Last updated: February 20, 2026
This Privacy Policy explains how aXiom Zorn Ltd. (“we”, “our”, or “us”) collects, uses, and protects your information when you use the Digital Agriculture Reference Bureau (DARB) platform.
We are committed to safeguarding personal data in accordance with the Uganda Data Protection and Privacy Act 2019 and recognised international data protection principles such as the EU General Data Protection Regulation (GDPR).
1. Our Role
AXiom Zorn Ltd acts as the Data Controller for all personal data processed through DARB.
Third parties such as payment providers, insurers, banks, and research partners act as data processors under binding data-protection and confidentiality agreements.
2. Information We Collect
a. Information You Provide
Personal and contact details (name, phone, email)
Farm or business information (location, crops, production, land size)
Financial and transaction data (mobile-money or bank payments)
Identity or verification records
Uploaded files (e.g., proof of payment, photos, documents)
b. Information we collect automatically
Device and browser information
IP information and system logs
Platform usage and interaction data
Usage statistics and interaction logs
Location data (when enabled)
Cookies or analytics identifiers
c. Derived and inferred data
Credit scores, risk indicators and productivity indicators
Aggregated analytics and anonymised insights generated through automated processing
3. How We Use Your Information
We process your data to
Provide and operate DARB services.
Create verified farmer and SME profiles
Generate indicators and alternative credit scores
Facilitate access to finance, insurance, advisory and market services
Communicate service updates, support, and notifications
Generate anonymised statistics for agricultural policy and research
Improve platform performance and security
We do not sell or rent your identifiable data to any third party.
4. Automated Processing and AI use
DARB uses automated data processing and an analytics model, including an AI-supported system, to generate insights such as credit scores and risk indicators
These outputs do not constitute final decisions on their own
Financial or commercial decisions are subject to human review by authorised partners
Users may request clarification, correction or review of automated outputs
5. Lawful Basis for Processing
We process data based on:
Consent obtained during registration when you provide optional information, profiling or card scanning
Contractual necessity to deliver the services you request
Legitimate interest for platform improvement, analytics and fraud prevention
Legal obligation when required by Ugandan or international law
6. Data Sharing
We may share limited data:
With financial institutions, payment providers, insurers or service providers to deliver authorised services
With government agencies or research partners for approved agricultural programmes
Where required by law, regulation or court order.
All partners operate under confidentiality and data-protection agreements.
7. International Transfers
Where information is processed outside Uganda, we apply adequate safeguardsincluding
Contractual data-protection clauses
Secure hosting environment
compliance with recognised international data-transfer standards.
8. Data Security
We employ administrative, technical, and physical safeguards:
SSL/TLS encryption for data in transit
Encrypted databases for data at rest
Role-based access controls
Audits logs and monitoring
secure backups and recovery procedures
Users are responsible for safeguarding their access credentials.
9. Data Retention
Personal data is kept only as long as necessary for
Service provision and accounting
Legal or regulatory obligations
Dispute resolution
Anonymised research or impact analysis
You may request deletion of your data at any time (subject to lawful retention requirements).
10. Your Rights
Under the Uganda Data Protection and Privacy Act and comparable international laws, you may:
Access and obtain a copy of your personal data
Request correction or deletion
Withdraw consent for specific processing
Object to direct marketing
Lodge a complaint with the Personal Data Protection Office (Uganda)
11. Cookies and Analytics
We use cookies to enhance functionality and analyse platform usage.
You can disable cookies in your browser settings, though some features may not function fully.
12. Children’s Privacy
DARB does not intentionally collect information from children under 13 years except where such data is provided with the explicit consent of a parent or legal guardian and solely for the purpose of delivering approved services, such as micro-health insurance or other social protection programmes.
Where parental or guardian consent is not obtained or cannot be verified, any personal data relating to a child will be promptly deleted upon identification.
13. Data Breach Notification
In the event of a data breach that poses a risk to users’ rights or freedoms, we will:
Take immediate remedial action
Notify affected users and relevant authorities in line with legal requirements
14. Policy updates
This Privacy Policy may be updated periodically. Any changes will be published on this page with a revised “Last Updated” date.