in plain text), role (mentor/mentee), and profile photo.
- Profile data: skills, goals, industry, location (city-level), bio, social links, and professional experience you voluntarily provide.
- Usage data: pages visited, features used, session duration, and device/browser type (collected via server logs).
- Communications: messages sent between mentors and mentees on the platform.
- Authentication data: OAuth tokens from Google/LinkedIn if you use social login (we store only your email and profile name — never passwords from third parties).
- Technical data: IP address, browser type, operating system, and referrer URL.
We do not collect financial data. Payment processing (when available) will be handled by a compliant third-party processor (e.g., M-Pesa, Stripe) and we will not store card numbers.
3. How we use your data
- Providing and improving the SahihiMinds platform
- Matching mentors and mentees using our compatibility algorithm
- Sending transactional emails (OTP codes, session reminders, notifications)
- Sending inactivity reminders and platform updates (you can unsubscribe)
- Moderating content and enforcing our Terms of Service
- Generating anonymised, aggregated analytics (no individual is identified)
- Complying with legal obligations under Kenyan law
4. Legal basis for processing (Kenya DPA 2019)
Under the Kenya Data Protection Act 2019, we process your data on the following bases:
- Contract performance: To deliver the services you signed up for.
- Legitimate interests: Platform security, fraud prevention, and service improvement.
- Consent: For marketing emails and optional cookies. You may withdraw consent at any time.
- Legal obligation: Where required by Kenyan law.
5. Data sharing
We do not sell your personal data. We share data only with:
- Matched mentors/mentees: Your profile (name, photo, skills, bio) is visible to users you are matched or connected with.
- Service providers: Email delivery (SMTP provider), cloud hosting (cPanel/shared hosting), and analytics — under data processing agreements.
- Law enforcement: When required by a valid Kenyan court order or legal process.
6. Data retention
- Active accounts: data retained while the account is active.
- Deleted accounts: personal data deleted within 30 days of account deletion, except where required for legal compliance.
- Audit logs: retained for 12 months for security and compliance purposes.
- Messages: retained for the duration of the mentorship plus 6 months.
7. Your rights (Kenya DPA 2019, Section 26)
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data ("right to be forgotten"), subject to legal retention requirements.
- Object to processing based on legitimate interests.
- Withdraw consent for marketing communications at any time.
- Data portability — receive your data in a structured, machine-readable format.
To exercise any of these rights, email admin@sahihimedia.co.ke with the subject line "Data Request — [Your Name]". We will respond within 21 days as required by the DPA.
8. Security
We use industry-standard security measures including HTTPS (TLS), bcrypt password hashing, prepared statements (SQL injection prevention), CSRF tokens, and rate limiting on authentication. No system is 100% secure; we encourage you to use a strong, unique password.
9. Cookies
We use only essential session cookies (to keep you logged in) and do not use third-party advertising or tracking cookies. No cookie banner is required for essential cookies under Kenyan law.
10. Children
SahihiMinds is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us immediately.
11. Changes to this policy
We may update this policy. We will notify registered users by email and update the "Last updated" date above. Continued use of the platform after changes constitutes acceptance.
12. Contact & complaints
For privacy questions: admin@sahihimedia.co.ke.
If you believe your rights under the Kenya DPA have been violated, you may lodge a complaint with the Office of the Data Protection Commissioner of Kenya at odpc.go.ke.