Version 2026-06-13.2·Effective 12 June 2026
This Privacy Policy explains how GENO Wellness Ltd. ("GENO", "we", "us") handles your information when you use the GENO Steps mobile application (the "App"). GENO is incorporated in Kenya and primarily serves the East African Community (EAC).
The Short Version:
By using GENO Steps you agree to this Privacy Policy. If you do not agree, please uninstall the App.
| Data Controller | GENO Wellness Ltd. (Kenya) |
| Registered Office | Nairobi, Kenya |
| Primary Regulator | Office of the Data Protection Commissioner (ODPC), Kenya |
| privacy@genoessence.com | |
| Web | https://genoessence.com/privacy/geno-steps |
We aim to reply to privacy enquiries within five business days. Formal data-subject requests are handled within the timeframe required by the law that applies to you.
If you are based outside the EAC see §11 ("International Users").
GENO Steps reads physical-activity data from Android Health Connect when you grant permission. The data categories we request are:
Steps)Distance)ActiveCaloriesBurned)We aggregate these into daily totals and discard the raw samples after a short retention period. We do not read your heart rate, sleep, weight from connected scales, body-fat percentage, or any other Health Connect category.
Our use of Health Connect data complies with the Google Play Health Connect Data Use Policy:
When you use the App we automatically receive:
When you join or create a step competition we record your participation, your daily step contribution to it, your rank, and any invite codes you generate. Other participants of the same competition can see your display name, profile photo, daily step total, and rank — that is what makes a leaderboard work.
Under the Kenya Data Protection Act, every use of personal data has a lawful basis. Ours are:
| Purpose | Lawful Basis (Kenya DPA, s. 30) |
|---|---|
| Counting steps, computing distance and calories, drawing your daily progress | Performance of our contract with you |
| Running competitions and leaderboards | Performance of our contract with you |
| Sending the reminders and competition updates you opted in to | Your consent |
| Detecting abuse and step inflation to keep leaderboards fair | Our legitimate interest |
| Investigating bugs and security incidents | Our legitimate interest |
| Sending account-related emails (security alerts, password resets) | Our legitimate interest |
| Marketing emails about other GENO products | Your consent (off by default) |
| Complying with court orders, tax records, or other legal obligations | Legal obligation |
We share your information only in the limited circumstances below. We do not sell your personal information, including step or health data, to anyone, and we do not share it for behavioural advertising.
If you join a competition, the other participants of that competition can see your display name, profile photo, daily step total, and rank. They cannot see your age, weight, country, email, or any other field.
We may disclose information when required by a valid legal order from a competent authority (for example a court order, a request from the Directorate of Criminal Investigations, an order from the ODPC, or an equivalent order from a competent authority in Uganda, Tanzania or Rwanda). Where the law permits we will notify you first.
If GENO is acquired or restructured, your information may transfer to the acquirer subject to the same privacy commitments. We will notify you in advance.
We take the security of your personal data seriously and apply technical and organisational measures appropriate to the risk, including:
No internet service can guarantee perfect security. If we ever discover a personal-data breach that is likely to result in a risk to your rights, we will notify the ODPC and, where required, you, within the timeframe set by section 43 of the Kenya DPA.
We keep personal data only as long as we need it for the purposes set out in this Policy, or as long as the law requires.
When you delete your account we erase your profile and step history within a reasonable period. Fully anonymized statistics may be retained indefinitely.
GENO is headquartered in Kenya. Some of the service providers we work with operate from outside the EAC, which means your personal data may be transferred outside Kenya. We only work with providers that contractually commit to data-protection standards equivalent to or better than the Kenya DPA, and we add additional safeguards (encryption, access controls, contract terms) as required by sections 48–49 of the Kenya DPA and equivalent provisions in Uganda, Tanzania, and Rwanda.
Under section 26 of the Kenya Data Protection Act, 2019 you have the right to:
Equivalent rights apply if you use the App from:
You can exercise most of these rights inside the App (Settings → Security & Privacy to delete your account, Settings → Notifications to control consent, Settings → Personal Info → Export My Data for a JSON export). Other requests go to privacy@genoessence.com.
If you believe we have mishandled your data you can lodge a complaint with the ODPC (https://www.odpc.go.ke) or the equivalent authority in your country.
GENO Steps is not directed at children under 13 and we do not knowingly create accounts for children under 13.
Under section 33 of the Kenya DPA, a "child" is anyone under 18. If you are a child resident in Kenya, Uganda, Tanzania, or Rwanda, you may use GENO Steps only with the consent of a parent or guardian, who may at any time request access, rectification, or deletion of your data via privacy@genoessence.com.
If you use GENO Steps from the European Union, the United Kingdom, the United States, or another jurisdiction with its own data-protection law, the protections described above are extended to you under your local law (EU GDPR, UK GDPR, CCPA / CPRA or equivalent). We rely on Standard Contractual Clauses for cross-border transfers to the United States, and we do not "sell" or "share" your personal information for cross-context behavioural advertising as those terms are defined under the CCPA / CPRA.
The App does not use third-party advertising SDKs, behavioural-tracking pixels, or session-recording tools.
We may update this Policy from time to time. The "Effective" date is updated whenever a new version is published. For material changes we will (1) show you the new policy inside the App and ask you to acknowledge it before continuing, and (2) email the address on your account in advance.
GENO Wellness Ltd. Nairobi, Kenya
This privacy policy is published in English. If you read it in another language and notice a discrepancy, the English version prevails.
Effective from the "Last updated" date shown at the top of this page.