DATA_PROTECTION

Privacy Policy

Last updated: June 10, 2025

Compliant with Kenya Data Protection Act 2019

1. Introduction

NeuroCAR Ltd ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the Kenya Data Protection Act 2019.

Data Controller:

NeuroCAR Ltd, Nairobi, Kenya

Email: privacyneurocar@gmail.com

2. Legal Basis for Processing

We process your personal data under the following lawful bases as per the Kenya Data Protection Act 2019:

  • Consent: For marketing communications and optional features
  • Contract: To provide our blockchain vehicle management services
  • Legitimate Interest: For service improvement, security, and fraud prevention
  • Legal Obligation: To comply with Kenyan regulatory requirements

3. Information We Collect

3.1 Personal Information

  • Name and contact details (email, phone number)
  • Authentication credentials (for Google, email, passkey login)
  • Wallet addresses and blockchain identifiers
  • Identity verification documents (as required under Kenyan law)

3.2 Vehicle Information

  • Vehicle identification numbers (VIN)
  • Registration details and ownership documents
  • Maintenance and service records
  • Vehicle specifications and condition reports
  • Diagnostic data and performance metrics

3.3 Technical Information

  • IP addresses and device identifiers
  • Browser type and operating system
  • Usage patterns and interaction data
  • Blockchain transaction data
  • Cookies and similar tracking technologies

4. How We Use Your Information

Service Provision

  • Creating and managing vehicle NFTs
  • Recording maintenance and service history
  • Facilitating marketplace transactions
  • Providing AI diagnostic services
  • Connecting with digital mechanics

Communication and Support

  • Responding to inquiries and providing support
  • Sending service notifications and updates
  • Marketing communications (with consent)

Security and Compliance

  • Fraud prevention and security monitoring
  • Compliance with Kenyan legal obligations
  • Platform integrity and abuse prevention

5. Information Sharing and Disclosure

We may share your information with:

Service Providers

  • Blockchain infrastructure providers (Avalanche network)
  • Authentication services (Google, Thirdweb)
  • Cloud hosting and storage providers
  • Analytics and monitoring services

Legal Requirements

We may disclose information when required by Kenyan law, court order, or to protect our rights and safety.

Blockchain Transparency

Certain information stored on the blockchain becomes publicly accessible by design, including transaction records and NFT metadata.

6. Data Retention

Personal Data: Retained for as long as you have an active account plus 7 years for legal compliance under Kenyan law

Vehicle Records: Maintained indefinitely to preserve vehicle history integrity

Blockchain Data: Immutable and permanently stored on the blockchain

Technical Logs: Retained for up to 12 months for security and analytics

7. Your Data Protection Rights

Under the Kenya Data Protection Act 2019, you have the following rights:

Right of Access

Request copies of your personal data

Right to Rectification

Request correction of inaccurate personal data

Right to Erasure

Request deletion of personal data (subject to blockchain immutability)

Right to Restrict Processing

Request limitation of how we process your data

Right to Data Portability

Request transfer of your data to another service

Right to Object

Object to processing based on legitimate interests

Important: Some rights may be limited for data stored on the blockchain due to its immutable nature. We will work with you to address your requests within the technical constraints of blockchain technology.

8. Data Security

We implement comprehensive security measures in compliance with Kenyan data protection requirements:

  • Encryption of data in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication systems
  • Blockchain immutability for critical records
  • Incident response and monitoring procedures
  • Staff training on data protection principles

9. International Transfers

We may transfer your data outside Kenya to our service providers. When we do so, we ensure adequate protection through mechanisms approved under Kenyan data protection law:

  • Adequacy decisions by the Office of the Data Protection Commissioner (ODPC)
  • Standard contractual clauses
  • Binding corporate rules
  • Appropriate safeguards as required by law

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential functionality and security
  • Performance monitoring and analytics
  • Personalization and user preferences
  • Marketing and advertising (with consent)

You can control cookies through your browser settings. Some features may not work if you disable cookies.

11. Children's Privacy

NeuroCAR is not intended for users under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information immediately in accordance with Kenyan law.

12. Changes to This Policy

We may update this Privacy Policy periodically in compliance with Kenyan data protection requirements. Significant changes will be communicated through the platform or via email. The "last updated" date at the top indicates when changes were made.

13. Contact Us and Data Protection Officer

For privacy-related inquiries or to exercise your rights:

Email: privacyneurocar@gmail.com

Data Protection Officer: privacyneurocar@gmail.com

Address: NeuroCAR Ltd, Nairobi, Kenya

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe we have not handled your personal data properly.

ODPC: https://odpc.go.ke/