Privacy Policy

Last updated: April 10, 2026

1. Introduction

Service Point ("we", "us", or "our") operates the servicepoint.business platform. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our field service management, humanitarian operations, and emergency response platform.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, organisation name, and role.

Usage Data

We automatically collect information about how you interact with the platform, including pages visited, features used, and device information.

Location Data

With your consent, we collect GPS location data from field agents for job routing, dispatch, and incident response. Location data is only collected while the app is actively being used for work.

Health & Patient Data (Emergency Services)

For emergency service organisations, patient data is collected during incident response and transmitted via HL7 FHIR R4 bundles in compliance with the Kenya Digital Health Act. Patient data is processed solely for emergency care and hospital handoff purposes.

3. How We Use Your Information

  • To provide and maintain the Service Point platform
  • To process job dispatch, aid distribution, and incident management
  • To facilitate hospital patient data handoffs (FHIR R4)
  • To send transactional notifications (SMS, email)
  • To generate reports and analytics for your organisation
  • To improve our platform and develop new features

4. Data Storage & Security

Your data is stored on DigitalOcean managed databases with encryption at rest and in transit. We use HTTP-only secure cookies for session management and bcrypt for password hashing. File uploads are stored on DigitalOcean Spaces with access controls.

5. Data Sharing

We do not sell your personal data. We share data only in these circumstances:

  • With hospital facilities during emergency patient transfers (FHIR bundles)
  • With payment processors (M-Pesa, PayPal) to process your payments
  • When required by law or to protect safety

6. Multi-Tenancy & Data Isolation

Service Point is a multi-tenant platform. All data is isolated by organisation ID. Your organisation's data is never accessible to other tenants.

7. Data Retention

We retain your data for as long as your account is active. If your organisation terminates its subscription, data is retained for 30 days before permanent deletion. You may request earlier deletion by contacting us.

8. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a standard format
  • Withdraw consent for location tracking at any time

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

10. Contact Us

For privacy-related inquiries, contact us at [email protected] or through our contact page.