Conduit โ Operated by Bigsam Tech (trading as Conduit Tech) ยท Version 1.0
Bigsam Tech (trading as Conduit Tech), operating Conduit, is the data controller responsible for your personal information under Zimbabwe's Cyber and Data Protection Act [Chapter 12:07]. Contact our Data Protection Officer at privacy@conduitid.net.
Account: name, email, phone, password (hashed), role.
Animal: name, species, breed, colour, sex, date of birth, photos, microchip and secondary ID numbers, notes.
Health: vaccination and parasite treatment records, weight history, symptoms submitted to the AI Symptom Checker, medical alerts, allergies, chronic conditions.
Identity & ownership: ownership attestations (with your IP, device info, and timestamp), transfer history, microchip conflict reports.
Emergency contacts: names and numbers of secondary contacts and vets you add โ which may be personal information about third parties.
Location: if you connect a GPS device, its location and movement history.
Care logs: exercise, training, nutrition, and housing records you choose to enter.
Payment: handled by licensed providers (e.g. EcoCash, Paynow). We never store full card numbers or mobile money PINs โ only transaction references needed for support.
Technical: IP address, device/browser type, usage logs.
| Purpose | Legal basis |
|---|---|
| Account creation and management | Performance of our contract with you |
| QR/NFC profiles and public pages | Performance of our contract with you |
| Lost & found, emergency cascade | Contract / your configuration |
| Vaccination reminders, health & behaviour intelligence | Performance of our contract with you |
| AI Symptom Checker | Your explicit request, each use |
| Microchip duplicate detection / fraud prevention | Our legitimate interest in platform integrity |
| GPS location tracking | Your explicit consent (per device) |
| Service emails, reminders, security alerts | Performance of our contract with you |
| Marketing communications | Your separate opt-in consent |
| Legal requests / enforcing our Terms | Legal obligation / legitimate interest |
Terms & Privacy consent โ required at registration. Logged with timestamp, IP, and policy version.
Location / GPS consent โ required only when you connect a GPS device. Revocable any time by disconnecting it.
Vet sharing โ only when you grant a clinic access; revocable from the Identity tab.
Shelter / ZNSPCA sharing โ your animal's profile becomes visible to partner shelters while marked "lost."
Public profile visibility โ name, species, breed, and photo are visible to anyone scanning the tag by default; emergency cascade contacts become visible only while the animal is marked "lost." See Section 6 for third-party contacts.
Marketing โ off by default, opt-in, revocable any time.
Each consent is logged separately with a timestamp so both you and we have a record of what was agreed and when.
| Recipient | What they see | When |
|---|---|---|
| You | Everything you've entered | Always |
| Shared household users | Read-only view of invited animals | While access granted |
| Anyone scanning a QR/NFC tag | Name, species, breed, photo, verified badge | Always |
| Public (additionally) | Emergency cascade contacts | Only while marked "lost" |
| Vet clinics on Conduit | Health records, identity, microchip status | Only with your explicit, revocable grant |
| Partner shelters / ZNSPCA | Lost-animal profile & last-known info | Only while marked "lost" |
| Conduit admin | All platform data | Operational/legal need, audit-logged |
| Law enforcement / courts | Attestation & ownership records | Lawful request or court order |
| Regulators (POTRAZ, DLVFS, etc.) | Relevant records | As required by law |
| AI provider (Anthropic) | What you submit to the Symptom Checker | Only when you use that feature |
Animal health data, and the human data tied to it (your name, your vet's details, emergency contacts), is restricted to your account, anyone you've explicitly shared with, and Conduit staff with a legitimate operational reason โ logged in our audit trail.
If you submit a third party's details (an emergency contact or vet), you confirm you have their permission to share and display that information as configured, including potentially publicly if the animal is marked lost. Conduit relies on your confirmation and does not independently verify it.
Accounts require the holder to be 18+, or a parent/guardian managing the account. If we identify an account created by a minor without appropriate parental involvement, we'll take steps to remove it consistent with the Cyber and Data Protection Act.
Conduit's infrastructure may process data outside Zimbabwe via: Supabase (database), Vercel (web hosting), Railway (API hosting), Cloudflare R2 (file storage), Resend (email), Anthropic (AI processing), and Vonage/WhatsApp (notifications).
Under the Cyber and Data Protection Act, cross-border transfer requires an adequate level of protection at the destination, your consent, or another lawful basis. By using Conduit, you acknowledge and consent to this arrangement, necessary to provide the Service. We select providers with established security commitments and will update this section if it changes materially.
Account and animal records: retained while active and for a reasonable period after closure (ownership attestation and conflict records typically up to 7 years, given their evidentiary role).
GPS location history: 12 months by default, then aggregated or deleted, unless you request earlier deletion.
AI Symptom Checker sessions: not retained beyond the session unless you save the output to your animal's records.
Consent records: life of the account plus 7 years.
Under the Cyber and Data Protection Act you can access, correct, or delete your data (subject to our legitimate retention needs), withdraw consent at any time, object to processing based on legitimate interest, request a portable copy of your data, and lodge a complaint with POTRAZ as Zimbabwe's Data Protection Authority.
To exercise these rights: privacy@conduitid.net.
We use encrypted password storage, HTTPS, access controls, and audit logging. If a breach affects your personal data, we'll notify POTRAZ within 24 hours as required by law, and notify you without undue delay.
Material changes will be notified at least 14 days in advance via email or in-app notice.
Data Protection Officer: privacy@conduitid.net ยท General support: support@conduitid.net
Questions? support@conduitid.net