Skip to main content
← Back to login

Dada

Privacy Policy

Last updated: 25 April 2026

Dada (“we”, “us”, “our”) is a women’s health companion app designed for women in Kenya and East Africa. We take your privacy seriously — especially when it comes to your health information.

This policy explains what data we collect, how we use it, and your rights under the Kenya Data Protection Act 2019 (KDPA). If you are located in the EU, UK, or EEA, the EU General Data Protection Regulation (GDPR) applies as well and gives you the same rights described below.

What We Collect

  • Account information: Your name, email address (if using Google sign-in), or phone number (if using phone sign-in).
  • Health data: Menstrual cycle dates, symptoms, health conditions, and other information you choose to log. This is classified as sensitive personal data under Kenyan law.
  • Device information: Device type, operating system, and app version for troubleshooting and improving the app.
  • Usage data: How you interact with the app (screens visited, features used) to help us improve your experience. This data is anonymised.

How We Use Your Data

  • To provide and personalise the app: Your health data powers cycle predictions, symptom tracking, and personalised content recommendations.
  • To send you reminders:Push notifications for cycle predictions, logging reminders, and health tips — only if you opt in.
  • To improve the app: Anonymised, aggregated usage data helps us understand which features are most useful.

We do NOT sell your data. We do NOT share your identifiable health data with advertisers, employers, insurers, or any third party.

Where Your Data Is Stored

Your data is stored in two places:

  • On your device: Health data is cached locally using IndexedDB for offline access. When you enable encryption in Settings, sensitive health fields (symptoms, mood, cycle data, notes) are encrypted with AES-256 before being stored on your device.
  • In the cloud:Data syncs to Supabase (cloud infrastructure) where it is encrypted in transit (TLS) and protected by row-level security — meaning only your authenticated account can access your rows.

Who We Share Data With

Only you can see your health data. We use the following service providers to operate Dada:

  • Supabase(database and authentication) — stores your account and health data, protected by row-level security.
  • Vercel(hosting) — serves the app. Does not store your health data.
  • Sentry(error monitoring) — receives anonymised error reports. Health data fields are stripped before sending.
  • PostHog(analytics, opt-in only) — if you opt in via Settings or onboarding, tracks anonymous feature-usage events. No IP, no health data, no session recording. Disabled by default.
  • IntaSend(payments) — processes M-Pesa payments. Receives phone number and payment amount only, not health data.

We do NOT sell your data. We do NOT share your identifiable health data with advertisers, employers, insurers, or any third party.

Discreet Mode

Dada offers a discreet mode that changes the app name and icon on your device to “My Planner”. This is designed to protect your privacy on shared devices. When discreet mode is active, no health-related branding is visible on your home screen.

Your Rights

Under the Kenya Data Protection Act 2019, you have the right to:

  • Access your data: Request a copy of all data we hold about you.
  • Correct your data: Update or fix any inaccurate information.
  • Delete your data: Request deletion of your account and all associated data.
  • Withdraw consent: Stop data processing at any time by deleting your account.
  • Data portability: Request your data in a machine-readable format.

To exercise any of these rights, contact us at privacy@dadahealth.co.ke.

Cross-Border Data Transfers

Our service providers (Supabase, Vercel, Sentry, PostHog) operate servers outside Kenya. Your data may be processed in the United States or European Union. These transfers are permitted under Section 48 of the Kenya Data Protection Act 2019 and are protected by standard contractual clauses with each provider. Data is encrypted in transit.

Data Retention

We keep your account and health data for as long as your account is active. If you delete your account, all your personal and health data is permanently deleted within 30 days. Anonymised cohort data (no personal identifiers, no re-identifiable health signals) may be retained for up to 24 months solely for product analytics and research; this data cannot be linked back to you.

Children

Dada is designed for adult women. Under the Kenya Data Protection Act (Section 33), you must be at least 18 years old to consent to processing your own health data without a parent or guardian. We confirm this at sign-up. If you are under 18 and have created an account, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through the app. Your continued use of Dada after changes means you accept the updated policy.

Contact

If you have questions about your data or this policy, contact us at:
Email: privacy@dadahealth.co.ke

Security Vulnerabilities

To report security vulnerabilities, please email security@dadahealth.co.ke. We take all reports seriously and will respond within 48 hours.