GENO Wellness Hub
GENO Provider logo
GENO Provider · Privacy policy

GENO Provider Privacy Policy

Version 2026-06-13.2·Effective 12 June 2026

1. Summary

This Privacy Policy explains how GENO Wellness Ltd. ("GENO", "we", "us") handles your information when you use the GENO Provider mobile application (the "App") to run your wellness practice on the GENO platform. GENO is incorporated in Kenya and primarily serves the East African Community (EAC).

The Short Version:

  • We collect what we need to verify you as a provider, run your bookings and sessions, route payouts via mobile money or bank, and let you communicate with clients. We do not collect anything we do not need.
  • We never sell your data — your profile, your client messages, or your earnings — to anyone.
  • Client information you record in session notes is confidential and stays under your control.
  • This policy is governed by the Kenya Data Protection Act, 2019 (Cap 411C). Equivalent rights apply across the EAC.

By using GENO Provider you agree to this Privacy Policy and to the GENO Provider Terms and Conditions.

2. Who Is Responsible for Your Data
Data Controller GENO Wellness Ltd. (Kenya)
Registered Office Nairobi, Kenya
Primary Regulator Office of the Data Protection Commissioner (ODPC), Kenya
Email privacy@genoessence.com
Provider Support providers@genoessence.com
Web https://genoessence.com/privacy/geno-provider

When you use GENO Provider, you are also a data controller for the personal information your clients give you (booking notes, session notes, payment context). GENO acts as your data processor for that content. The data-processing terms attached to the Provider Terms govern that relationship.

3. The Information We Collect

3.1 Onboarding Information

  • Identity: legal name, display name, email address, phone number, date of birth, country of residence.
  • Verification Documents: government-issued ID, professional certifications or licences, profile photo. We use these solely to verify you are eligible to provide wellness services on GENO; they are never published.
  • Practice Details: title, bio, specializations, languages spoken, hourly rate, time zone.
  • Tax Identifier: the local tax registration number required by your country (KRA PIN in Kenya, TIN in Uganda or Tanzania, RRA TIN in Rwanda, or the equivalent elsewhere). We need this to operate the platform lawfully.
  • Payout Destination: the mobile-money account (such as M-Pesa, Airtel Money, or MTN Mobile Money) or bank account we should send your earnings to.

We retain verification and tax data only as long as we need them to keep your account verified, plus the period required by tax law in your country.

3.2 Operational Information

  • Bookings, sessions, and calendar entries with timestamps and the service delivered
  • Earnings, payouts, and platform fees for every transaction processed through GENO
  • Session and client notes you type into the "Provider notes" field — private to you, never visible to the client unless you choose to share them
  • Messages with clients exchanged inside the App
  • Reviews and ratings clients leave for you

3.3 Device and App Information

  • Device model, operating-system version, App version
  • An internal identifier used to associate the App with your account (this is not your Android Advertising ID)
  • An approximate region derived from your IP address (we do not request precise GPS location)
  • Anonymized diagnostic logs to help us fix bugs
  • A notification token for booking and message alerts
  • Biometric prompt success/failure flags used only to unlock the App locally; the biometric template never leaves your device

3.4 What We Do Not Collect

  • Precise GPS location
  • Microphone or audio recordings; the camera permission is used only when you tap "take photo" for your profile picture
  • Your contacts, calendar, SMS, or call logs
  • Files on your device outside your chosen avatar
  • Any Health Connect category — the Provider app does not connect to Health Connect

4. How We Use Your Information

Purpose Lawful Basis (Kenya DPA, s. 30)
Verifying your identity and credentials Performance of our contract + legal obligation
Listing your profile and matching you with clients Performance of our contract with you
Running bookings, sessions, and the live-call infrastructure Performance of our contract with you
Routing your earnings to your registered mobile-money or bank account Performance of our contract + legal obligation under applicable tax law
Sending booking, session, message, and earnings notifications Your consent
Detecting and preventing fraud, money laundering, or abuse of clients Legal obligation + our legitimate interest in a safe marketplace
Aggregated platform metrics Our legitimate interest
Complying with tax, AML, and court orders Legal obligation
Marketing emails about new provider features Your consent (off by default)

5. Sharing Your Information

5.1 With Your Clients

Your display name, profile photo, public bio, specializations, hourly rate, and the reviews you have publicly received are visible to clients searching the GENO platform. Your phone number, email, tax PIN, and payout details are never shown to clients.

5.2 With Tax, AML, and Law-Enforcement Authorities

We will disclose information when required by:

  • The Kenya Revenue Authority and the Financial Reporting Centre of Kenya, including under the Proceeds of Crime and Anti-Money Laundering Act, 2009
  • The Uganda Revenue Authority, Tanzania Revenue Authority, or Rwanda Revenue Authority in their respective jurisdictions
  • A valid court order, ODPC order, or equivalent regulator order

Where the law permits we will notify you first.

5.3 In a Corporate Transaction

If GENO is acquired or restructured, your information may transfer to the acquirer subject to the same privacy commitments. We will notify you in advance.

6. How We Protect Your Information

We take the security of your personal data seriously and apply technical and organisational measures appropriate to the risk, including:

  • Industry-standard encryption of personal data in transit and at rest
  • Strong, one-way cryptographic hashing of account passwords — we never store, log, or transmit passwords in plain text
  • Local PIN and device-biometric unlock on the App; biometrics never leave your device
  • Restricted, audited access to production systems on a least-privilege basis
  • Regular review of third-party libraries and security advisories
  • A process for receiving and responding to responsible-disclosure reports at security@genoessence.com

If we ever discover a personal-data breach that is likely to result in a risk to your rights, we will notify the ODPC and, where required, you, within the timeframe set by section 43 of the Kenya DPA.

7. How Long We Keep Your Information

We keep personal data only as long as we need it, or as long as the law requires. As a provider:

  • Profile Data is kept while your account is active.
  • Verification, Tax and Payout Records are kept for the period required by the tax law that applies to you (typically several years in EAC jurisdictions).
  • Booking and Earnings Records are kept for the same period for the same reason.
  • Client Notes and Messages are kept while the client and provider relationship is active, then deleted on a rolling basis.
  • Diagnostic Logs and Delivery Records are kept for a short period for security and reliability.
  • Backups are overwritten on a rolling schedule after live data is deleted.

When you delete your provider account we erase your profile, photo, public bio and credentials within a reasonable period, except for the records we must keep by tax or AML law, which are isolated from the live service.

8. Cross-Border Transfers

Some of the service providers we work with operate from outside the EAC, which means your personal data may be transferred outside Kenya. We only work with providers that contractually commit to data-protection standards equivalent to or better than the Kenya DPA, and we add additional safeguards as required by sections 48–49 of the Kenya DPA and equivalent provisions across the EAC.

9. Your Rights

Under section 26 of the Kenya Data Protection Act, 2019 you have the right to be informed of the use of your data, access it, correct it, ask for deletion, object to processing, restrict processing, and receive a copy of it in a structured format. Equivalent rights apply across the EAC.

You can exercise these rights inside the App (Profile → Security & Privacy, Profile → Notifications) or via privacy@genoessence.com.

If you believe we have mishandled your data you can complain to the ODPC (https://www.odpc.go.ke) or the equivalent authority in your country.

10. Children

GENO Provider is not directed at children. Providers must be at least 18 years old. If you believe an under-18 has registered as a provider please email privacy@genoessence.com so we can disable the account.

11. International Users (Outside the EAC)

If you provide services from outside the EAC the equivalent of the rights in §9 applies under your local data-protection law (EU GDPR, UK GDPR, CCPA / CPRA, etc.). We rely on Standard Contractual Clauses for cross-border transfers to the United States and we do not "sell" or "share" your personal information for cross-context behavioural advertising.

12. Tracking Technologies

The App does not use third-party advertising SDKs, behavioural-tracking pixels, or session-recording tools.

13. Changes to This Privacy Policy

We may update this Policy. The "Effective" date is updated whenever a new version is published. For material changes we will show you the new policy inside the App and ask you to acknowledge it before continuing, and email the address on your account in advance.

14. Contact

GENO Wellness Ltd. Nairobi, Kenya

Effective from the "Last updated" date shown at the top of this page.

Platform privacy policyGENO Steps privacy policyTerms & conditionsContact privacy team