Curis Super Administrator Data Policy

Effective Date: January 11th, 2025

Last Updated: March 21st, 2025

Product Name: Curis

Product Owner: Citrus Labs Limited

At Citrus Labs Limited, we value and protect your privacy. As a Super Administrator on Curis, your access comes with enhanced responsibility. This policy outlines how we collect, use, protect, and manage your data in compliance with Kenya's Data Protection Act, 2019.

1. Introduction

This Data Policy is designed to explain what data we collect from Super Administrators, why we collect it, and how we protect it. The policy also highlights your rights and how to exercise them.

2. Information We Collect

As a Super Administrator, we may collect the following:

  • Personal Data: Full name, contact details, government-issued ID, login credentials, and communication history.
  • Technical Data: Device type, IP address, browser version, session logs.
  • Usage Data: Admin dashboard activities, system configurations, user permission logs.

3. How We Use Your Data

Your information is used strictly for:

  • Managing system-wide configurations and user accounts
  • Enhancing system performance and troubleshooting
  • Compliance with legal obligations
  • Monitoring access and ensuring platform integrity

4. Data Sharing

We do not sell your data. However, we may share limited data:

  • With authorized service providers under binding data protection agreements
  • When required by law or court order
  • With your consent for specific integrations or services

5. Data Security

We implement robust security protocols:

  • End-to-end encryption (AES-256)
  • Role-based access control
  • 24/7 system monitoring
  • Breach response protocols and regular security audits

6. Your Rights

As per the Kenya Data Protection Act:

  • You have the right to access, rectify, delete, or restrict your data
  • You may object to data processing or request data portability
  • Deletion or export tools are available within the dashboard under Settings > Data Management

7. Cookies & Tracking

We use cookies to:

  • Maintain session integrity
  • Collect analytics for performance optimization
  • Personalize administrative tools

Manage preferences under Settings > Cookie Preferences

9. Data Retention

  • Active Accounts: Data retained indefinitely for compliance and security
  • Suspended/Inactive Accounts: Retained for 5 years
  • Deleted Accounts: Fully erased after 90 days

10. Policy Updates

We may update this policy. Notifications will be issued via:

  • Platform alerts
  • Email communication

A version history is maintained under the Data Policy page for reference.

11. Contact Us

For questions or concerns:

  • Email: legal@citruslabs.co.ke
  • Phone: +254 112 400 000
  • Mail: P.O. Box 23983 - 00100, Nairobi, Kenya

For DPO-specific issues, use the Data Protection Officer Contact Form available on your dashboard.

By continuing to use your Super Administrator account, you confirm that you have read, understood, and agreed to this Data Policy.

Quick Navigation

Print Policy Download PDF