Daily Nutrition Logo

Privacy Policy

Last Updated: March 2026

1. Introduction

Welcome to Edwak Nutrition. This Privacy Policy sets out how we collect, use, process, and protect your personal data when you use our website, services, or interact with us. We are committed to safeguarding your privacy in strict compliance with the Kenya Data Protection Act, 2019 (DPA) and its attendant regulations.

2. Data Controller

For the purposes of the DPA, Edwak Nutrition is the Data Controller. This means we determine the purpose and means of processing your personal data.

Official Address: Nairobi, Kenya
Data Protection Officer (DPO) Contact: edwaknutritionco@gmail.com

3. Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: First name, last name, title, date of birth, and gender.
  • Contact Data: Billing address, delivery address, email address, and telephone/mobile numbers.
  • Health & Wellness Data: Nutritional goals, dietary preferences, medical history relevant to our consultation services (processed strictly with explicit consent as sensitive personal data under Section 44 of the DPA).
  • Financial Data: Bank account and payment card details (processed securely via regulated third-party payment gateways handling 16% VAT).
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, operating system, and platform.

4. How We Collect Your Data

We collect data through:

  • Direct interactions: When you book a consultation, fill out inquiries, or subscribe to our newsletter.
  • Automated technologies: Through cookies, server logs, and similar technologies (see our Cookie Policy for details).
  • Third parties: Analytics providers, advertising networks, and payment processors.

5. Lawful Basis for Processing

Under Section 30 of the DPA, we will only process your personal data where we have a lawful basis. These include:

  • Consent: Where you have provided unambiguous, informed consent (especially for health data).
  • Contractual Necessity: To fulfill our obligations under any contract we have with you (e.g., providing consultation services).
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation in Kenya.
  • Legitimate Interests: For our legitimate business interests, provided they do not override your fundamental rights.

6. Purpose of Processing

We use your data to:

  • Register you as a new client and manage your appointments.
  • Deliver tailored health and nutrition consultancy services.
  • Process payments, including calculation and remittance of applicable taxes (such as 16% VAT).
  • Send administrative notifications, security alerts, and support messages.
  • Improve our website, services, marketing, and client relationships using AI-assisted tools where applicable.

7. Data Sharing and Transfers

We may share your personal data with strictly vetted third-party service providers (e.g., hosting providers, payment processors, email API services like Resend, and AI service providers like Google Gemini) who act as Data Processors.

Cross-Border Transfers: If we transfer your personal data outside Kenya, we ensure a similar degree of protection is afforded to it in accordance with Section 48 of the DPA, either by transferring it to countries with adequate data protection laws or by utilizing standard contractual clauses.

8. Data Security

We have implemented robust security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. This includes:

  • AES-256-GCM Encryption: For stored sensitive configuration and data.
  • JWT Validations: To securely manage client sessions.
  • Access Controls: Limiting access to personal data to employees, agents, and contractors who have a strict business need to know and are subject to a duty of confidentiality.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By default, client consultation records are kept securely for a minimum duration as mandated by Kenyan health and corporate statutes before secure deletion.

10. Your Data Subject Rights

Under Part IV of the Kenya Data Protection Act, you possess the following rights:

  • Right to be Informed: To know how your data is being used.
  • Right of Access: To access your personal data in our possession.
  • Right to Rectification: To request correction of false or misleading data.
  • Right to Erasure: To request the deletion of your data summarily ("Right to be Forgotten").
  • Right to Object: To object to the processing of all or part of your personal data.
  • Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format.

To exercise these rights, please contact us at edwaknutritionco@gmail.com. We will respond within the statutory timeframe of 14 days.

11. Automated Decision Making and Profiling

We do not use your personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you without human intervention. Our AI integrations (e.g., content drafting) do not profile individual users.

12. Office of the Data Protection Commissioner (ODPC)

If you believe our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya. However, we would appreciate the chance to deal with your concerns before you approach the ODPC.

13. Changes to this Privacy Policy

We keep our Privacy Policy under regular review. Any changes will be posted on this page with an updated revision date. If significant changes occur regarding how we treat your personal data, we will notify you prominently via email or notice on our platform.