Brand Assurance Brand Assurance CIP CIP ACCESS
Privacy & Data Use

Privacy Policy for Community Insurance Partners (CIP)

Version 2026.05.09

Data Request Contact Support

Privacy Policy for Community Insurance Partners (CIP)

Effective Date: May 9, 2026

Last Updated: May 9, 2026

1. Introduction

Brand Assurance Limited ("we," "us," or "our") is a licensed insurance intermediary in Kenya. We are committed to protecting the privacy of our Community Insurance Partners (CIPs). This policy governs the collection, use, and safeguarding of data for both individuals and legal entities participating in our digital insurance distribution network via our web portal and mobile application.

2. Information We Collect

To comply with Insurance Regulatory Authority (IRA) standards and Know Your Customer (KYC) requirements, we collect the following:

A. Personal & Entity Identification

  • For Individuals: Full name, date of birth, National ID or Passport details, and KRA PIN.
  • For Entities: Business name, Certificate of Incorporation or Registration, and company KRA PIN.
  • Contact Details: Phone numbers, email addresses, and physical or operating addresses.

B. Financial & Payout Data

  • Payment Credentials: M-Pesa-ready mobile numbers for commission settlements.
  • Tax Compliance: KRA tax compliance status and related documentation.

C. Technical & App Data

  • Authentication Data: Usernames, passwords, and One-Time Password (OTP) logs.
  • Images: Vehicle photos and documentation captured via the app for valuation and underwriting.
  • Location Data: Precise geolocation of the CIP branch or operating point to support Find a CIP features for customers.
  • Device Identifiers: Device ID, IP address, and crash logs for security and performance monitoring.

3. How We Use Your Information

We process your data under the legal basis of contractual necessity and legal obligation.

  • Verification: To vet and onboard you as an authorized insurance distributor.
  • Operations: To issue insurance covers, process Mdogo-Mdogo installments, and manage payouts.
  • Compliance: To meet Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations.
  • Support: To provide technical assistance and service updates via SMS or email.

4. Data Sharing & Disclosure

We share data only with essential third parties.

  • Underwriters: Registered insurance companies that provide the actual risk cover.
  • Regulators: The Insurance Regulatory Authority (IRA) and Kenya Revenue Authority (KRA).
  • Service Providers: Payment gateways, M-Pesa/Safaricom, and cloud hosting services.
  • Law Enforcement: When required by a valid legal order.

Note: We strictly do not sell or rent CIP data to third parties for marketing purposes.

5. Data Security & Storage

  • Encryption: All data is encrypted in transit using TLS and at rest in secure databases.
  • Access Control: Only authorized Brand Assurance staff can access sensitive KYC documents.
  • App Security: Secure authentication protocols help prevent unauthorized dashboard access.

6. Data Retention & Deletion

  • Active Account: Data is retained for the duration of your partnership.
  • Statutory Retention: Transaction records and KYC documents are retained for a minimum of seven (7) years post-termination for audit and regulatory purposes.
  • Account Deletion: You may request account deletion. Your active profile may be removed, while statutory records are archived as required by law.

7. Your Rights

Under the Kenya Data Protection Act, you have the right to:

  1. Access your personal or entity data.
  2. Correct inaccurate or incomplete information.
  3. Withdraw consent for non-essential processing.
  4. Request deletion of your data, subject to regulatory retention limits.

8. Data Deletion & Support URL

For data-related requests or account closure, visit https://brandassurance.co.ke/cip/support.

9. Contact Us

Data Protection Officer
Brand Assurance
Valley View Office Park, Nairobi, Kenya
Email: hello@brandassurance.co.ke
Phone: 0777 443 733