Sunsafe

Sunsafe Privacy Policy

Last Updated: 30th September, 2025

This Privacy Policy governs the collection, use, and protection of personal information through the Sunsafe mobile application and related services. Sunsafe is developed through a collaboration between Evonet Energy, Strathmore University, and partners to provide essential tools for manufacturers, technicians, retailers, and end-users to design and verify safe, reliable component-based solar systems (CBSS) in Kenya.

Sunsafe is a smartphone application that uses QR code technology to help users size solar systems, verify component compatibility, and ensure safe installations. Our mission is to power confidence in Kenya's solar energy sector by eliminating guesswork and promoting standards-compliant solar installations. The application serves as a bridge between complex electrical data and simple, actionable reports, enabling anyone to instantly assess component compatibility and energy balance.

This Privacy Policy complies with the Data Protection Act, 2019, the Consumer Protection Act, 2012, and the Energy (Solar Photovoltaic Systems) Regulations of Kenya. By downloading, installing, or using the Sunsafe app, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. The policy applies to all users of the Sunsafe app, including manufacturers, consumers, technicians, and retailers operating within Kenya's solar energy ecosystem.

1. Information We Collect

1.1 Personal Information

When you create an account and use the Sunsafe app, we collect essential personal information necessary for service delivery and user verification. This includes your full name, contact details such as phone number and email address, and physical and postal addresses for service coordination. For professional users including manufacturers, technicians and retailers, we also collect professional credentials and certifications to ensure service quality and regulatory compliance.

Business users must provide business registration information, including relevant licenses and permits required for solar installation and retail activities in Kenya. Where required by law or for enhanced security, we may collect national identification or passport information to verify user identity and prevent fraudulent activities within our platform.

Location data represents a critical component of our service delivery, collected with your explicit consent to provide accurate system sizing recommendations and connect you with nearby service providers. This includes GPS coordinates for installation sites, regional and county-level location data for service optimization, and geographic information necessary for compliance with local regulations and standards.

Professional information collection focuses on ensuring service quality and regulatory compliance across our network. We maintain records of technical qualifications and experience levels, training completion records and certifications, professional licensing information relevant to solar installation activities, and work history and references used for verification purposes during the registration process.

1.2 Technical and Usage Information

Our app collects comprehensive technical information to ensure optimal performance, user experience and to prevent unauthorized access to user accounts. Device information includes device type, model, and operating system version to ensure compatibility and optimize app performance.

App version and installation details help us track feature adoption and identify potential compatibility issues across different device configurations. Camera access permissions are specifically required for QR code scanning functionality, which represents a core feature of the Sunsafe application for component verification and system design.

Usage analytics provide valuable insights into user behavior and app performance, enabling continuous improvement of our services. We track app interaction patterns and feature usage statistics to understand which tools are most valuable to different user types. Time spent on different app sections helps us optimize user interface design and prioritize feature development based on actual usage patterns.

Error logs and crash reports are automatically collected to identify and resolve technical issues quickly, while performance metrics and optimization data help us maintain fast, responsive app performance across various device configurations and network conditions commonly found in Kenya.

Solar system data represents the core value proposition of our application, encompassing component specifications and compatibility information verified through QR code scanning. We store system sizing calculations and recommendations to provide consistent service and enable future system modifications or expansions.

Installation reports and system performance data enable quality monitoring and warranty support for completed installations. Energy consumption patterns and load assessments help refine our sizing algorithms and provide more accurate recommendations for future users with similar requirements.

1.3 Communication Records

We maintain comprehensive records of all communications to ensure service quality and regulatory compliance. Customer support interactions and correspondence are retained to track issue resolution and identify common challenges faced by users. Feedback submissions and app reviews provide valuable insights for continuous improvement and feature development.

Training session participation records are maintained for professional users to track continuing education requirements and certification status. Complaint reports and resolution documentation ensure accountability and help identify systemic issues that may require policy or procedural changes.

2. How We Use Your Information

2.1 Primary Service Delivery

The primary purpose of data collection is to deliver accurate, reliable solar system design and verification services. We use your energy requirements and consumption patterns to calculate appropriate solar system sizes that meet your specific needs while ensuring safety and regulatory compliance. Component compatibility verification through QR code scanning helps prevent installation of incompatible or counterfeit components that could compromise system performance or safety.

Installation reports and system documentation generated through our platform provide technicians and users with clear, data-backed guidance for safe and efficient installations. Technical recommendations and safety guidelines are customized based on local conditions, regulatory requirements, and specific system configurations to ensure optimal performance and compliance with Kenyan standards.

Quality assurance represents a fundamental aspect of our service delivery, ensuring that all recommendations and verifications comply with Kenyan electrical and safety standards. We continuously verify the authenticity of solar components and equipment in our database, monitor installation quality and performance outcomes through user feedback and system data, and facilitate warranty claims and technical support when issues arise.

2.2 User Experience Enhancement

Personalization of the app experience ensures that each user type receives relevant information and tools appropriate to their role in the solar energy ecosystem. We customize the app interface based on whether you are a manufacturer, technician, retailer, or consumer, providing relevant training materials and technical resources tailored to your experience level and professional requirements.

Location-specific recommendations and services help users access appropriate local resources and comply with regional regulations. We adapt content presentation to match user skill levels and experience, ensuring that complex technical information is presented in an accessible format for all users while maintaining the depth required for professional applications.

Performance optimization efforts focus on improving app functionality and user interface design based on actual usage patterns and feedback. We continuously work to optimize QR code scanning accuracy and speed, enhance system calculation algorithms based on real-world performance data, and reduce loading times while improving overall app responsiveness across various device configurations.

2.3 Professional Network Development

Technician and retailer verification processes ensure service quality and consumer protection within our ecosystem. We verify professional credentials and qualifications to maintain high standards across our network, maintain a comprehensive directory of certified technicians and authorized retailers, and facilitate connections between consumers and qualified service providers.

Service quality monitoring involves tracking customer satisfaction and performance outcomes to identify top-performing professionals and address any service issues promptly. This continuous monitoring helps maintain trust and reliability within the Sunsafe ecosystem while protecting consumers from substandard service delivery.

Training and capacity building initiatives support professional development within Kenya's solar energy sector. We track training program participation and completion to ensure ongoing skill development, assess competency levels and provide targeted additional training where needed, and issue digital certificates and professional recognition for completed programs.

2.4 Research and Development

Research and development efforts enhance the accuracy, usability, and reliability of the Sunsafe platform. We collaborate with engineering teams, academic researchers, and industry partners to improve system-sizing algorithms, expand our verified component database, optimize QR code scanning capabilities, and evaluate new solar technologies.

Academic research collaboration with Strathmore University and international partners contributes to renewable energy research initiatives and supports academic programs focused on sustainable energy solutions. We facilitate knowledge sharing with international development organizations and publish anonymized research findings and best practices that benefit the broader renewable energy community.

3. Information Sharing and Disclosure

3.1 Authorized Service Providers

Within our verified network of manufacturers, technicians, and retailers, we share relevant customer requirements to facilitate appropriate service delivery while maintaining strict confidentiality standards. We facilitate secure communication between consumers and service providers while maintaining oversight to ensure service quality and consumer protection.

Quality monitoring and performance tracking require limited data sharing to ensure accountability and continuous improvement across our service network. This sharing is strictly limited to information necessary for service delivery and quality assurance, with all parties bound by confidentiality agreements and data protection requirements.

Certification status is shared with relevant authorities where required for regulatory compliance, and we support international knowledge exchange programs that advance solar energy adoption and best practices.

3.2 Regulatory Compliance Sharing

Government authorities may receive installation data where required by energy regulatory frameworks or consumer protection laws. Safety incident reports are shared with relevant agencies to ensure rapid response and prevent similar incidents across the industry. Market data may be provided to support policy development purposes, always in aggregated, anonymized format that protects individual privacy while supporting evidence-based policy making.

Legal requests and regulatory investigations receive full cooperation within the bounds of applicable law and user privacy rights. We maintain clear procedures for responding to lawful requests while protecting user privacy and ensuring that any data sharing is limited to what is legally required and proportionate to the investigation's scope.

Standards organizations including the Kenya Bureau of Standards (KEBS) receive component performance data necessary to maintain and improve solar industry standards. We report counterfeit or substandard products to appropriate authorities to protect consumers and maintain market integrity. Quality assurance and consumer protection initiatives benefit from our data contributions while maintaining strict privacy protections for individual users.

3.3 Research and Academic Partnerships

Academic research partnerships involve sharing of aggregated, non-personal data that contributes to renewable energy adoption studies and policy research. We support academic studies on renewable energy adoption patterns, contribute to policy research and development initiatives, and facilitate international development cooperation through evidence-based insights derived from our platform data.

All research data sharing involves strict anonymization procedures that prevent identification of individual users while providing valuable insights for advancing solar energy adoption and improving service delivery across the sector. Research partnerships are governed by formal agreements that ensure data protection and limit use to approved research purposes.

3.4 Emergency and Safety Situations

Safety incidents may require sharing of relevant information with emergency services to ensure rapid response and appropriate technical assistance. We report safety hazards to appropriate authorities and coordinate response efforts for system failures or accidents that could affect public safety. Technical assistance during emergencies may involve sharing system specifications and installation details with qualified emergency responders.

Emergency data sharing is strictly limited to information necessary for public safety and emergency response, with clear procedures for determining when such sharing is appropriate and ensuring that privacy is protected to the maximum extent possible while addressing safety concerns.

4. Data Protection and Security

4.1 Technical Security Measures

Data encryption represents the foundation of our security approach, with all personal data encrypted both in transit and at rest using industry-standard protocols. We employ AES-256 encryption for data storage and secure communication channels for all data transmission between the app and our servers. Regular security audits and vulnerability assessments ensure that our security measures remain effective against evolving threats.

Access controls limit data exposure through multi-factor authentication for administrative access and role-based access controls that ensure users can only access information necessary for their functions. Regular access reviews and permission updates maintain security integrity, while secure backup and disaster recovery procedures ensure resilience against various threat scenarios.

Network security measures include firewalls, intrusion detection systems, and continuous monitoring for suspicious activities. We maintain secure development practices throughout our software development lifecycle and conduct regular penetration testing to identify and address potential vulnerabilities before they can be exploited.

4.2 Organizational Security Measures

Clear data handling procedures and protocols provide specific guidance for data access, processing, storage, retention, and deletion. Confidentiality agreements bind all team members to strict data protection requirements, and internal audit mechanisms ensure ongoing compliance with established procedures.

Incident response procedures and reporting mechanisms ensure rapid detection and response to potential security incidents. A designated Data Protection Officer oversees compliance efforts, maintains data protection documentation, and conducts regular privacy impact assessments on new features.

Vendor and third-party management includes contractual data protection obligations, regular security assessments, and continuous monitoring to ensure all partners meet required standards and legal obligations.

4.3 Data Breach Response

Incident management procedures ensure immediate containment, mitigation, and assessment of security incidents to minimize potential impact. Notifications to authorities occur within legal timeframes, and affected users are informed promptly where required.

Comprehensive investigation and remedial action ensure that vulnerabilities are identified and addressed. Post-incident reviews support continuous improvement of security protocols and technical safeguards.

5. Your Privacy Rights

5.1 Access and Correction Rights

You have the right to request access to the personal data we hold about you, receive explanations of how your data is used, and obtain copies in machine-readable format. You may also request corrections to inaccurate or incomplete data.

Once corrections are made, we provide confirmation and maintain audit trails of all data modification activities to support transparency and accountability.

Data portability enables you to receive your data in structured formats or request direct transfer to another service provider where technically feasible.

6. Data Retention and Deletion

6.1 Retention Periods

Personal account information is retained while your account is active and for three years afterward to support warranty claims and regulatory compliance. Professional credentials are retained for five years after last verification.

Installation reports, system designs, and component verification data may be retained for up to ten years due to safety, compliance, and warranty requirements.

Usage analytics are anonymized after two years for research and development purposes.

6.2 Deletion Procedures

Inactive accounts are automatically deleted after three years of inactivity. Marketing data is deleted immediately upon opt-out. Location data is retained for one year unless otherwise required for ongoing services.

Users may request manual deletion at any time, with processing completed within 30 days after verification. Secure deletion ensures that removed data cannot be recovered.

7. International Data Transfers

7.1 Transfer Safeguards

International transfers occur only where adequate legal and technical safeguards exist. Countries with insufficient legal frameworks require contractual protections to ensure equivalent data protection.

We regularly update transfer protocols to align with evolving legal requirements and best practices.

7.2 Cross-Border Collaboration

Cross-border data sharing for research purposes is strictly anonymized. All international partnerships operate under formal agreements governing data use, protection, and retention.

8. Children’s Privacy

8.1 Age Restrictions

Users under eighteen require explicit parental consent. Enhanced protections apply to all data collected from minors.

8.2 Parental Rights

Parents may request access to, correction of, or deletion of their children’s data. Notification and oversight mechanisms ensure safe use of the platform by minors.

9. Cookies and Tracking Technologies

9.1 Cookie Usage

Essential cookies support authentication, session management, and security. Analytics cookies help optimize performance, identify issues, and guide feature development. Optional marketing cookies require explicit consent.

9.2 Cookie Management

Users can manage cookie preferences through in-app settings. Non-essential cookies may be disabled without affecting core functionality.

10. Third-Party Services and Integrations

10.1 Payment and Financial Services

Payment processors follow PCI-DSS standards. We do not store full payment card data, relying on tokenization and secure processor systems.

10.2 Cloud Services

Cloud providers must comply with security and data protection requirements. Contracts govern processing, storage, and breach notifications.

10.3 Manufacturer Integrations

Manufacturer integrations support product verification and warranty services. Users may opt out of marketing communications while retaining warranty support.

11. Updates and Modifications

11.1 Policy Update Procedures

Email and in-app notifications inform users of policy changes. Significant updates require renewed consent.

11.2 App Updates

App updates with privacy implications include explanations and consent requests where required. Version history is maintained for transparency.

12. Contact Information and Complaint Procedures

12.1 Privacy Contacts

For privacy inquiries:
Email: privacy@sunsafe-energy.com
Support: support@sunsafe-energy.com
Phone: +254780113105

All privacy inquiries are logged, tracked, and resolved with priority handling.

12.2 Complaint Resolution

Complaints are acknowledged within two business days and resolved within fifteen days for most cases. Unresolved complaints may be escalated to senior management or legal counsel.

Users may file complaints with the Office of the Data Protection Commissioner (ODPC):
https://odpc.go.ke

13. Legal Basis and Compliance Framework

13.1 Lawful Basis for Data Processing

Data processing is based on consent, contract performance, legal obligations, and legitimate interests as defined under the Data Protection Act of Kenya.

13.2 Compliance Framework

Compliance covers Kenyan laws including the Data Protection Act 2019, Consumer Protection Act 2012, Energy Act 2019, and Computer Misuse and Cybercrimes Act 2018.

14. Governing Law and Dispute Resolution

14.1 Applicable Law

This Privacy Policy is governed by the laws of Kenya. Interpretation follows Kenyan legal standards and relevant international best practices.

14.2 Dispute Resolution

Mediation and arbitration may be used for resolving disputes. Legal proceedings occur within Kenyan courts where required.

15. Acknowledgment and Effective Date

15.1 User Acknowledgment

By using the Sunsafe app, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein.

15.2 Effective Date

This Privacy Policy is effective as of 30th September, 2025.