Frequently Asked Questions

Frequently Asked Questions

What is Soja?

SOJA is an innovative platform that captures information about who is visiting a premise, a replacement for a sign-in book sitting on the reception desk. It consists of a Mobile and Web Technology that accurately captures and verifies visitor details. It then sends an instant message SMS to notify hosts that they have a visitor.

Soja now also has fingerprint Registration and Verification. We use devices fitted with industry leading biometric technology to bring time and attendance solutions to mobile

Why Soja?

Soja helps you make sense of the information you collect from your visitors and residents. It aids in proactively monitoring and spotting trends and patterns. Therefore, using visitor trends analysis, surveillance teams can gain insight and take proactive measures.

What Kind of Data of Collected?

Soja accurately collects detailed information that includes; full names, ID and passport numbers, phone numbers, name of company or organization a visitor is from, destination and the host to be visited.

Soja now also incorporates mobile biometrics technology. You can register and verify your residents using their fingerprints. You will need a special device for this.

Where is the data Stored?

Your data can be stored in the Identigate secure cloud server. You also have an alternative to install the platform in your private servers.

We can help you install the SOJA Database on your server or a Cloud Server of your choice to comply with yours or applicable Data residency policies. Since we take your data privacy very seriously, we regularly review and systems, policies and processes to ensure that we’re compliant.

Who has access to my data?

Your data can only be accessed by you or your invited users. Invited User means any person, other than you, that uses the Service for administrative functions with your authorization from time to time, including your staff members accredited facility, property and systems manager with relevant login credentials for your account.

What is the data used for?

Just like the regular visitors’ book, we record your information strictly for identification purposes only. It will be used to know who is on site in case of an emergency or if a security incident occurs.

Who has access to my information?

Your data does not stay on the phone therefore even the security officer using the application to collect shall not have access to them apart from when recording your exit. Your data is transmitted to a secure server in real time (immediately its collected). Only designated Officers have access to your data

 Why is my ID being photographed?

We use a mobile application to collect your data from your ID, while the application uses the phone camera, no picture is taken of your ID, your information is only automatically extracted by scanning your document.

What data is collected from my ID?

The following information is extracted from your ID or passport. Your full name, your ID number, your Age and your nationality. This data is the standard information collected as part of security procedures for our customers. The data will only be used for security purposes. Such as to know who is in the building in case of an emergency or to investigate security incidents. The same information particularly your name and organization (That may be collected in case is required by the client) is also used to alert your host in case you’re visiting a specific individual

What if I don’t have my ID or Passport?

Soja has an option for SMS check-in for visitors who don’t have any ID at hand or those who have been to a site before and return without a form of ID. You must have your phone with you for this process.

Isn’t it illegal to collect my information without my consent?

The Data Privacy Act required an informed consent from the data subject. We advise our clients to ensure that they clearly communicate to visitors that electronic visitor registration is undertaken as part of the building policy. This can be clearly displayed at the registration area.

Furthermore, the Kenya Private Security Regulation Act 13 of 2016, Section 48 allows us to collect your information for identification purposes. Furthermore, what we are doing is not different from the regular visitor book. We only use technology to ensure that the information we collect is secure and of better value.

Is Soja Compliant with Kenya Data Protection Act?

The principal object of Kenya Data Protection Act No 24 of 2019 is to protect personal data collected, used or stored by both private and public entities. The Act recognizes that data protection forms part and parcel of the expectation of the right to privacy. It provides for the legal framework for protection of a person’s privacy in instances where personal information is collected, stored, used or processed by another person.

The Act gives effect to Article 31(c) and Article 31(d) of the Constitution of Kenya 2010, which guarantees the right of every person not to have “information relating to their family or private affairs unnecessarily required or revealed” and the right not to have “the privacy of their communications infringed.

most of the provisions on this Act are still in the process of being implemented. For instance, the regulatory body-Office of the Data Protection Commissioner is yet to be set up. This consequently implies that the regulations the act seeks to enforce are yet to be defined. It is a process that we as stakeholders, are keenly following to ensure that we comply as its implemented through the office of the yet to be established Data protection Commissioner and subsequent regulations.

Meanwhile, we also operate under the protection of the Private Security Regulation Act No 13 of 2016. Particularly section 48 of the Act that among others, empower security officers to request for Identification documents from visitors and record data from the same documents for security purposes.

Is Soja GDPR Compliant?

The EU General Data Protection Regulation (GDPR) is a new comprehensive data law that is designed to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data security.

GDPR rules out the paper log book. To be able to protect and manage personal data effectively, organizations are required to shift to more sophisticated solutions. Soja offers a secure and customizable platform and data processing framework to support customers with establishing controls and procedures in data management. With a cloud-based visitor management platform, organizations have more control and can establish procedures to comply with the new regulation.

We have provided an addendum that adds GDPR Specific clauses to our standard terms and conditions and service if processing of your Visitor or Employee Data is governed by the GDPR. Our terms and conditions of service are available online on

What happens to my data collected in case of an internet loss or downtime?

Soja works offline as well. Your end- users can continue collecting data, unsent records will be queued in a cache and submitted to your server once connection is re-established.

Wont users Misuse the devices dedicated for the system?

All devices supplied to our clients are installed with Mobile Device Management Applications that prevent the use and misuse of the devices by limiting access to Applications to only what is approved. We also provide and update mobile data on the end user devices as part of our service package.

If you need further information, clarification or demonstration, please don’t hesitate to contact us