Privacy Policy

Last updated: 11 March 2026. Effective immediately upon use.

1. Who We Are

This Privacy Policy is issued by Safariblocks Ltd ("we", "us", "our"), a company incorporated in Kenya, operating the Draimo AI platform and its services at draimo.com ("Service"). We are the data controller for personal data processed in connection with your use of the Service.

We are committed to protecting your privacy and processing your personal data lawfully, fairly, and transparently in accordance with Kenya's Data Protection Act, 2019 ("DPA 2019") and all other applicable law.

Contact our data protection point of contact at: hello@safariblocks.com

2. Data We Collect

We collect the following categories of personal data:

2.1 Account and Identity Data

  • Email address and name (provided at sign-up via Google OAuth or magic link)
  • A unique internal user identifier linked to your account
  • Profile picture (where provided by your Google account)

2.2 Chat and Interaction Data

  • Messages you send to and receive from the AI assistant
  • Conversation history stored locally on your device and transiently on our servers for response generation
  • Session engagement data used to improve the Service

2.3 Uploaded Content

  • Documents you upload for AI analysis (PDF, DOCX, PPT, images)
  • Text extracted from those documents, stored to enable follow-up questions and improve analysis quality
  • File metadata such as file name, type, size, and upload date
  • AI-generated analysis results associated with your uploads

2.4 Payment and Subscription Data

  • Subscription plan, credit balance, and transaction history
  • Phone number used for mobile money payments. We do not store card numbers; those are handled directly by our payment processor
  • Payment status and timestamps

2.5 Technical and Usage Data

  • IP address (used for rate limiting; not linked to your identity in our analytics)
  • Browser type and device type
  • Pages visited, features used, and session duration
  • Error logs and performance data

3. How We Use Your Data

We process your data on the following lawful bases under DPA 2019:

PurposeLawful Basis
Providing the AI servicesPerformance of contract (Terms of Service)
Processing payments and managing creditsPerformance of contract
Sending account notifications and balance alertsPerformance of contract / Legitimate interests
Improving AI accuracy and service qualityLegitimate interests (data minimised)
Security, fraud prevention, and rate limitingLegitimate interests / Legal obligation
Responding to your support queriesPerformance of contract / Legitimate interests
Complying with legal obligationsLegal obligation

4. Uploaded Documents

When you upload documents for AI analysis, they are handled as follows:

  • Transient processing: Your documents are transmitted to third-party AI processing providers solely to generate your analysis results. These providers operate under data processing agreements that prohibit them from using your content to train their own models.
  • Stored extracts: Text extracted from your documents is stored in our secure database to support follow-up questions within your session and to improve prediction quality over time. Extracted text is linked to your user account.
  • No redistribution: We will never share, sell, or publish your uploaded documents or extracted content to any third party for any purpose other than providing the Service.
  • Deletion: You may request deletion of your uploaded documents and extracted content at any time by contacting us at hello@safariblocks.com. We will process deletion requests within 30 days.

5. Sharing Your Data

We do not sell, rent, or trade your personal data. We share your data only with the following categories of recipients, strictly for the purposes described:

  • AI and cloud infrastructure providers: Third-party services that power AI response generation, document analysis, database hosting, and real-time features
  • Payment processing: A licensed payment provider that handles all financial transactions on our behalf
  • Push notifications: A third-party messaging service used for in-app notifications
  • Rate limiting: An infrastructure provider used for IP-based rate limiting only; no personal data is stored by them
  • Legal disclosure: We may disclose data where required by Kenyan law, court order, or government authority

All third-party processors are bound by data processing agreements requiring them to process your data only on our instructions and to maintain appropriate security standards.

6. Data Security

We implement the following technical and organisational security measures to protect your personal data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
  • Encryption at rest: Database content is encrypted at rest by our infrastructure providers.
  • Access controls: Access to personal data is restricted to authorised personnel only, on a need-to-know basis, enforced by role-based access controls.
  • Authentication: User accounts are secured via Google OAuth or cryptographically signed magic links. We do not store passwords.
  • Rate limiting and abuse prevention: We implement IP-based rate limiting to prevent unauthorised bulk access.
  • Incident response: We maintain procedures to detect, report, and investigate data breaches. In the event of a breach affecting your rights, we will notify you and, where required, the Office of the Data Protection Commissioner (ODPC) within the timeframes prescribed by DPA 2019.

No system is completely secure. While we take robust precautions, we cannot guarantee absolute security of data transmitted over the internet.

7. Data Retention

  • Account data: Retained for as long as your account is active and for up to 2 years after account closure for legal and audit purposes.
  • Chat messages: Stored locally on your device via browser storage. Server-side logs are retained for up to 90 days.
  • Uploaded documents and extracts: Retained for up to 12 months from last access, or until you request deletion.
  • Payment records: Retained for 7 years as required by Kenyan tax and financial regulations.
  • Technical logs: Retained for up to 90 days for security and performance monitoring.

8. Your Rights Under the Data Protection Act, 2019

As a data subject under Kenya's DPA 2019, you have the following rights. To exercise any of these rights, contact us athello@safariblocks.com. We will respond within 30 days.

  • Right of access (Section 26 DPA): You may request a copy of the personal data we hold about you.
  • Right to rectification (Section 27 DPA): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Section 38 DPA): You may request deletion of your personal data, subject to legal retention obligations.
  • Right to object (Section 35 DPA): You may object to processing of your data for legitimate interest purposes.
  • Right to restrict processing (Section 34 DPA): You may request that we limit how we use your data.
  • Right to data portability (Section 39 DPA): You may request your data in a machine-readable format.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with Kenya's Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.

9. Cookies and Local Storage

We use browser local storage (not third-party tracking cookies) to store your session history, authentication state, and UI preferences locally on your device. This data does not leave your device except as part of normal API requests. We do not use third-party advertising or tracking cookies.

Authentication sessions use secure cookies to maintain your login. You can clear these at any time by signing out or clearing your browser data.

10. Children's Privacy

The Service is intended for use by university students and adults aged 18 and above. We do not knowingly collect personal data from children under the age of 18 without verifiable parental consent. If you believe a minor has provided us with personal data, please contact us at hello@safariblocks.com and we will delete it promptly.

11. International Data Transfers

Some of our third-party providers process data in data centres outside Kenya, including in regions such as the United States, Asia, and the European Union. Where such transfers occur, we rely on appropriate safeguards including data processing agreements incorporating equivalent data protection standards.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you via email or a prominent notice on the platform at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact and Complaints

For any privacy-related questions, access requests, or complaints, please contact us:

Safariblocks Ltd

Nairobi, Kenya

Email: hello@safariblocks.com

If you are not satisfied with our response, you have the right to complain to Kenya's Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.