Muranga OS
Built in Johannesburg
Privacy Policy

Privacy Policy

Legal documents are reviewed by external counsel and refresh as the platform evolves.

Effective date: 2026-05-01 · Kioo Africa (Pty) Ltd

Who we are

Muranga OS is operated by Kioo Africa (Pty) Ltd, registered in the Republic of South Africa. We build a multi-tenant Nature-Tech Operating System that bridges Indigenous Knowledge Systems (IKS) with corporate ESG infrastructure. Our platform processes data on behalf of corporate tenants, traditional healers, and field agents across the SADC region. All data is stored in the Johannesburg, South Africa data centre operated by Vultr (Constant Contact Group LLC) under a contractual data-residency commitment to the jnb1 region.

Information Officer

Kioo Africa has appointed an Information Officer as required by POPIA Section 55. The Information Officer is responsible for ensuring compliance with this policy and the Act. Contact: privacy@muranga.earth. Registration reference: pending — will publish here upon confirmation from the Information Regulator (www.justice.gov.za/inforeg).

What personal information we process

We process personal information in the following categories: (1) Corporate tenant users — name, work email address, employer name, authentication credentials (passkey public keys only; private keys never leave your device). (2) Traditional healers — display name, region, mobile number used as a wallet reference for royalty disbursements, Indigenous Knowledge contributions (text and audio recordings voluntarily submitted), and a signed consent reference. (3) Field agents — device authentication token, field observation records, GPS coordinates of IoT sensor locations. (4) WhatsApp interactions — sender phone number (hashed in logs), intent classifications, and species demand signals. Raw phone numbers are used only to route reply messages and are not stored in application tables. (5) IoT telemetry — soil moisture, sap flow, temperature, and battery voltage readings from sensors installed on land under a separate Kioo Africa Service Agreement with the landowner.

Lawful basis for processing (POPIA s11)

We rely on the following lawful grounds: Consent (s11(1)(a)) — healer IKS contributions and audio recordings are processed only after explicit consent is collected and a signed consent reference is stored against the healer record. Contract (s11(1)(b)) — corporate tenant data and field agent records are processed to perform our platform service agreement. Legitimate interest (s11(1)(f)) — IoT telemetry aggregated for tenant dashboards and cross-platform analytics where individual data subjects are not identifiable. We do not process special personal information (as defined in POPIA s26) except WebAuthn passkeys, which are cryptographic public-key pairs and have been confirmed not to constitute biometric information under POPIA.

How we use your information

Personal information is used to: authenticate and authorise access to the platform; route WhatsApp messages and royalty notifications to the correct healer or field agent; calculate and disburse healer royalties based on IKS usage; generate TNFD-aligned ESG reports for corporate tenants; maintain an append-only audit ledger for POPIA compliance and dispute resolution; and provide platform support and service communications. We do not sell personal information. We do not use personal information for advertising or marketing profiling.

Data sharing and sub-processors

We share personal information only with the following categories of recipients: (1) Vultr (infrastructure) — hosts all data in the jnb1 Johannesburg region under a data processing agreement. (2) Stripe Inc. — processes subscription billing. Only a Stripe customer reference ID is stored in our database; no card data passes through our systems. A Data Processing Agreement and Standard Contractual Clauses are in place. (3) Meta Platforms — WhatsApp messages are delivered via the Meta Cloud API. Message content is minimal and does not include raw personal information in the body. (4) HashiCorp Vault — stores signing keys and webhook secrets within the same Vultr JNB infrastructure. No personal information is stored in Vault. We do not transfer personal information to any country outside South Africa except as described above, and in each case a lawful transfer mechanism (DPA + SCCs) is in place.

Data retention

Tenant data is retained for the duration of the service agreement plus 12 months, after which it is deleted upon written request. Healer IKS contributions are retained indefinitely unless the healer exercises their right to erasure (see below), because removal would break the provenance chain for published ESG certificates already issued to corporate tenants — in such cases we will anonymise the healer record rather than delete the IKS content. Audit ledger rows are retained for 7 years to satisfy regulatory and contractual compliance obligations. IoT telemetry is retained for 36 months by default; tenants may configure a shorter retention period.

Your rights as a data subject (POPIA Chapter 3)

You have the following rights: Right of access (s23) — you may request a copy of your personal information by emailing privacy@muranga.earth. Right to correction (s24) — you may request correction of inaccurate personal information. Right to erasure (s24) — you may request deletion of your personal information. Where erasure would break an issued provenance certificate, we will anonymise your record instead and explain the limitation in writing. Right to object (s11(3)) — you may object to processing based on legitimate interest. Right to lodge a complaint — you may contact the Information Regulator at www.justice.gov.za/inforeg if you believe your rights have been violated. We will respond to all data subject requests within 30 days.

Security safeguards (POPIA s19)

We implement the following safeguards: encryption in transit (TLS 1.2+ on all endpoints via Traefik); encryption at rest (Vultr block storage encryption on all PostgreSQL volumes); row-level security (RLS) ensuring each tenant can only access their own data; a WebAuthn passkey-based authentication system with no passwords stored; an HMAC-anchored append-only audit ledger; HashiCorp Vault for cryptographic key management; and automated daily snapshots with tested restore procedures. We conduct regular internal audits and are preparing for an external CREST-accredited penetration test (scheduled M6.4, January 2027).

Cookies

We use a single first-party session cookie (muranga_session) to maintain your authenticated session. No marketing, tracking, or third-party cookies are set. The session cookie is HttpOnly, Secure, and SameSite=Strict.

Changes to this policy

We will notify tenant administrators of material changes to this policy by email at least 30 days before they take effect. The effective date of the current version is displayed at the top of this page. For questions, contact privacy@muranga.earth.

Questions? Contact our Information Officer at privacy@muranga.earth