Governance, privacy and accountability
TraceGadget Kenya is civic infrastructure built and operated as a public-interest service. This page sets out how the service is governed, what data we collect and how, and what citizens, dealers and policy-makers can hold us to.
Mission
To reduce theft and trafficking of electronic devices in Kenya by giving owners a way to report stolen devices and giving the public, repair shops and dealers a way to verify status before purchase or repair — without creating new surveillance of citizens.
Constitutional alignment
The service is structured to fit within the privacy ceiling set by Article 31 of the Constitution and the Data Protection Act, 2019. Earlier attempts in Kenya to register every citizen's device identifiers were struck down by the courts on privacy grounds. We avoid that ceiling by:
- Collecting identifiers only from voluntary owner registration, never from telco IMEI streams or mandatory collection.
- Returning to the public only a binary stolen / not-reported status — never the owner's name, email, phone or address.
- Storing only SHA-256 hashes of search identifiers and IP addresses in our lookup log, so the log itself does not become a side-channel revealing what people searched for.
- Treating any mandatory commercial-side query obligation as a matter for Parliament, not for this service. The pending Article 119 petition #15 (Electronic Devices Traceability and Anti-Trafficking Reform) proposes that obligation; we do not impose it.
What we collect
| From whom | What | Why | Retention |
|---|---|---|---|
| Account owners | email, name, optional phone, password hash (bcrypt) | Authenticate registrations and report-status changes | For the life of the account |
| Account owners | device identifiers, brand, model, optional proof of ownership | Enable status reporting | For the life of the account or until the owner deletes the device |
| Public visitors | SHA-256(identifier searched), SHA-256(IP), user-agent, timestamp | Abuse detection only | 90 days rolling |
| API key holders | account contact + per-key call counts (hashed identifiers) | Authentication, rate limiting, usage reporting | Same as account; counts 12 months |
What we never collect
- Mass telco IMEI feeds.
- Phone location.
- SIM card identifiers.
- Citizens' national identity card numbers.
- Plaintext API keys (we store only their SHA-256 hashes).
What the public sees
A public /check query returns exactly one of not reported stolen, reported stolen or recovered, optionally accompanied by brand / model so the searcher can confirm they have the right device. No owner-identifying information is ever returned.
Disputes
A device wrongly listed as stolen can be challenged through our dispute process. Disputes are reviewed by the platform's review team; resolution is logged in an audit trail. If the dispute is upheld, the listing is removed and a note is attached for transparency.
Accreditation and accountability
We accredit ourselves to the following standards:
- Public transparency reports quarterly: number of devices registered, number reported stolen, number recovered, number of disputes opened and their disposition, total API calls made, total public lookups served.
- Independent advisory board drawn from civil society (proposed: KICTANet, KNCHR, Strathmore Law CIPIT, KEPSA) to review policy decisions and dispute outcomes.
- Independent code audit on request. The source code is held privately, but is available for review under NDA by qualified independent reviewers — the Office of the Data Protection Commissioner, KICTANet, KNCHR, Strathmore CIPIT or any party they nominate. Public APIs (the verification endpoint, the citizen-facing pages) are open to anyone to test directly.
- Annual data-protection impact assessment submitted to the Office of the Data Protection Commissioner.
- Right of public takeover: if Parliament enacts a national framework for electronic-device traceability (as proposed in petition #15), we commit to handing over the platform — including its codebase, data and brand — to the designated public body under a structured Build-Operate-Transfer agreement.
What we are not
- We are not a police service. We do not make arrests, investigate, or replace an OB number filing.
- We are not a registry of guilt. A "reported stolen" entry is a claim made by an owner; it does not declare any third party a thief.
- We are not, today, a public agency. We are private civic infrastructure with a transparent path to public takeover when the law is in place.
Contact
Operator: Xcobean Limited.
Data Protection Officer: dpo@xcobean.com.
Disputes: disputes@xcobean.com.
This page is the live governance commitment. Material changes to it are date-stamped and announced in our quarterly transparency report.