FuturaptBeta

Privacy Policy

Last updated: May 2026

1. Introduction

Futurapt Limited (“we”, “our”, or “us”) is a company registered in Nairobi, Kenya. We operate the Futurapt career guidance platform (the “Platform”), accessible at futurapt.com and through our mobile applications.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information in compliance with the Kenya Data Protection Act, 2019 (“DPA”), the Office of the Data Protection Commissioner (“ODPC”) guidelines, and applicable regulations. It applies to all users of our Platform, including students, graduates, and visitors.

By accessing or using the Platform, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Platform. This policy is effective as of April 2026 and applies to all information collected thereafter.

2. Information We Collect

We collect information in the following categories:

  • Personal Information: Name, email address, phone number (optional), date of birth, and gender.
  • Educational Information: Current or prospective courses, university preferences, KCSE scores (if provided), academic interests, and career aspirations.
  • Assessment Data: Self-discovery assessment responses, personality profile results, aptitude scores, and AI-generated career compatibility analyses.
  • Usage Data: Pages visited, features used, time spent on the Platform, click patterns, device information (browser type, operating system, screen resolution), and IP address.
  • Communication Data: Chat transcripts with our AI Career Coach, feedback submissions, support requests, and newsletter subscription preferences.
  • Cookies and Tracking Data: See Section 4 for details on how we use cookies and similar technologies.

3. How We Use Your Information

We use your information for the following purposes:

  • Provide personalized career recommendations and course matching
  • Generate AI-powered self-discovery assessments and career compatibility scores
  • Deliver AI risk assessments for specific career paths
  • Display relevant university information, hiring data, and salary benchmarks
  • Operate and maintain the AI Career Coach conversational feature
  • Improve our AI models, assessments, and overall Platform experience
  • Analyze aggregate usage patterns to enhance features and content
  • Send relevant updates, newsletters, and career insights (with your consent)
  • Protect against fraud, abuse, and unauthorized access
  • Comply with legal obligations and enforce our Terms of Service

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on the Platform. Cookies are small data files stored on your device.

Types of cookies we use:

  • Essential cookies: Required for the Platform to function (authentication, session management, security).
  • Functional cookies: Remember your preferences (theme, language, saved courses and careers).
  • Analytics cookies: Help us understand how you use the Platform (page views, feature usage, navigation paths).

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality. Third-party services (such as analytics providers) may also set cookies subject to their own privacy policies.

5. Information Sharing and Third Parties

We do not sell your personal information. We may share data with:

  • Partner universities: With your explicit consent, for application support and enrollment services.
  • Service providers: Cloud hosting, email delivery, and analytics partners who assist in Platform operations under data processing agreements.
  • Legal authorities: When required by Kenyan law, court order, or regulatory request from the ODPC.
  • Academic researchers: Anonymized and aggregated data for educational research, with no personally identifiable information.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.
  • AI model training: Aggregated, anonymized usage data may be used to improve our recommendation algorithms.

All third-party processors are bound by data processing agreements that require compliance with the Kenya DPA and maintain equivalent security standards.

6. Data Retention

We retain your personal information only as long as necessary:

  • Account data: Retained while your account is active and for 2 years after deletion for audit purposes.
  • Assessment data: Retained for the duration of your account to provide consistent recommendations.
  • Chat transcripts: Retained for 1 year for quality improvement, then anonymized.
  • Usage analytics: Aggregated within 90 days; individual records deleted after 1 year.
  • Marketing data: Retained until you unsubscribe or delete your account.

Upon written request, we will delete your personal information within 30 days, except where retention is required by law. Backup copies are purged within 90 days of deletion.

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.
  • Access controls: Role-based access with multi-factor authentication for administrative systems.
  • Regular audits: Quarterly security assessments and annual penetration testing by independent firms.
  • Breach notification: In the event of a data breach, we will notify affected users and the ODPC within 72 hours, as required by the Kenya DPA 2019.

While we strive to protect your information, no system is completely secure. We encourage you to use strong passwords and not share your account credentials.

8. Your Rights Under Kenya DPA 2019

Under the Kenya Data Protection Act, 2019, you have the following rights:

  • Right of access: Request a copy of your personal data held by Futurapt.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to deletion: Request erasure of your personal data, subject to legal retention requirements.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to restrict processing: Limit how we process your data in certain circumstances.
  • Right to object: Object to processing of your data for direct marketing or profiling.
  • Right not to be subject to automated decision-making: Request human review of AI-generated assessments that produce legal or similarly significant effects.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact our Data Protection Officer at privacy@futurapt.com. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.

9. International Data Transfers

Futurapt is headquartered in Kenya and primarily stores data within the East African region. However, some of our service providers (cloud hosting, analytics) may process data outside Kenya.

In accordance with the Kenya DPA 2019, we ensure that international transfers are made only to countries with adequate data protection laws or under appropriate safeguards, including:

  • Standard contractual clauses approved by the ODPC
  • Data processing agreements with equivalent security standards
  • Explicit consent where required for the transfer

You will be notified of any material changes to where your data is processed.

10. Children’s Privacy

Futurapt is designed for users aged 16 and above, including students, graduates, and working professionals. We do not knowingly collect personal information from children under 16.

Users aged 16-17 may use the Platform with parental or guardian consent. By allowing a minor to use the Platform, the parent or guardian consents to the collection and use of the minor’s information as described in this policy.

If we discover that we have collected personal data from a child under 16, we will promptly delete it. Contact us at privacy@futurapt.com if you believe a child’s data has been collected.

11. AI-Generated Content and Profiling

Futurapt uses artificial intelligence and machine learning models to generate career recommendations, risk assessments, and self-discovery profiles. Important disclosures:

  • AI-generated outputs are probabilistic in nature and should not be treated as definitive professional advice.
  • We conduct regular bias audits of our AI models to identify and mitigate discriminatory outcomes across gender, ethnicity, socioeconomic status, and disability.
  • You have the right to request human review of any AI-generated assessment that produces a decision about your career recommendations.
  • Assessment data used for profiling is retained only as long as your account is active and is not used for automated decision-making without your explicit consent.

12. Marketing Communications

With your consent, we may send you marketing communications including career insights, industry trends, and Platform updates.

  • Opt-in: Marketing emails are sent only to users who have explicitly subscribed via our newsletter form or account settings.
  • Unsubscribe: Every marketing email includes a one-click unsubscribe link. Processing takes up to 48 hours.
  • Transactional emails: Account verification, password reset, and service-related emails are not marketing and cannot be unsubscribed from.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

  • Material changes will be communicated at least 14 days before they take effect via email and Platform notification.
  • The “Last updated” date at the top of this page will always reflect the most recent revision.
  • Continued use of the Platform after changes take effect constitutes acceptance of the revised policy.
  • Previous versions of this policy are available upon request.

14. Contact Us

For questions or concerns about this Privacy Policy or your data, contact our Data Protection Officer:

We aim to respond to all privacy inquiries within 30 days of receipt. Urgent data breach concerns will be addressed within 72 hours.

Command Palette

Search for a command to run...