Cookie Policy
Last updated: 15 May 2026 · Version v1.0-DRAFT
This policy is in draft pending Kenyan legal review and Office of the Data Protection Commissioner (ODPC) registration. Questions? [email protected].
This page lists the cookies and similar local-storage technologies that MyChama uses, and the choices you have around them. It supplements our Privacy Policy. Kenya's Data Protection Act 2019 treats cookie identifiers as personal data; we name every cookie we set so you can decide whether to allow them.
Strictly necessary
These are required for the site to function. They cannot be switched off without breaking core functionality:
- sessionid — Django session cookie. Used by the admin panel and the contact form. Session-scoped.
- csrftoken — Anti-CSRF protection on form submissions. 1 year.
- __cf_bm — Cloudflare bot-management cookie. 30 minutes.
- cf_clearance — Cloudflare security-challenge clearance. Up to 30 days.
App authentication (not cookies)
The MyChama PWA at app.mychama.app stores your authentication token in browser localStorage, not in a cookie. localStorage is similar technology and is covered by this policy. The token is cleared on logout or when it expires.
Analytics (planned, not yet active)
MyChama does not currently use any third-party analytics provider that sets a cookie. When we do add analytics, we will use a privacy-friendly, cookie-less provider (e.g. Plausible) and update this policy accordingly. If we switch to a provider that requires consent under DPA 2019, we will display a consent banner before any tracking cookie is set.
Marketing
MyChama does not use marketing or advertising cookies.
Managing cookies
You can clear or block cookies through your browser settings. Doing so may break the contact form or trigger additional Cloudflare security challenges. Clearing localStorage will log you out of the PWA.
Contact
- Data Protection Officer: [email protected]
- General: [email protected]