Kitsiso — BPC Load Shedding, Water & Road Alerts in Botswana

1. Introduction

Welcome to Kitsiso ("we," "our," or "us"). Kitsiso is a community notification platform that provides timely alerts about utility disruptions (water, electricity, road works) and facilitates community engagement through location-based forums in Botswana.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services via our website (kitsiso.co.bw), mobile applications, WhatsApp, SMS, and email.

2. Information We Collect

2.1 Information You Provide

Phone Number: Required for account creation and OTP verification
Location Preferences: Areas you want to receive disruption alerts for
Payment Information: Orange Money transaction details (we do not store payment card information)
Forum Posts: Content you share in community forums
Profile Information: Optional name, email address, and preferences

2.2 Automatically Collected Information

Device Information: Device type, operating system, browser type
IP Address: For security, fraud prevention, and analytics
Usage Data: Pages viewed, features used, time spent on platform
Engagement Metrics: When you click shared outage links (IP address, User-Agent, timestamp)
Cookies: Essential cookies for authentication and session management

2.3 Third-Party Information

Utility Disruption Data: Scraped from public sources (Water Utilities Corporation, Gaborone City Council, Botswana Power Corporation)
Social Media: If you share content via WhatsApp/social platforms

3. How We Use Your Information

We use your information to:

Deliver Notifications: Send SMS, WhatsApp, and email alerts about disruptions in your selected locations
Account Management: Authenticate users, manage subscriptions, process payments
Service Improvement: Analyze usage patterns, measure engagement, improve features
Community Safety: Moderate forum content, prevent abuse
Payment Processing: Process Orange Money subscription payments
Legal Compliance: Respond to legal requests, prevent fraud, enforce our terms

4. Legal Basis for Processing (GDPR/POPIA Compliance)

We process your personal data based on:

Consent: When you opt-in to receive notifications
Contract Performance: To provide services you subscribed to
Legitimate Interests: Service improvement, fraud prevention, security
Legal Obligations: Compliance with Botswana laws and regulations

5. Data Sharing and Third Parties

5.1 Service Providers

Amazon Web Services (AWS): Database hosting (RDS PostgreSQL), SMS delivery (SNS), email delivery (SES) - Data stored in AWS Cape Town (af-south-1) region
Meta Platforms (WhatsApp Business API): WhatsApp message delivery
Orange Botswana: Payment processing via Orange Money

5.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights and safety.

5.3 Third Parties We Do NOT Share With

We do not sell, rent, or trade your personal information to third parties for marketing purposes
We do not share your data with advertisers

6. Data Security

We implement industry-standard security measures:

Encryption: TLS/SSL for data in transit, AES-256 for data at rest
Authentication: JWT tokens, OTP verification, rate limiting
Access Controls: Role-based access, audit logs for admin actions
Database Security: AWS RDS with automated backups, encryption at rest
Password Security: Passwords hashed with bcrypt (we never store plaintext passwords)

7. Data Retention

Active Accounts: Data retained while your account is active
Inactive Accounts: Accounts inactive for 2 years may be automatically deleted
Payment Records: Retained for 7 years for tax and accounting purposes
Forum Posts: Retained indefinitely unless you request deletion
Audit Logs: Admin actions logged for 1 year

8. Your Rights

Under Botswana's Data Protection Act and GDPR (where applicable), you have the right to:

Access: Request a copy of your personal data
Correction: Update inaccurate or incomplete information
Deletion: Request deletion of your account and data ('right to be forgotten')
Objection: Opt-out of marketing communications
Data Portability: Receive your data in a machine-readable format
Withdraw Consent: Unsubscribe from notifications at any time

To exercise these rights, contact us at privacy@kitsiso.co.bw

9. Children's Privacy

Kitsiso is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you are a parent/guardian and believe your child has provided us with personal information, please contact us.

10. International Data Transfers

Your data is primarily stored in AWS Cape Town (South Africa) region. By using our service, you consent to the transfer of your information to South Africa and processing in accordance with this Privacy Policy.

11. Cookies and Tracking

We use essential cookies for:

Authentication: Maintaining your login session
Preferences: Remembering your location and notification settings
Security: Preventing CSRF attacks, rate limiting

We do not use third-party advertising cookies or tracking pixels.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

Email notification (for registered users)
In-app notification
Prominent notice on our website

Continued use of Kitsiso after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or concerns:

Email: privacy@kitsiso.co.bw

Mailing Address:

Kitsiso
P.O. Box [TBD]
Gaborone, Botswana

Data Protection Officer: Tumisang Mogotsi (dpo@kitsiso.co.bw)

14. Regulatory Authority

If you believe we have not addressed your privacy concerns adequately, you may lodge a complaint with:

Botswana Communications Regulatory Authority (BOCRA)

Private Bag 00495
Gaborone, Botswana
Tel: +267 395 7755
Email: info@bocra.org.bw

Version: 1.0 • Document ID: KTS-PRIVACY-2026-02-13

← Back to Home