Privacy Policy

Last Updated: December 23, 2025Compliant with Kenya Data Protection Act 2019

1. Introduction

Sunrise POS ("we", "us", or "our") is committed to protecting the privacy and personal data of our users and their customers/patients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the Kenya Data Protection Act, 2019.

2. Information We Collect

We collect personal data that you provide to us when you register for an account, add customers/patients, or use our business management features. This includes:

  • User Data: Name, professional license number (where applicable), email, and phone number.
  • Business Data: Business name, address, KRA PIN, and tax details.
  • Customer/Patient Data: Name, phone number, ID number, and age.
  • Sensitive Personal Data: Health records, prescriptions, and allergies (processed with explicit consent, applicable ONLY to Medical Mode users).

3. Purpose of Processing

We process your data for the following purposes:

  • To provide pharmacy management and point-of-sale services.
  • To generate KRA-compliant tax invoices and regulatory reports for the Pharmacy and Poisons Board (PPB).
  • To enable patient medication adherence tracking and safety checks.
  • To ensure system security and prevent unauthorized access.

4. Data Subject Rights

Under the Kenya Data Protection Act, patients (Data Subjects) have the following rights:

  • Right to be Informed: To know why their data is being collected.
  • Right of Access: To access their personal data in our possession.
  • Right to Object: To object to the processing of all or part of their data.
  • Right to Correction: To request correction of false or misleading data.
  • Right to Erasure: To request the deletion of data that is no longer necessary.

5. Data Security

We implement robust technical and organizational measures to protect your data, including end-to-end encryption, multi-tenant isolation, automated audit logging, and account lockout systems to prevent brute-force attacks.

6. Contact Us

For any data protection inquiries or to exercise your rights, please contact our Data Protection Officer at:

grayspace.co.ke@proton.me