Compliance Standards

MylesCorp Technologies Ltd operates with the highest standards of legal compliance, ethical business conduct, and data governance. We view compliance not as a burden but as a foundation for building trust with our clients, partners, and the communities we serve across East Africa.

Our compliance programme is overseen by our executive leadership team and reviewed annually. We maintain records of all compliance activities and are committed to continuous improvement in our governance standards.

The Kenya Data Protection Act, 2019 (DPA) is the primary legislation governing personal data processing in Kenya. MylesCorp complies with the DPA in the following ways:

• Registration: Registered as a Data Controller and Data Processor with the Office of the Data Protection Commissioner (ODPC)
• Lawful processing: We process personal data only on lawful bases as defined in Section 30 of the DPA
• Data minimisation: We collect only the minimum data necessary for the stated purpose
• Data subject rights: We have established processes to respond to access, rectification, erasure, and portability requests within 30 days
• Privacy by design: Data protection principles are embedded into all our product development processes
• Data breach notification: We maintain procedures to notify the ODPC and affected individuals within 72 hours of a confirmed breach

For clients and users in the European Economic Area (EEA), or where we process data of EEA residents, we comply with the General Data Protection Regulation (GDPR):

• Legal bases: We document and maintain records of legal basis for every data processing activity
• Data Processing Agreements (DPAs): Available for all enterprise clients upon request
• International transfers: Data transfers outside the EEA are governed by Standard Contractual Clauses (SCCs)
• Data Protection Impact Assessments (DPIAs): Conducted for all high-risk processing activities

To request a Data Processing Agreement, contact legal@mylescorp.co.ke.

MylesCorp Technologies Ltd is ISO 9001:2015 certified, demonstrating our commitment to quality management systems. This certification covers:

• Software development and delivery processes
• Customer service and support operations
• Project management and delivery
• Continuous improvement processes

Our quality management system is audited annually by an accredited certification body. The certification ensures that our products and services consistently meet client and regulatory requirements.

We comply with the Kenya Consumer Protection Act, 2012, which ensures that consumers are protected from unfair trade practices. Our commitments include:

• Clear, accurate, and transparent pricing with no hidden fees
• Honest marketing and advertising — we only make claims we can substantiate
• Fair contract terms that do not unfairly disadvantage clients
• A clear complaints and dispute resolution process
• The right to cancel services as described in our Terms of Service

As a technology company operating in Kenya, we comply with the Kenya Information and Communications Act (Cap 411A) and regulations issued by the Communications Authority of Kenya (CA):

• Our software products meet the technical standards prescribed by the CA
• We do not engage in or facilitate cybercrime as defined in the Computer Misuse and Cybercrimes Act, 2018
• All electronic communications comply with applicable regulations

MylesCare, our healthcare management platform, is designed to comply with Kenya's Social Health Authority (SHA) standards and healthcare data requirements:

• SHA insurance claims integration built to MoH specifications
• Patient data handled in compliance with DPA and health sector guidelines
• Electronic Medical Records (EMR) meet Kenya EMR Interoperability Standards
• All healthcare data is encrypted and access-controlled to protect patient confidentiality

EduMyles and EduRyde are built in compliance with Kenya's Ministry of Education requirements:

• Full support for Competency Based Curriculum (CBC) including Grade 1–9 report card formats
• Compliance with Basic Education Act, 2013
• Student data protection — schools retain data ownership; MylesCorp acts as data processor
• EduRyde GPS tracking complies with NTSA regulations for school transport

Our security practices are aligned with internationally recognised standards:

• Encryption: AES-256 at rest · TLS 1.3 in transit
• Access control: Role-based access with principle of least privilege
• Authentication: Multi-factor authentication enforced for all admin accounts
• Vulnerability management: Regular penetration testing and vulnerability scanning
• Incident response: Documented incident response plan tested annually
• Business continuity: Automated backups with 99.9% uptime SLA

If you have a compliance concern, wish to report a potential breach of our policies, or believe MylesCorp is not meeting its legal obligations, please contact us immediately. All reports are treated confidentially and investigated promptly.