1. Who We Are & Scope of This Policy
This Data Protection & Privacy Statement applies to:
– E4Impact Entrepreneurship Center Kenya
– E4Impact Foundation

It covers the following web applications and online properties:
– e4impactkenya.org
– e4iportal.org (E4Impact Portal)
– Other related web properties and integration’s.

We commit to full compliance with the Kenya Data Protection Act, 2019 (DPA).

2. What Data We Collect Across E4Impact Web Applications

2.1 Identity & Contact Information
We collect name, email, phone, organization, and related profile details for program delivery, onboarding, and communication.

2.2 Authentication & Google OAuth Data
We use Google OAuth for login on e4iportal.org. This allows secure authentication without storing passwords. We collect only the minimum required profile information.

2.3 Program, Application & Learning Data
This includes application forms, CVs, business plans, pitch decks, cohort data, course usage, and mentorship records. Data is stored securely with role-based access.

2.4 Funding & Finance Data
Used for disbursement management and validation. Access is highly restricted and protected through enhanced workflows.

2.5 Technical & Usage Data
We collect IP address, device type, browser information, session logs, and error logs for analytics, performance improvement, and security.

2.6 Cookies & Embedded Content
Cookies are used primarily for session management and system functionality. Embedded content may behave like the external site it originates from.

3. Why & How E4Impact Processes Data

3.1 Account Management & Authentication
We use secure session tokens, Google OAuth authentication, and role-based access control to protect accounts.

3.2 Secure Development & Infrastructure
We apply secure coding, vulnerability scanning, cloud security, private storage buckets, and ongoing monitoring.

3.3 Protection Against Data Leaks & Common Web Threats
We guard against brute-force attacks, malware uploads, data leakage, and abuses of community/forums/venturing modules through layered security.

3.4 Data Retention & Deletion
Data is retained only as long as necessary and is anonymized or securely deleted when no longer needed.

4. Legal Bases for Processing
We rely on consent, legitimate interests, contract performance, and legal obligations.

5. Data Sharing & International Transfers
Data is shared only with authorized mentors, partners, evaluators, and service providers under strict agreements. International transfers follow DPA safeguards.

6. Your Rights as an E4Impact Data Subject
You have rights to access, correct, delete, restrict processing, object, withdraw consent, and request portability.

7. Breach Response & Compliance
We maintain breach detection procedures and follow ODPC notification requirements where necessary.

8. Contact Information
E4Impact Foundation / E4Impact Entrepreneurship Center Kenya
Email: info@e4impact.org
Phone: +254 712 526952
Website: https://www.e4impactkenya.org