Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.



411 University St, Seattle, USA


+1 -800-456-478-23

Frequently Asked Questions

What is Soja?

SOJA is an innovative mobile and web technology platform that support the management of visitor registration and associated processes such as booking and appointment management, contractors management, inbound and outbound goods among others

Soja helps you better manage and make sense of the information you collect from your visitors, contractors and staff and manage associated risks and compliance regulations.

Where is the data stored?

Your data can be stored in our secure cloud server. You also have an alternative to install the platform in your private servers.

We can help our enterprise customers install the system on their servers or a Cloud Servers of their choice to comply with yours or applicable Data residency policies. Since we take your data privacy very seriously, we regularly review and systems, policies and processes to ensure that we’re compliant.

Who has access to my data?


Your data is automatically uploaded to a secure storage area as soon as the registration process is completed. It can only be accessed by invited system users. 


Invited users means any person, other than you, that uses the system for administrative functions with your authorization from time to time, including your staff members accredited facility, property and systems manager with relevant login credentials for your account.

What is the data used for?

Just like the regular visitors’ book, your data is strictly used for security purposes only. It will be used to know who is on site in case of an emergency or if a security incident occurs.

Why is my ID being photographed?

We use a mobile application that can automatically extract relevant data from your ID or Passport. While the application uses the device camera, no picture is taken of your ID, and your information is only automatically extracted by scanning your document.

What data is collected from my ID?

Only relevant information as required by the facility you are accessing is collected. This data is the standard information collected as part of security procedures for our customers. The data will only be used for security purposes. Such as to know who is in the building in case of an emergency or to investigate security incidents. The same information particularly your name and organization (That may be collected in case is required by the client) is also used to alert your host in case you’re visiting a specific individual

What if I don’t have my ID or Passport?

Soja has an option for Manual check-in for visitors who don’t have any ID at hand or those who have been to a site before and return without a form of ID. You must have your phone with you for this process to be completed.

Isn’t it illegal to collect my information without my consent?

The Data Protection Act required an informed consent from the data subject. We advise our clients to ensure that they clearly communicate to visitors that electronic visitor registration is undertaken as part of the building policy. This can be clearly displayed at the registration area.

Furthermore, the Kenya Private Security Regulation Act 13 of 2016, Section 48 allows our users (Security Officers) to collect your information for identification purposes. What SOJA does is different from the regular visitor book. We only use technology to ensure that the information we collect is secure and of better value.

Is Soja Compliant with Kenya Data Protection Act?

The principal object of Kenya Data Protection Act No 24 of 2019 is to protect personal data collected, used or stored by both private and public entities. The Act recognizes that data protection forms part and parcel of the expectation of the right to privacy. It provides for the legal framework for protection of a person’s privacy in instances where personal information is collected, stored, used or processed by another person.

The office of the Data Protection Commissioner is the regulatory agency responsible for registration of data processors and data controllers. Identigate Integrated Solutions (Owner of SOJA VMS Platform) is registered as a data processor in compliance with the law

SOJA and its end users also operate under the protection of the Private Security Regulation Act No 13 of 2016. Particularly section 48 of the Act that among others, empower security officers to request for Identification documents from visitors and record data from the same documents for security purposes.

Is Soja GDPR Compliant?

The EU General Data Protection Regulation (GDPR) is a comprehensive data law that is designed to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data security.

GDPR rules out the paper log book. To be able to protect and manage personal data effectively, organizations are required to shift to more sophisticated solutions. Soja offers a secure and customizable platform and data processing framework to support customers with establishing controls and procedures in data management. With a cloud-based visitor management platform, organizations have more control and can establish procedures to comply with the new regulation.

We have provided an addendum that adds GDPR Specific clauses to our standard terms and conditions and service if processing of your Visitor or Employee Data is governed by the GDPR. Our terms and conditions of service are available online on http://www.soja.co.ke/index.php/terms-of-use/

What happens to my data collected in case of an internet loss or downtime?

Soja works offline as well. Your end- users can continue collecting data, unsent records will be queued and submitted to your server once connection is re-established.

Won’t users Misuse the devices dedicated for the system?

All devices supplied to our clients are installed with Mobile Device Management platform that prevent the use and misuse of the devices by limiting access to Applications to only what is approved. 

We also provide and update mobile data on the end user devices as part of our service package.

Got Another Question?