1. Overview

iMental (“the App”) is a mental health support platform developed by a grant-winning innovation team under KCA University (“the University”). The University reserves all rights of ownership in and to the App.. The App connects individuals seeking mental health support (“Clients”) with verified independent professionals (“Consultants”).

The University values your privacy and is committed to handling your personal data responsibly, in compliance with the Kenya Data Protection Act, 2019, related regulations, and applicable institutional policies.

This Privacy Policy explains what information we collect, how we use it, and your rights as a user.

2. Scope

This policy applies to all users of the iMental platform: both Clients ,Consultants and System Administrators.

It covers data collected through:

• Account creation and use of the App.
• Booking and payment processes.
• Communications with iMental support.

It does not cover information exchanged privately between Clients and Consultants during or after a booked session.

3. The Role of iMental

iMental facilitates connections between Clients and independent Consultants.

The University:

• Provides and maintains the digital platform.
• Manages booking, scheduling, and payment functionalities.
• Does not participate in or access the content of therapy sessions.

All communication between Client and Consultant (whether in-person or virtual) remains private and confidential, outside the University’s systems.

4. Information We Collect

We collect only the information required to provide and improve our services:

• User & Account Data
  • Name, email, phone number, and password
  • Gender, age range, and user preferences (optional)
• Booking & Payment Data
  • Session date, type (virtual or in-person), and selected Consultant
  • Payment details and transaction references (processed through secure third-party gateways such as M-Pesa or card processors)
• Technical Data (device, logs, IP)
  • Device type, operating system, IP address, and usage logs
• Support Communication Data
  • Messages or inquiries sent to iMental’s support team

We do not collect or store the content of therapy sessions or personal notes exchanged between Clients and Consultants.

5. How We Use Your Information

Your information is used to:

• Create and manage user accounts.
• Facilitate booking and payment processes
• Match Clients with Consultants
• Send session notifications and confirmations
• Improve user experience and app performance
• Comply with legal and institutional obligations.

No data is used for automated decision-making or unsolicited marketing.

6. Data Controller and Processors

• The University acts as the Data Controller for all platform data
• Cloud service providers and payment processors act as Data Processors under contractual agreements, ensuring compliance with Kenyan data protection law.
• Consultants act as independent data controllers for data shared directly with them by Clients during sessions.

7. Data Storage and Security

• Data is hosted on secure, encrypted cloud infrastructure and servers.
• Encryption is applied to data in transit and at rest.
• Access to user information is limited to authorized personnel bound by confidentiality agreements.
• In the event of a confirmed data breach, affected users will be notified within 72 hours as required by the KDPA.

8. Data Sharing

Your data may be shared only:

• With Consultants, for the purpose of completing booked sessions;
• With Service Providers, such as hosting and payment processors, under strict confidentiality;
• With the University, for anonymized reporting or compliance purposes;
• When required by law or court order.
• We do not sell, rent, or trade personal data.

9.Retention Period

Data is retained for eight (8) years from your last activity or as required by law and university policies. After this period, your data is securely deleted or anonymized.

10. Your Rights

Under the Kenya Data Protection Act, you have the right to:

• Access personal data we hold about you;
• Request correction or deletion of inaccurate data;
• Withdraw consent at any time;
• Restrict processing
• Object to processing;
• Data portability
• Not to be subject to automated decision-making
• File a complaint with the Office of the Data Protection Commissioner (ODPC).

Requests can be made via: Data Protection Officer KCA University Email: dpo@kcau.ac.ke Address: P.O. Box56808-00200, Nairobi, Thika Road, Ruaraka

11. Consultant Confidentiality

Each Consultant is required to uphold strict confidentiality and professional ethics. iMental does not monitor or store communication between Clients and Consultants. Any confidentiality breach by a Consultant is subject to their professional code of conduct and not the responsibility of the University.

12. Payments and Financial Data

All payments are processed through licensed third-party payment providers. iMental does not store or access your full payment credentials. Users are encouraged to review the privacy policies of these providers before completing transactions.

13. Children’s Privacy

The App is intended for users aged 18 and above. Minors may only access services under parental or institutional consent.

14. Non-Emergency Disclaimer

iMental is not a crisis or emergency service. If you are in immediate distress or danger, please contact local emergency services or a qualified health provider.

15.Updates to This Policy

This Policy may be updated periodically to reflect operational or legal changes. Users will be notified of significant updates through in-app or email notifications prior to implementation.

16. Contact Us

For privacy inquiries or data requests, contact:

Data Protection Officer
KCA University
Email: dpo@kcau.ac.ke
Phone: +254 710888022
Address: P.O. Box56808-00200, Nairobi,
Thika Road, Ruaraka

17.Ownership and Oversight

All platform data is owned by KCA University, serving as the Data Controller under the Kenya Data Protection Act, 2019. The University’s compliance and IT governance teams oversee adherence to institutional and national data protection requirements.