Privacy notice
How RxWell handles your data
Plain-language summary of what we collect and what we don't. Written to comply with the Kenya Data Protection Act 2019 and GDPR principles. Last updated 2026-05-21.
If you're a pharmacist checking in
You don't have an account. We don't ask for your name, email, phone number, or any other contact detail. The only things stored against your check-in are:
- The age band and gender you selected.
- Your answer to each of the five themed questions.
- The week of the year.
- A random per-submission identifier with no link back to you.
A short-lived cookie is placed on your browser when you submit, so the same device can't accidentally check in twice in the same week. The cookie carries no identifying information either.
If you're on the wellbeing team
We hold the bare minimum to give you an account:
- Your work email.
- Your name.
- A salted password hash (we never see your password).
- Which organisation you belong to, if any.
- An audit log of the actions you take in the app.
What the wellbeing team can and cannot see
- The wellbeing team only ever sees anonymised aggregates, never an individual response.
- They never see who submitted, and never see a list of who has or has not checked in.
- If you choose to reach out, you share the contact details you enter on that form so the team can follow up. Your check-in answers stay anonymous and are never linked to your request.
How we keep it safe
- All traffic is encrypted in transit (TLS).
- Identity data (wellbeing team accounts) and response data live in two separate database files with no shared keys at the SQL layer.
- Database backups are kept for three days and rotated.
Your rights under the Kenya Data Protection Act 2019
Because pharmacist check-ins are fully anonymous, we cannot identify any specific submission as yours, even at your own request: the data isn't yours in the legal sense, because we have no way to link it back. Because there is no link to you, there is nothing we could single out to remove.
For wellbeing team accounts, you can:
- Access a copy of your account data.
- Correct anything that's wrong.
- Delete your wellbeing team account.
- Lodge a complaint with the Office of the Data Protection Commissioner in Kenya.
How to reach us
Email hello@rxwell.co.ke with any data question. We aim to respond within seven calendar days.
Retention
Anonymised response data is kept for as long as the pilot organisation contracts with us (typically a rolling 24 months) so we can show trend lines that are actually useful. Wellbeing team accounts are kept while active.
Changes to this notice
If we make material changes we'll notify the wellbeing team in-app before the change takes effect. Minor wording changes will be reflected in the "Last updated" date at the top.