Privacy Policy
Orion X Limited (trading as "OrionX")
Registered office: Plot 140 Unit 2, Kgale Mews, Gaborone, Botswana
Last updated: 4 June 2026
1. Introduction
Orion X Limited, trading as OrionX ("OrionX", "we", "our", or "us"), provides Uhuru AI and related services. We are the data controller responsible for the personal data described in this Privacy Policy. This Policy explains what personal data we collect, why and how we use it, the lawful bases we rely on, with whom we share it, how long we keep it, where we transfer it, and the rights and choices available to you.
This Policy applies to all personal data we process through every channel: our websites and web, mobile, and desktop applications; our WhatsApp, SMS, and voice channels; our APIs and integrations; and our email and support interactions (collectively, the "Services"). It governs information about users, prospective users, business contacts, and visitors ("you").
This Policy should be read together with our Terms and Conditions. Capitalised terms that are not defined in this Policy (including "Services", "User Content", and "Output") have the meaning given to them in the Terms and Conditions.
2. Who We Are and How to Reach Us
The controller is Orion X Limited, trading as OrionX, of Plot 140 Unit 2, Kgale Mews, Gaborone, Botswana. For any privacy question, request, or complaint, contact [email protected]. For legal or contractual matters, contact [email protected]. Our backend platform is referred to throughout as "Uhuru Cloud".
3. Governing Data-Protection Framework
We process personal data in accordance with the Botswana Data Protection Act, Act No. 18 of 2024 (in force from 14 January 2025), as overseen by the Information and Data Protection Commission, and in accordance with the data-protection laws of the other territories in which our users are located, including the Protection of Personal Information Act 4 of 2013 ("POPIA") in South Africa and the EU/UK General Data Protection Regulation ("GDPR") for users in the European Economic Area and the United Kingdom. We apply the principles of lawfulness, fairness, transparency, purpose specification, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. Section 14 (Regional Provisions) sets out the additional rights that apply to users protected by POPIA and the GDPR.
4. Definitions
- "Personal data" means any information relating to an identified or identifiable natural person, including direct identifiers (such as name, email, and phone number) and indirect identifiers (such as device identifiers, IP address, and usage patterns).
- "Special-category data" (also called sensitive personal data) means personal data revealing health, and other categories given heightened protection by law. The Services process health data through Uhuru Health and the Diagnose features; this is treated as special-category data and processed only on the heightened bases in Section 7.
- "Processing" means any operation performed on personal data, including collection, recording, storage, use, analysis, disclosure, transfer, retention, anonymisation, and deletion.
- "Pseudonymised data" means data that has been processed so that it can no longer be attributed to you without additional information kept separately. Pseudonymised data remains personal data and stays subject to this Policy and to data-protection law; we process it on the basis of our legitimate interests with appropriate safeguards.
- "De-identified / anonymised / aggregated data" means data from which direct and indirect identifiers have been removed or irreversibly transformed so that it can no longer reasonably be linked to you, by us or by anyone else, by any means reasonably likely to be used. Once data is irreversibly anonymised it falls outside the definition of personal data, and this Policy's restrictions on personal data no longer apply to it.
5. Personal Data We Collect
We collect the following categories of personal data. These categories reflect how the Services actually work.
5.1 Account and identity data. Email address, phone number (including in E.164 format for WhatsApp, SMS, and voice linkage), unique user identifier, display name, authentication credentials, subscription tier, team or staff role, and account status.
5.2 Profile, subscription, and usage-limit data. Subscription start and end dates, daily message counts, last-active timestamps, customer reference held with our third-party payment processor, and rate-limit and quota counters.
5.3 Chat conversations and messages. Conversation identifiers, the content of the messages you send and the responses generated, message roles and timestamps, model version used, delivery status, and reasoning metadata, across both the web platform and the WhatsApp and SMS channels.
5.4 WhatsApp, SMS, and channel-integration data. Phone numbers, channel user identifiers, message bodies and any media you share, message identifiers and direction, delivery status, session tokens, conversation history, daily usage counters, and persisted user context and preferences, enabling continuity across channels.
5.5 Voice data. Voice-session identifiers, start and end times, duration, session status and error information, language preference, and audio-quality and microphone/speaker settings. Voice usage is metered in time against your tier allowance.
5.6 Files, documents, and productivity data. File names, types, sizes, storage paths, tags and metadata, extracted text and content previews, documents and spreadsheets you create (including cell data and formulas), version history, file-preview and view-tracking data, and share-link records (including share codes, expiry, download counts, and password-protection flags).
5.7 Behavioural and interaction analytics. Page views, route changes, clicks, scrolls, hovers, form interactions, feature first-use and adoption, AI-model selections, prompt submissions, file uploads, error encounters, and performance metrics, across many event categories.
5.8 AI-interaction and model-usage data. Model selected, prompt and response lengths, response times, regenerate requests, feedback signals, and token-usage counts.
5.9 Memory and personalisation data. Facts, preferences, instructions, and contextual information that the Services derive from your conversations to remember relevant context and personalise your experience, together with your associated memory settings.
5.10 Session, device, and technical data. Session identifiers and durations, pages and features used, entry and exit pages, referrer and campaign (UTM) parameters, device type, browser and operating-system details, screen and viewport dimensions, and touch/mobile indicators.
5.11 Contacts and connected-account data. Where you choose to connect them: contacts (names, emails, phone numbers, groups) and email/calendar and other third-party integration connections, including the provider, account identifiers, and scopes you grant. Access and refresh tokens for connected accounts are encrypted and never exposed to your client.
5.12 Payment and subscription data. Payment amounts, currencies, and status; subscription status and periods; the payment-method brand and the last four digits of your card; and references held with our third-party payment processor. We do not store full payment-card numbers.
5.13 Special-category health data (Uhuru Health and the Diagnose features). Where you choose to use the health features, and subject to your explicit consent (Section 7), we process: health dependents (names, dates of birth, sex, relationship), examination sessions and modules (including skin, eye, throat, tongue, heart-rate, respiratory-rate, wound, and growth assessments), examination images and frames, AI guidance and summaries, vitals and measurements, medical images, laboratory results, medications and adherence records, chronic-condition records, health QR grants for selective disclosure to pharmacies or providers, and location data used to locate participating pharmacies. Where you opt in to anonymous symptom reporting, those submissions carry no identifier linking them to you. We use identifiable health data to train our models only with your separate, explicit, withdrawable opt-in consent; separately, we may use irreversibly de-identified and aggregated health data — which is not personal data — to build Africa-focused health capabilities (see Section 7.7).
5.14 Feedback and satisfaction data. Documents and inputs you submit for feedback analysis, and the resulting assessments and status.
5.15 Security, performance, and operational data. API endpoints and response times, status and error codes, IP addresses (including for rate-limiting and abuse-prevention), request counts, and system and error logs.
5.16 Administrative and analytics aggregates. Aggregated platform metrics — such as counts of new, active, and returning users, conversations, messages, files, and retention — used for business intelligence and platform administration.
5.17 Consent and preference records. Your privacy and health-consent choices, including acceptance status, any health-consent signature, and the time of acceptance.
We may also collect data you provide when you contact support, respond to surveys, or participate in promotions, and limited publicly available or partner-provided business-contact data for prospective business users.
6. How We Collect Personal Data
We collect personal data: (a) directly from you when you register, communicate with us, submit User Content, or use a feature; (b) automatically through cookies, SDKs, log files, and telemetry as you use the Services; and (c) from third parties, such as connected accounts you authorise, our cloud-infrastructure and communications providers, our third-party payment processor, and partners, in each case to the extent permitted by law.
7. Purposes and Lawful Bases for Processing
We process personal data only where we have a lawful basis. We rely on the following bases, and the paragraphs below explain the levers we pull and the basis for each.
7.1 To provide and operate the Services — lawful basis: performance of a contract. Creating and maintaining your account; authenticating you; delivering chat, WhatsApp, SMS, voice, files, documents, memory, and other features you request; linking your channels; enforcing usage limits; and providing support. Because this processing is necessary to deliver the Services you have signed up for, it does not depend on consent, and consent for it would not be valid where the processing is contract-necessary.
7.2 To secure the Services and prevent fraud and abuse — lawful basis: legitimate interests, and where applicable legal obligation. Detecting and preventing fraud, abuse, malicious traffic, and unauthorised access; enforcing our Terms; investigating incidents; and protecting users, OrionX, and third parties. Our legitimate interest is in the security, integrity, and continued availability of the Services.
7.3 To analyse, personalise, and improve the Services — lawful basis: legitimate interests. Product and usage analytics; behavioural profiling to understand engagement and feature adoption; personalising your experience and the Output you receive (including through the memory and personalisation features); A/B testing; and improving performance, quality, and safety. We balance these interests against your rights and apply safeguards, including de-identification wherever practicable. You may object to processing based on legitimate interests as described in Section 12.
7.4 To develop and improve our AI models — lawful basis: legitimate interests (with an opt-out), and consent where the law requires it. We develop, train, fine-tune, evaluate, and improve our artificial-intelligence models and build new features and products.
- De-identified and aggregated data. We use irreversibly de-identified and aggregated data derived from your use of the Services for these purposes. Because such data is not personal data, this use sits outside data-protection restrictions.
- Identifiable User Content (prompts, conversations, and files). We also train and fine-tune our models on identifiable User Content. We do this on the basis of OrionX's legitimate interests in building and improving Africa-focused AI capabilities, balanced against your rights and with safeguards applied. You can opt out at any time in your account settings or by contacting [email protected]; once you opt out we stop using your identifiable User Content for model training (this does not affect training already carried out or models already trained). If you are protected by the GDPR/UK GDPR (EEA/UK), this processing instead rests on the basis set out in Section 14.2, and we will not train on your identifiable User Content except in accordance with that carve-out.
7.5 To process payments and manage subscriptions — lawful basis: performance of a contract, and legal obligation. Billing, subscription management, and the financial record-keeping required by law.
7.6 To communicate with you — lawful basis: performance of a contract, legitimate interests, and consent for marketing. We send service, security, and transactional messages, which are necessary to provide the Services. For marketing:
- New prospects. We send marketing only where you have opted in. If you decline or do not respond to a request, we treat that as a refusal and send no further marketing.
- Existing customers. We may send you marketing about OrionX's own (or the OrionX group's) similar products and services. We give you a simple way to opt out at the point we collect your details and in every marketing message.
An objection to direct marketing is honoured immediately and permanently. You can opt out of marketing at any time.
7.7 To process special-category health data — lawful basis: explicit, informed, granular, and withdrawable consent. We process health data through Uhuru Health and the Diagnose features only where you have given explicit, informed, granular consent through the health-consent flow, and we apply heightened safeguards (access controls, encryption, and selective-disclosure controls). You may withdraw health consent at any time, after which we stop further processing of that data except where retention is legally required. Where health features are used in relation to a dependent or minor, we process that person's health data only on the explicit, recorded consent of the responsible adult given specifically for that dependent.
We use identifiable health data to train or fine-tune our models only with your separate, explicit, withdrawable opt-in consent given for that purpose. In addition, OrionX reserves the right to use irreversibly de-identified and aggregated health data — which is not personal data and cannot reasonably be linked back to you — to build and improve Africa-focused health capabilities, for any lawful purpose.
7.8 To comply with law and protect vital interests — lawful basis: legal obligation and vital interests. Meeting legal, regulatory, tax, and audit obligations; responding to lawful requests from competent authorities; and, in rare emergencies, disclosing limited data to prevent serious harm to any person.
7.9 For corporate transactions — lawful basis: legitimate interests. Evaluating, negotiating, and completing a merger, acquisition, financing, reorganisation, or sale of assets, subject to confidentiality and data-protection safeguards.
Where we rely on consent (including for identifiable health-data training and special-category processing), you may withdraw it at any time without affecting the lawfulness of prior processing. We do not bundle non-essential processing into the contract; non-essential purposes rest on a separate, genuine basis.
8. Sharing and Disclosure
We do not "sell" your personal data within the meaning of applicable data-protection and consumer-privacy law, and we do not engage in cross-context behavioural advertising. We share personal data only as follows:
- Service providers (processors). We use carefully selected third-party providers acting on our documented instructions under written data-processing terms, including cloud infrastructure and communications providers, third-party payment processors, analytics and logging providers, and security and support providers. They may process personal data only to provide services to us and must protect it.
- Connected services you authorise. Where you connect a third-party account or use an integration, we share the data necessary to provide that integration.
- Within the OrionX group. With our affiliates for unified operations, security, and administration, under appropriate safeguards.
- Legal and protective disclosures. To comply with law, lawful requests, court orders, or regulatory obligations, and to protect the rights, safety, and property of OrionX, our users, or others. We will notify you where we are legally able to do so.
- Corporate transactions. As part of a merger, acquisition, financing, reorganisation, or sale of assets, with notice to affected users where required.
De-identified and aggregated data. Irreversibly de-identified and aggregated data is not personal data and falls outside the restrictions in this Policy. OrionX expressly reserves the right to use, license, sell, and otherwise commercialise such de-identified and aggregated data for any lawful purpose, including building data products, insights, benchmarks, and reports, and including in connection with our AI models. Because this data is not personal data and cannot reasonably be re-linked to you, this does not constitute a "sale" of personal data and does not reduce your rights over your personal data.
A current list of the categories of our sub-processors is available on request and, where required, through our published sub-processor information. We refer to our suppliers by category rather than name.
9. International Data Transfers
OrionX is committed to keeping African user data on infrastructure within the home region by default. Where personal data is transferred outside Botswana — for example, to cloud infrastructure or communications providers operating in other territories — we rely on one or more of the following lawful transfer mechanisms: (a) transfer to a country recognised as providing adequate protection under the Botswana Transfer of Personal Data Order, 2022 (which includes the EU/EEA, the United Kingdom, South Africa, and others); (b) approved standard contractual clauses or binding corporate rules; or (c) an applicable statutory derogation, including your explicit consent or the necessity of the transfer to perform our contract with you. Where the applicable law requires a copy of transferred personal data to remain within Botswana, we maintain such a copy. For special-category and children's data, we apply any additional authorisations the law requires before transfer to a non-adequate country, including, where the transfer is from South Africa, any prior authorisation required under section 57 of POPIA.
10. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including providing the Services, account continuity, security and fraud-prevention, and dispute resolution, and to meet legal, tax, and audit obligations. We do not extend the retention of identifiable data solely in order to improve the Services. When identifiable data is no longer needed for an active purpose, we either delete it or irreversibly anonymise it; irreversibly anonymised and aggregated data, which is not personal data, may be retained indefinitely.
Indicative retention periods (which we may adjust to meet legal or operational needs, and which remain under counsel review) include:
- Account and billing records: kept for the period required by Botswana tax and financial-audit law (specific number of years to be confirmed by counsel).
- Security and operational logs: kept for a rolling period sufficient for investigation, typically several months.
- Conversation and content records: identifiable conversation and content records are typically retained for up to several years, or until a bounded period after account closure or your last activity (exact window to be confirmed by counsel), after which the identifiable records are deleted or irreversibly anonymised.
- Health data: retained for the period necessary to provide the health features and to maintain your health record, subject to your consent and any legal requirement.
11. Cookies and Similar Technologies
We use cookies and similar technologies (such as local storage, SDKs, and pixels) to operate the Services, remember your preferences and sessions, measure performance and engagement, secure the platform, and, where you consent, support marketing and measurement. You can manage non-essential cookies through our consent controls and your browser or device settings; refusing non-essential cookies may affect some features. We honour recognised opt-out and "do not track" signals where required by law.
12. Your Rights and Choices
Subject to the conditions and exceptions in applicable law, you have the right to:
- be informed about how we process your personal data (this Policy);
- access the personal data we hold about you and obtain a copy, together with information about how it is processed and to whom it has been disclosed;
- rectify inaccurate or incomplete data;
- erase your data ("right to be forgotten"), where there is no overriding lawful ground to retain it;
- restrict processing in defined circumstances;
- object to processing based on legitimate interests on grounds relating to your situation — including the use of your identifiable User Content to train our models, which you can opt out of at any time — and to object to direct marketing at any time, which we will always honour immediately and permanently;
- withdraw consent at any time where we rely on consent, including for identifiable health-data model-training and other health processing, without affecting prior lawful processing;
- data portability — receive certain data you provided in a structured, commonly used, machine-readable format;
- be protected against solely automated decisions that produce legal or similarly significant effects, including the right to obtain human review, express your view, and contest the decision (see Section 13); and
- lodge a complaint with the Information and Data Protection Commission or with the supervisory authority in your territory.
To exercise your rights, contact [email protected] or use your account controls where available. We will verify your identity and respond within the period required by applicable law. These statutory rights cannot be waived, and no term of our Terms or this Policy — including any intellectual-property licence — limits or overrides them in relation to your personal data.
13. Automated Decision-Making and Profiling
We use automated processing and profiling to personalise your experience, recommend features, meter usage, detect fraud and abuse, and prioritise improvements. In some cases — such as automatically flagging, suspending, or terminating an account for security or abuse reasons — a decision with a legal or similarly significant effect on you may be made solely by automated means. Where that happens, you may obtain human review of the decision, express your point of view, contest the decision, and obtain an explanation of the main factors involved. This applies regardless of your territory, and the related suspension and termination provisions in our Terms and Conditions cross-reference this right.
14. Regional Provisions (POPIA and GDPR Floor)
This section grants the additional, non-waivable rights that the law of certain territories requires. It tops up — and never reduces — the rights set out above.
14.1 South Africa (POPIA). If you are in South Africa, the controller acts as the "responsible party". We process your ordinary personal information on the grounds in section 11 of POPIA (principally contract necessity and legitimate interest, with consent for optional purposes such as direct marketing to new prospects, and with an opt-out available for identifiable model-training). We process your special personal information, including health data, under the authorisations in sections 26–27 of POPIA — principally your explicit consent. We apply minimality, purpose specification, and retention-limitation as binding conditions. You have the rights of access, correction, deletion, objection (including to direct marketing), and withdrawal of consent, and the right not to be subject to certain solely automated decisions, and you may complain to the Information Regulator (South Africa). Cross-border transfers comply with section 72 of POPIA, and we obtain any prior authorisation required (including under section 57) before transferring special personal information or children's information to a non-adequate country.
14.2 European Economic Area and United Kingdom (GDPR). If you are in the EEA or the UK, you have the rights described in Section 12 as they appear in the GDPR/UK GDPR, exercisable against OrionX as controller. Our lawful bases are Article 6 contract, legitimate interests, legal obligation, and consent. For the use of your identifiable User Content to train our models, we rely on Article 6(1)(a) consent or, where we instead rely on legitimate interests, we give you a clear and unconditional right to opt out before any such use; we will not use your identifiable User Content for model training where you have objected or have not given any required consent. Special-category (health) data is processed under Article 9(2)(a) explicit consent. Transfers outside the EEA/UK rely on an adequacy decision, standard contractual clauses or the UK International Data Transfer Agreement, or an applicable derogation. You may lodge a complaint with your local supervisory authority. Where a non-waivable local right exceeds anything in this Policy, that local right prevails for you.
14.3 Other territories. For users elsewhere, the global baseline in this Policy applies, supplemented by any additional non-waivable rights granted by the law of your place of residence.
15. Children's Privacy
The minimum age to use the Services on your own behalf is 18. A person who is 16 or 17 may use the Services only where a parent or legal guardian has given verifiable consent that OrionX has obtained and recorded, and who agrees to our Terms on the young person's behalf. We do not create or knowingly permit accounts for anyone under 16, and we do not knowingly process the personal data of a child under 16. Where the health features (Uhuru Health and the Diagnose features) are used in relation to a dependent or minor, we process that person's health data only on the explicit, recorded consent of the responsible adult given specifically for that dependent. These age rules are identical to those in our Terms and Conditions. If we learn that we have collected a child's data without the required consent, we will delete it. A parent or guardian may contact [email protected].
16. Security
We implement appropriate technical and organisational measures to protect personal data, including encryption of data in transit and at rest, encryption of connected-account tokens, role-based access controls and least-privilege access, row-level data isolation so that users can access only their own data, hashing of sensitive secrets such as health-QR PINs, multi-factor authentication for staff, logging and monitoring, and incident response. No system is perfectly secure, and we cannot guarantee absolute security.
17. Data-Breach Notification
If a personal-data breach occurs that is likely to result in a risk to your rights, we will notify the Information and Data Protection Commission, and any other regulator with jurisdiction, without undue delay and, in any event, within 72 hours of becoming aware of a notifiable breach. Where the breach is likely to result in a high risk to affected users, we will also notify those users without undue delay, in each case as required by applicable law.
18. Changes to This Policy
We may update this Policy from time to time. Where a change is material, we will provide reasonable notice (for example, by posting the updated Policy with a new "Last updated" date or by in-product or email notice). Your continued use of the Services after the change takes effect constitutes acceptance, except where a change would materially expand the processing of your personal data or where the law requires fresh consent, in which case we will obtain the required consent before the change applies to you.
19. Contact
Orion X Limited (trading as OrionX)
Plot 140 Unit 2, Kgale Mews, Gaborone, Botswana
Privacy: [email protected]
Legal and contractual matters: [email protected]
Support: [email protected]
Last updated: 4 June 2026