Compliance

Kote ("we," "us," or "our") is committed to operating with integrity and in full compliance with the laws and regulations that govern eSIM provisioning, telecommunications, data protection, and financial services in Kenya and the markets we serve. As a connectivity service built for Kenyans abroad, we hold ourselves to the highest standards of transparency and accountability so you can stay close to home while paying less.

This page provides an overview of the key regulatory frameworks we adhere to and the measures we take to protect your rights as a customer.

We comply with the Kenya Data Protection Act, 2019 (DPA) and the regulations issued by the Office of the Data Protection Commissioner (ODPC). Our obligations under the DPA include:

• Lawful Processing: We collect and process personal data only where we have a lawful basis, such as your consent, contractual necessity, or a legitimate interest.
• Data Minimisation: We collect only the personal data that is necessary to deliver our eSIM services, process payments, and provide customer support.
• Data Subject Rights: You have the right to access, correct, delete, and port your personal data. You may also object to or restrict certain processing activities. To exercise these rights, contact us at privacy@kotekonekt.com.
• Breach Notification: In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ODPC and affected individuals within 72 hours as required by the Act.
• Data Protection Impact Assessments: We conduct DPIAs for high-risk processing activities, including new product features and third-party integrations.

For full details on how we handle your personal data, please see our Privacy Policy.

Kote operates within the regulatory framework established by the Communications Authority of Kenya (CA). Our compliance measures include:

• Licensing: We maintain the appropriate licences and authorisations required to facilitate eSIM provisioning and mobile data services through our network partners.
• Quality of Service: We adhere to the CA quality-of-service standards and continuously monitor network performance to ensure reliable connectivity for our users.
• SIM Registration: We comply with Kenya's SIM registration requirements, collecting and verifying subscriber identity information as mandated by regulation.
• Tariff Transparency: All pricing for our data plans is published clearly within our app and website, with no hidden fees or surcharges.
• Cooperation with Authorities: We cooperate with lawful requests from the Communications Authority and other government agencies as required by Kenyan law.

Delivering eSIM services to Kenyans abroad means your data may be processed in multiple jurisdictions. We take the following steps to protect your data during international transfers:

• Standard Contractual Clauses: We enter into standard contractual clauses with international service providers and network partners to ensure adequate data protection safeguards.
• Adequacy Assessments: Before transferring data to a new jurisdiction, we assess whether that country provides an adequate level of data protection as recognised by the ODPC.
• Encryption in Transit: All data transferred internationally is encrypted using TLS 1.3 or equivalent standards.
• Data Localisation: Where regulations require certain categories of data to remain within Kenya, we ensure compliance through localised storage and processing.

As a provider of paid connectivity services, we are committed to preventing the misuse of our platform for money laundering, terrorism financing, or other illicit activities. Our AML and KYC programme includes:

• Identity Verification: We verify the identity of all users during account registration, in line with Kenya's Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) and SIM registration regulations.
• Transaction Monitoring: We monitor transactions for unusual or suspicious activity and report suspicious transactions to the Financial Reporting Centre (FRC) as required by law.
• Sanctions Screening: We screen users against applicable sanctions lists to ensure we do not provide services to sanctioned individuals or entities.
• Record Keeping: We retain KYC records and transaction histories for the periods mandated by Kenyan law to support regulatory audits and investigations.
• Staff Training: Our team receives regular training on AML obligations, red-flag identification, and reporting procedures.

We are committed to treating our customers fairly and transparently. Our consumer protection practices include:

• Clear Terms of Service: Our terms are written in plain language so you understand your rights and obligations before purchasing a plan.
• Fair Billing: We provide accurate, itemised billing and proactive data-usage alerts so you are never surprised by charges.
• Complaints Handling: We maintain a formal complaints procedure. If you are not satisfied with our resolution, you may escalate your complaint to the Communications Authority of Kenya.
• Refund Policy: We offer refunds in accordance with our published refund policy for unused or defective eSIM plans.
• No Hidden Fees: All taxes, surcharges, and applicable fees are disclosed upfront before you complete a purchase.

We believe connectivity is for everyone. We are committed to making our app and website accessible to users of all abilities, guided by the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. Our ongoing accessibility efforts include:

• Semantic HTML and proper heading structure across all pages.
• Sufficient colour contrast ratios for text and interactive elements.
• Support for screen readers and assistive technologies on iOS and Android.
• Keyboard-navigable interfaces throughout the web experience.
• Regular accessibility audits and user testing with diverse participants.

If you encounter an accessibility barrier, please let us know at compliance@kotekonekt.com so we can address it promptly.

We encourage employees, partners, and customers to report any suspected compliance violations, data breaches, or unethical conduct. You can report concerns through the following channels:

• Email: compliance@kotekonekt.com
• In-App Support: Use the "Help & Support" section within the Kote app to submit a confidential report.

All reports are treated confidentially. We prohibit retaliation against anyone who raises a concern in good faith and will investigate all reports thoroughly.

If you have questions about our compliance practices or wish to report a concern, please reach out: