Welcome to Baobab Circle Limited privacy policy.

We respect your privacy, and we want you to know why we need certain information from you, what we are doing with it, and how we are keeping it secure.


1.0 What this policy covers

This policy explains how we use your data to deliver our healthcare service through

  • Afya Pap mobile app

  • Afya Pap USSD service

  • Call a doctor service

  • Ask a doctor service

  • Afya Pap Medic service

  • Symptom checker

  • Any beta versions of our apps

  • Our websites www.baobabcircle.com and www.afyapap.com

  • Our portals www.caregiver.afyapap.com/dashboard

  • Some of our services we offer with our partners, or on behalf of them

  • The technology we use to support our users’ and partners' services

Baobab Circle Ltd is the creator of Afya Pap health app and is also the Data Controller and our partners are the Data Processors. This means that Baobab Circle is responsible for how we handle and use your data.

Afya Pap is a telehealth service for self-monitoring, self-management, remote-monitoring, and teleconsultation. It provides access to quality healthcare and it also helps users to better manage their health.

Afya Pap is officially operational in Kenya, Uganda, and Zimbabwe what we refer to as “Our markets”

2.0 What data do we hold and how do we get it

2.1 Personal details

When you register to Afya Pap, we will ask you for the following information:

  • Your name

  • Mobile number

  • Your date of birth

  • Your gender

  • The hospital of institution you are associated with

  • Your height

  • Your weight

  • Your BMI

  • Pregnancy status for Female users

  • Email address

  • Payment details

The information you give us must be accurate. If you give us information about yourself or another person, you're confirming that you're authorized to do so.

2.2 Health, your conditions and therapy.

When you use our services, we may collect information about your health, your conditions and therapy:

When capturing your medical conditions we may also request for the medication you may currently be using as shown below.

  • Condition: Diabetes Blood sugar information

    • Type of diabetes

    • Year diagnosed

    • Blood glucose target

    • Your Hab1C target

    • Your associated medications.

    • Complications

      • Foot problems

      • Numbness/ Tingling/Pain

      • Diabetes eye

  • Condition: Hypertension Blood pressure information

    • Your associated medication

  • Condition: High cholesterol

    • Confirming if you have high cholesterol

  • Condition: Cardiac history

    • Confirming if you have cardiac history

  • How you feel: Your mood

    • Anytime you input your BS or BP, we will ask you to select your mood

    • Also you may be able to directly capture your mood through our mood tracker.

  • Symptoms checker: Coronavirus/Covid-19

    • Cough and sneezing

    • Fever (High Body temperature)

    • Shortness of breath or breathing difficulty

    • Sore throat

    • Headache

    • Tiredness

    • Travel history/ interaction with a person from Covid-19 high-risk areas

    • Confirmation that your symptoms are similar to Covid-19.

Some of this information will come directly from you, while others may come from our other platforms such as the Afya Pap Medic app from your interaction with our doctors.


If you download Afya Pap and register for the service, then later you change your mobile handset, your account including your personal and health data will be updated from your profile saved in our system on the cloud.


If you also use our Health Data service, your health data will be visible to Afya Pap medical doctors as well as to your personal doctors through the Afya Pap caregiver portal.


Details of your interactions with us

We also store copies of your consultations with our medical doctors for purposes of quality control and service improvement of our services. This is to give us an easy way to perform quality checks of consultations in order to ensure both our service level agreements and quality standards are met.

And, if you have consented for us to collect we may use your data to improve our services. This includes

  • Your personal health data you record on Health Data section.

  • Your mood capture.

  • Your calls with the doctors on Afya Pap Call A Doctor

  • Your chats with the doctors Afya Pap Ask A Doctor

  • Your interactions with our Symptom Checker

  • Your emails, calls or live chat conversations with our support team

  • Video and/or audio recordings from consultations

  • Images and other files shared with our doctors

We keep your health and medical data secure by applying technical and organizational measures to protect it.

2.3 Data from other sources

We might also receive some data about you and your health from other devices and services.


This will only happen if you've agreed to share that data with us. For example, if you decided to share information collected from a smart glucometer, smart pressure meter or smartwatch with our app.

Credit and debit card information

If you make a payment on the app, your credit or debit card or mobile payment details are processed by a third-party payment provider.


We don't store any of your credit card, debit card or mobile payment information and we only keep details of the transactions on our secure servers.

Technical information and analytics

When you use our app, our portals or visit our websites, we may collect the following data, where this is allowed by your device or browser settings:

  • Login details

  • Operating system

  • The make and model of your device

  • Resettable device identifiers

  • Time zone, language and location settings

  • Your mobile network provider and your location (based on your IP address)

  • The IP address used to connect your mobile phone or other device to the internet

  • Your browser information, such as Google Chrome, Apple Safari, Firefox etc.

  • Information about your visit to our website or use of our app, for example when you first visited the site or how many times you've visited

  • Information about the products or services you viewed or used

  • App response times and updates

  • Information about your interactions, like what notifications you opened

  • Any phone number used to call our customer service number

  • We may work with other partners that provide us with analytics and advertising services. This is to:

    • Help us understand how people interact with our services

    • Provide the adverts for our services on the internet

    • Measure the performance of our services and our adverts

Your health information is not used for these advertising services.

2.4. Cookies

Currently we do not use cookies but soon we will and we will notify you on the same. Cookies are files saved on your phone, tablet or computer when you visit a website. They collect information about how you use the website and the pages you visit. We do not use cookies on your medical or health information.

2.5. Information from third-party servicess

It's possible to connect your social media accounts or your wearable device (like a smartwatch) with our services. For example, you can sign up for Baobab Circle using your Facebook login details. If you choose to do this, we'll receive the following information about you from the third party:

  • Name

  • Email address

  • Username or ID

  • Health and lifestyle habits and information

If you use login details from third parties, they will also process your login data, and they are solely responsible for handling this.


We may also get information from other sources, such as companies that offer information on consumer trends.


We use this information to help us make our services better. We comply with data protection laws when we do this. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.


If you have questions about the way your data has been handled, please contact

3.0 What we use your data for

This is how we use your data and the legal reasons for using it.

3.1 Providing you with a service

We need your personal information to enter into a contract with you and deliver services.


If you are the one paying to use our service, we use your financial details to charge you if you use our paid service or buy our products.


We use your health and medical information to provide you with healthcare service, including when it's in your vital interests. This includes giving you health advice, as well as diagnosis and treatments if you use our clinical services (Call A Doctor service our audio consultation service, where you can talk with one of our medical professionals).


This information is based on:

  • Providing you or planning for healthcare services in our 'legitimate interest'

  • Performing tasks in the public's interest

  • Your consent (for example, when you use our service and agree to share information with your doctor)

  • The health and medical information we use includes information from your:

    • Consultations, like notes, recordings, and transcripts

    • Use of products like Symptom Checker

    • Your previous teleconsultation with Afya Pap medic

  • We might share this information with other health services. This is so we can give you the right care, including when it's in your vital interests. These services include:

    • Your doctor or medic, if you use our private service

    • Our NHS or clinical service partners

    • Referral services like therapists, pharmacists and hospitals

We use your location to recommend services near you, like pharmacies and hospitals.


Depending on how you access our services, we get your location from your phone, internet browser, IP address or postal address.

3.2 Improving Baobab Circle's services

If you've given explicit consent, we use your health and medical information to improve our services, including our artificial intelligence systems. This helps us deliver better healthcare to you and other Afya Pap users.


We remove details that could identify you from this information, such as your name, address and contact details. These are called 'personal identifiers.


The health and medical information we collect (with your personal identifiers removed) includes information from your:

  • Medical records

  • Consultations, like notes, recordings and transcripts

  • Use of products like Symptom Checker and Smart glucometer or Pressure Meter

This doesn't involve making any decisions which would have a big effect on you. We only use this information to deliver a better experience to you and other Afya Pap users. This explicit consent relates to when we use your personal data.

3.3 Helping health research

If you've given explicit consent, we use your data for health research. For example, to better understand health behaviour, disease risk or health outcomes.


We aim to publish our research results in peer-reviewed journals or by working with academics.


We may conduct research with partner organisations such as universities, ministries of health or other academic institutions.


The type of information we collect includes your:

  • Medical records

  • Consultations, like notes, recordings and transcripts

  • Use of products like Symptom Checker and Smart glucometer or Pressure Meter

We remove any details that could identify you from this information. This includes your name, address and contact information.


Our research follows the Declaration of Helsinki ethical principles, which were developed by the World Medical Association.


As part of our research, we may use your contact details to invite you to take part in clinical trials. These trials might be about things like how frequently we give you medicine reminders or what exercise has the greatest impact on mood.


3.4 Using your data when it's in our 'legitimate interest'

We sometimes analyse your data and how you use our products to help us manage our business better.


This could be things like fixing bugs in our app, understanding current user trends, or working out what users might want in the future.


This doesn't involve making any decisions which would have a big effect on you. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.

3.5 Keeping you up to date

We may contact you when marketing our service. This includes sending you product updates, surveys and marketing information. You can opt-in or out at any time by going to 'Settings' and 'Privacy Controls' in the app. You can also choose if you want to get app notifications in your device settings.


As part of providing you with a healthcare service or public service, we may send you health information by on-app messages, SMS, email or other ways. For example, we may send you public health alert or invite you to book an appointment for free screening programmes.

3.6 Regulating the quality and safety of our service

We use your health and medical information for the personalisation of our services, picking trends, disease surveillance, safety, training, regulatory, and compliance purposes.


This means that:

  • If we're legally required to, or asked by a regulator, we may need to share your information with regulatory bodies like the Ministries of Health, Medicines and Healthcare Products Regulatory Agencies or others within our countries of operations.

  • We may audit how you use our services, for example, to review the quality of results provided by our products

To detect and prevent fraud, we may need to share your personal and financial information with banks, financial institutions and fraud prevention services.

4.0 How we store and move your data

4.1 Personal health and medical information

Your personal health and medical information is stored on secure servers. This includes information like

  • Your health data

  • Your healthcare information received through consultations

  • Information about your medications

  • Any information about a diagnosis of illness or other problems

If you've chosen a password or authentication method to access the app, you're responsible for keeping this password and/or authentication method confidential. Please don't share it with anyone.


We encrypt data transmitted to and from our apps websites and portals. Once we have your information, we use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to make sure that your data is treated securely.

4.2 Credit and debit card information

We don't store any of your credit or debit card information. Payments are processed through a third-party payment provider that follows strict industry data security standards. These are known as Level 1 Payment Card Industry (PCI) data security standards.

Any payments you make are encrypted using SSL technology (which converts the information into code to stop fraud).

4.3 Where we store and process your data

Your data may be processed or stored on a secure cloud outside of Kenya, Uganda, Zimbabwe (Our markets).


This will always be in line with applicable data protection lawful mechanisms (such as appropriate contractual terms) and subject to strict safeguards.


For further information on how we protect your data if we transfer it outside of the Our markets, contact us by email at: info@baobabcircle.com

5.0 How and why we share your data

To help us deliver our services we may share your personal data with other parts of Baobab Circle, such as our business team, Insurance partners, corporates you are associated with, sponsors of health services who we work jointly or in connection with to provide you with a service.

5.1 Partner organizations

Some partner organizations sponsor or facilitate your access to our services. We may share your personal data with them so that they can process it to provide these services.


These partner organizations` can only use your data based on our instructions and they cannot use the data for their own purposes.


They also have to act in line with data protection laws and contractual terms that specify how they can process data on our behalf.

5.2 Partners

If you use our services through your health insurer or one of our partners, which may be your employer, we may share some of your information with them. This could include your:

  • Name

  • Date of birth

  • Email address

  • Policy number

  • Location

We may also share with them the fact that you have registered with us and used our services. But we will not share any details about your consultations or medical records unless you consent to this.

5.3 Other healthcare providers

If it's needed for your treatment or care, we will share your data with your other health care providers. These include:

  • Our clinical partners who we work jointly with or in connection with to provide you with a service

  • Your Insurance details

  • Specialist referral services

  • Therapists

  • Pharmacists

  • Hospitals

  • Accident and emergency services

  • Testing service providers

  • Diagnosis centres chosen by you for things like X-rays and other imaging

  • Other health and care bodies

By law, we may need to share information with these services to safeguard either you or others or conduct a public task (in the case of MOH services). We may need your consent, or to rely on our legitimate interests to provide you with healthcare before we can share this information.

5.4 Protecting public health

We might process your health data to protect public health. Your data could be vital to help research, monitor, track and manage public health emergencies, like pandemics.

In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:

  • In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:

  • CDC Africa

  • Public Health within Our markets

  • Local authorities

  • Health organisations

We will limit the use or sharing of data to the period of the emergency and will only share data to the extent necessary.

5.5 Aggregated or anonymous data

We may show on our website or share with our commercial partner data that does not personally identify you, but which shows general trends. This is 'aggregated' data and is not personal data.

This might include, for example, the number of users of our service or trends with a particular condition.

5.6 Statistical data in the public's interest

We may also use data that does not identify you personally as part of statistics that we collect on certain types of illness, symptoms and conditions. This might include us contributing medical data and participating in disease surveillance through institutions like CDC Africa. We may show these summarised statistics to our partners. They will always be anonymised. This is so we can improve our medical knowledge and help our members and the general public.

You can contact us directly if you do not want your data to be used in this way by email at: info@baobabcircle.com

6.0 How long do we keep your data

We follow advice from the departments of health within our markets on how long to keep the information found in your medical records. This is called a 'retention period'.

We might also keep some information that doesn't identify you to help improve our business and our services.

In some circumstances, we might keep data longer if the law says we have to.


Your informationRetention period
Your health records include medical records, consultations with our doctors and symptom checker interactions

We keep your health records for 10 years after your death or after you've permanently left the service.


Electronic patient records can't be destroyed or deleted for the foreseeable future.

Voice (or audio) consultations We keep your voice consultations in the same way as your health records (although that period of time could change if our product changes).
Symptom Checker

We keep your interactions with our Symptom Checker in the same way as your health records.


They are also available in the app for 1 month (although that period of time could change if our product changes). After 1 month we can provide them if you ask us for them.

Communications with support teams, including phone calls, emails and live chats 1 year after you leave Afya Pap service.
Maternity records We keep your records for 25 years after the birth of your last child.
Records on any treatment for a mental disorder (as described in mental health legislation) We keep your records for twenty years after the date of your last consultation. Or ten years after your death, if that is sooner.

If you want to see any of this information while we have it (in its 'retention period'), you can ask for it by emailing us at: info@baobabcircle.com

7.0 Your rights

You're in control of your personal information. Under data protection law, you have the right to:

  • Remove or change your consent at any time, if we are using your data in a certain way based on it. You can do this by:

    • Going to the app, selecting 'Settings' and then 'Privacy controls'

    • Going to the Baobab Circle Health website, selecting 'Your account' and then 'Privacy'

  • Ask for a copy of the personal data we hold about you. Your data is stored in line with our legal and medical obligations. See: how long we keep your data).

  • Ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes. There might be times when we're not able to help, like if the law or our medical obligations say we can't.

  • Ask us to restrict any automated (computer-made) decisions made with your data

  • Ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.

To do these things, please contact us at Regulatory & Public Sector Baobab Circle Limited P.O. Box 19751-00100 Nairobi, Kenya Or by email at: info@baobabcircle.com

We'll ask you for proof of identity. Data protection laws give us one month to get back to you.


We're regulated by the various Office of Data Protection Commissioner within our markets,


In Kenya. If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at: Office of Data Protection Commissioner info@odpc.go.ke P.O Box 30920-00100 G.P.O Nairobi, Kenya +254796954269 / +254778048164

8.0 Changes to this policy

We might update this policy from time to time. If we make any important changes, we'll let you know, and give you the chance to review them.


If you agree to the changes, you don't need to do anything. Just keep using our services with the updated policy and we'll assume you are happy with the way we use your data.


If you don't agree to the changes, then you can stop using our services at any time.