Free pickup on all orders above KES 2,000 | Shop now

Privacy Policy

Last updated: May 26, 2026

1. Introduction

LifeLinkX is operated by Eryx Labs Ltd ("we", "us", "our"), a company registered in Kenya. This Privacy Policy explains how we collect, use, store, and protect your personal information, including sensitive health data, when you use our mobile application, website, and related services (collectively, the "Service").

We are committed to complying with the Kenya Data Protection Act 2019, the Health Act 2017, and the Pharmacy and Poisons Board (PPB) regulations governing the handling of patient and pharmaceutical data.

2. Information We Collect

We collect the following categories of information:

  • Identity Data: Your name, phone number, national ID number (optional), date of birth, and gender.
  • Health Data: Medical conditions, medication prescriptions, dosage information, refill history, adherence records, and prescription images.
  • Pharmacy Data: Your preferred pharmacy, order history, and pharmacy interactions.
  • Payment Data: M-Pesa transaction references and payment confirmations. We do not store your M-Pesa PIN or full financial account details.
  • Device Data: Device type, operating system, app version, and push notification tokens.
  • Usage Data: App interactions, feature usage, and service performance metrics.
  • Caregiver Data: Names and phone numbers of designated caregivers, and their access permissions.

3. How We Use Your Information

We use your information to:

  • Provide medication refill reminders via SMS, WhatsApp, and push notifications
  • Process prescription orders and facilitate pharmacy fulfilment
  • Process M-Pesa payments for medication orders
  • Enable pharmacists to verify prescriptions and dispense medications
  • Track medication adherence and provide health insights to you and your healthcare providers (with your consent)
  • Allow designated caregivers to assist with your medication management
  • Improve our services and develop new features
  • Comply with legal and regulatory requirements, including PPB reporting obligations

4. Legal Basis for Processing

Under the Kenya Data Protection Act 2019, we process your data on the following bases:

  • Consent: For health data processing and notification preferences. You provide explicit consent during registration and can withdraw it at any time.
  • Contractual necessity: To deliver the medication management service you signed up for.
  • Legal obligation: To comply with PPB regulations, the Pharmacy and Poisons Act, and the Health Act 2017.
  • Legitimate interest: To improve service quality and prevent fraud.

5. Data Sharing

We share your information only with:

  • Your pharmacy: Order details, prescriptions, and medication information necessary to fulfil your refill orders.
  • Payment processors: KopoKopo (for M-Pesa integration) receives only the minimum transaction data required.
  • Messaging services: Ping Africa (SMS/WhatsApp) receives your phone number and message content for notifications.
  • Designated caregivers: Only the information you have explicitly permitted them to see.
  • Regulatory bodies: When required by law, including PPB reporting of controlled substance dispensing.

We do not sell your personal or health data to third parties. We do not use your health data for advertising or marketing by third parties.

6. Data Security

We protect your data through:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Secure authentication using one-time passwords (OTP) sent to your registered phone number
  • Role-based access controls for pharmacy staff accessing patient data
  • Comprehensive audit logging of all data access
  • Regular security assessments
  • Data hosting on servers within Africa

7. Data Retention

We retain your data for as long as your account is active, plus a period required by law. Prescription records and dispensing history are retained for a minimum of five (5) years as required by the Pharmacy and Poisons Board regulations. You may request deletion of your account and non-regulatory data at any time.

8. Your Rights

Under the Kenya Data Protection Act 2019, you have the right to:

  • Access your personal data held by us
  • Correct inaccurate or incomplete data
  • Delete your data (subject to legal retention requirements)
  • Restrict or object to processing of your data
  • Data portability -- receive your data in a structured, commonly used format
  • Withdraw consent at any time without affecting prior lawful processing

To exercise these rights, contact us at privacy@eryxlabs.co.ke or through the app's privacy settings.

9. Privacy Mode

LifeLinkX offers a Privacy Mode that restricts notification content to generic messages (e.g., "You have a health reminder" instead of medication names). This can be enabled in your profile settings and is designed for patients who share devices or live in environments where medication privacy is important.

10. Children's Privacy

LifeLinkX is intended for users aged 18 and above. Caregivers may manage medications for minors through the caregiver feature, but the caregiver must be the registered account holder. We do not knowingly collect data from children under 18 without a caregiver's authorisation.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via SMS or in-app notification at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy-related enquiries or to exercise your data rights:

Eryx Labs Ltd

Email: privacy@eryxlabs.co.ke

Nairobi, Kenya

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya.

We use cookies for a better experience. No tracking, no ads.

LX

Get LifeLinkX

Order meds on your phone

Download
Chat on WhatsApp
Call us