KEMIRIX · Medication Safety · Clinical Decision Support · Drug Interaction Analysis · Pharmacogenomics · For Doctors, Pharmacists & Nurses · Built for Africa · KEMIRIX · Medication Safety · Clinical Decision Support · Drug Interaction Analysis · Pharmacogenomics · For Doctors, Pharmacists & Nurses · Built for Africa ·
KEMIRIX

Legal

Privacy Policy

Last updated: June 2026

1. Who We Are

KEMIRIX (“KEMIRIX,” “we,” “our,” or “us”) is a clinical medication safety and clinical decision support platform founded in January 2026 and registered in Kenya and India. Our platform assists licensed healthcare professionals in identifying medication safety risks including drug interactions, organ function contraindications, pharmacogenomic factors, and traditional medicine conflicts.

For data protection enquiries, contact us at: admin@kemirix.com

2. Regulatory Framework

KEMIRIX processes personal data in accordance with:

  • Kenya Data Protection Act 2019 (DPA)
  • Kenya Office of the Data Protection Commissioner (ODPC) registration requirements
  • International data protection principles consistent with GDPR where applicable
  • HIPAA-aligned safeguards for institutions in applicable jurisdictions

3. Data We Collect

3.1 Account and Contact Data

When you register, request a demo, or submit an enquiry, we may collect: name, professional title, institution name, email address, phone number, and country of practice. This data is used to administer your account and respond to your enquiry.

3.2 Clinical Data (Institutional Deployments)

For institutions deploying KEMIRIX in clinical settings, the platform may process patient health information (PHI) including medication lists, laboratory values, genetic test results, diagnoses, and allergy records. This data is processed solely for the purpose of generating medication safety outputs for the treating clinician. KEMIRIX acts as a data processor on behalf of the institution (the data controller) in all clinical deployments.

Patient data is never used to train AI models without explicit, informed, ethics-board-approved consent. Clinician feedback signals (such as overrides) used for model improvement are always stripped of PHI before processing.

3.3 Usage and Technical Data

We collect standard technical data including IP address, browser type, device type, pages visited, session duration, and error logs. This data is used to maintain platform reliability, security, and performance. It is not sold to third parties.

3.4 Newsletter and Communications

If you subscribe to KEMIRIX communications, we collect your email address for that purpose. You may unsubscribe at any time via the link in any communication or by emailing admin@kemirix.com.

4. How We Use Your Data

We process personal data for the following lawful purposes:

  • Providing and administering the KEMIRIX platform (contractual necessity)
  • Responding to demo requests, partnership enquiries, and support tickets (legitimate interest)
  • Sending product updates and clinical newsletters (consent — withdrawable at any time)
  • Maintaining platform security, audit logs, and regulatory compliance (legal obligation)
  • Improving platform accuracy and clinical safety performance (legitimate interest, with PHI removed)

We do not sell, rent, or trade personal data with third parties for marketing purposes.

5. Security Statement

KEMIRIX implements the following technical and organisational security measures:

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Role-based access control (RBAC) with least-privilege principles
  • Full audit logs for every clinical output, data access event, and clinician override
  • Hard-gate veto architecture preventing AI outputs from bypassing critical safety checks
  • Offline-first architecture ensuring PHI remains on-device unless cloud sync is explicitly enabled

No system is completely immune to breach. In the event of a data incident affecting personal data, KEMIRIX will notify affected institutions and the ODPC in accordance with applicable data protection law.

6. Data Retention

For clinical deployments, data retention periods are configured by the institution in accordance with local clinical records legislation. KEMIRIX does not impose its own retention schedule on institutional clinical data.

Account and contact data is retained for the duration of the account relationship and for a period of up to 3 years thereafter for audit and compliance purposes, unless a shorter period is required by applicable law.

7. Data Residency

For offline deployments, patient data remains entirely on the local device or within the institution’s own infrastructure. For cloud-enabled deployments, data is stored in the institution’s selected data residency region. KEMIRIX does not process or retain patient data on shared multi-tenant infrastructure without a signed institutional Data Processing Agreement (DPA).

8. Your Rights

Under applicable data protection law, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete personal data
  • Request deletion of your personal data (subject to legal retention obligations)
  • Object to or restrict certain processing activities
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Kenya ODPC or the data protection authority in your jurisdiction

To exercise any of these rights, contact admin@kemirix.com. We will respond within 30 days.

9. Clinical Disclaimer

KEMIRIX is a clinical decision support tool. It is not a medical device for autonomous patient diagnosis or treatment. All outputs generated by the KEMIRIX platform require review and authorisation by a licensed healthcare professional before any patient-affecting decision is made. KEMIRIX is not liable for clinical decisions made without appropriate professional review. In emergency situations, contact emergency services directly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email and noted by updating the “Last updated” date above. Continued use of the platform following notification constitutes acceptance of the updated policy.

11. Contact

For any questions regarding this Privacy Policy or your personal data:

Read our Terms of Service or request a demo.