Privacy Policy

Hekima Labs ("we", "us", "our") operates the website at hekimalabs.tech (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our Site or complete our Discovery Quiz. We are committed to protecting your privacy in accordance with the Kenya Data Protection Act 2019 (the "DPA"), and, where applicable, the EU General Data Protection Regulation (GDPR) and other relevant data protection laws. By using our Site or submitting the Discovery Quiz, you acknowledge that you have read and understood this policy.

The data controller responsible for your personal data is: Hekima Labs Nairobi, Kenya Email: hello@hekimalabs.tech If you have questions or requests about your personal data, contact us at the email above.

We collect the following categories of personal data when you complete the Discovery Quiz: • Identity data: your full name and job title / role • Contact data: your work email address and company name • Business data: your organisation size, approximate budget range, primary business objective, key pain points, and desired project timeline We also collect standard technical data that your browser sends automatically when you visit the Site: • IP address (anonymised after processing) • Browser type and version • Pages visited and time spent on the Site • Referring URL We do not collect sensitive personal data (e.g. health, financial account, or biometric data).

We use the personal data you provide solely for the following purposes: • To prepare and deliver a personalised AI Readiness Assessment relevant to your organisation • To follow up on your inquiry and discuss how Hekima Labs can assist your business • To improve the quality of our Discovery process We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

Under the Kenya Data Protection Act 2019 and the GDPR, we rely on the following lawful bases: • Consent: you voluntarily submit your data through the Discovery Quiz and agree to this policy before submission • Legitimate interests: to evaluate whether our services are a good fit for your business needs, where this is not overridden by your rights and interests You may withdraw your consent at any time by contacting us at hello@hekimalabs.tech. Withdrawal does not affect the lawfulness of processing before withdrawal.

Quiz submissions are forwarded to a Google Apps Script webhook and stored in a Google Sheets spreadsheet accessible only to authorised Hekima Labs personnel. Google's servers may be located outside Kenya or the EEA; however, Google LLC participates in the EU–US Data Privacy Framework and provides adequate safeguards for cross-border transfers. We do not transfer your personal data to any other third party without your explicit consent.

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, and in any case no longer than 24 months from the date of collection, unless we are required by law to retain it for a longer period or unless you request earlier deletion.

Under the Kenya Data Protection Act 2019 and, where applicable, the GDPR, you have the following rights regarding your personal data: • Right of access: to obtain a copy of the personal data we hold about you • Right to rectification: to have inaccurate data corrected • Right to erasure: to request deletion of your data ("right to be forgotten") • Right to restrict processing: to ask us to limit how we use your data • Right to object: to object to processing based on legitimate interests • Right to data portability: to receive your data in a structured, machine-readable format • Right to withdraw consent: at any time, without affecting prior processing To exercise any of these rights, email us at hello@hekimalabs.tech with the subject line "Data Request". We will respond within 30 days. If you are located in Kenya and believe your rights have been violated, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.

The Site does not use advertising or tracking cookies. We do not embed third-party ad pixels or share your browsing data with advertisers. We may use functional cookies or local storage strictly necessary to maintain your session state on the Site. No consent is required for strictly necessary cookies, but you can disable all cookies in your browser settings; note that this may affect Site functionality.

Our services are directed at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has submitted data through our Site, contact us at hello@hekimalabs.tech and we will delete it promptly.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS/TLS), access controls on data storage, and limiting data access to authorised personnel only. No method of transmission over the internet is 100% secure. If you suspect a data breach, contact us immediately at hello@hekimalabs.tech.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated via a notice on the Site. Your continued use of the Site after changes are posted constitutes your acceptance of the revised policy.

For any privacy-related questions, requests, or concerns, please contact: Hekima Labs: Data Privacy Email: hello@hekimalabs.tech Location: Nairobi, Kenya