Kaya MarketplaceKaya Marketplace

Legal

Privacy Policy

This draft is provided for informational purposes and is not legal advice.

1. Overview

This Privacy Policy explains how Kaya Marketplace ("Kaya", "we", "us") collects, uses, shares, and protects personal data when you use our services (together, the "Services"), including:

  • The Kaya multi-vendor trading platform (web/PWA) (the "Marketplace")
  • The Kaya Driver mobile application (the "Driver App")
  • The Kaya Shipper platform and Admin Console used for shipment creation, dispatch, tracking, customer support, finance, and dispute handling (the "Shipper Platform")

Contact: [email protected]

2. Scope

This Privacy Policy applies to personal data we process when you:

  • Create an account or use the Marketplace, Driver App, or Shipper Platform
  • Place or fulfil orders, create shipments, or complete deliveries
  • Communicate with Kaya support or participate in dispute resolution
  • Visit our websites or interact with our marketing (where applicable)

3. Personal Data We Collect

Depending on your role (Retailer, Vendor, Driver, Shipper, Admin) and how you use the Services, we may collect:

  • Identity and contact data: name, phone number, email address, business name, delivery addresses, contact persons
  • Account data: usernames, hashed passwords, authentication factors (where enabled), account preferences
  • KYC and verification data (where required): government ID, selfies, business registration documents, tax IDs, driver's license, vehicle details
  • Transaction and financial data: order history, invoices, payment status, refunds, chargebacks, COD status and reconciliation records
  • Delivery and logistics data: pickup/drop-off addresses, shipment details, route plans, tracking events, proof of delivery
  • Location data:
    • For Drivers, we may collect real-time GPS location during active deliveries (subject to device permissions)
    • For other users, we may collect approximate location based on address or device/IP information
  • Device and usage data: IP address, browser type, device identifiers, app version, crash logs, analytics events, diagnostic logs
  • Communications: messages with support, emails/chats, dispute evidence (photos, notes), call recordings where permitted by law
  • User-generated content: product listings, images, reviews, ratings, comments

4. How We Use Personal Data

We use personal data to:

  • Provide and operate the Services
  • Create and manage accounts
  • Enable ordering, shipment creation, dispatch, and delivery tracking
  • Provide notifications and service messages
  • Process payments and manage COD (including via payment processors such as Paystack)
  • Manage refunds, reversals, and chargebacks
  • Reconcile COD collections and payouts
  • Verify identity, prevent fraud, and comply with law
  • Customer support and dispute resolution
  • Improve and develop our products
  • Marketing and communications (where permitted)

5. Legal Bases for Processing (Where Applicable)

Where applicable under data protection laws, we process personal data based on:

  • Contract performance
  • Legitimate interests
  • Consent
  • Legal obligations

6. Cookies and Similar Technologies

The Marketplace PWA and web components may use cookies and similar technologies to keep you signed in, remember preferences, measure performance and usage, and help prevent fraud and abuse. You can manage cookies through your browser settings.

7. How We Share Personal Data

We may share personal data with:

  • Vendors/Wholesalers (order details needed to fulfil purchases)
  • Drivers and logistics partners (delivery details)
  • Payment processors (e.g., Paystack) to process payments and manage refunds/chargebacks
  • Verification and fraud-prevention providers
  • Service providers (hosting, analytics, support tools)
  • Professional advisors (as needed)
  • Authorities where required by law, court order, or to protect rights, safety, and security

We do not sell personal data as a business model.

8. Cross-Border Transfers

Your personal data may be processed in Ghana and in other countries where Kaya or our service providers operate. Where required, we implement appropriate safeguards.

9. Data Retention

We retain personal data only as long as necessary for providing and improving the Services, fraud prevention and security, dispute resolution and enforcement, and legal, tax, accounting, and compliance requirements.

10. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal data, such as encryption in transit, access controls and role-based permissions, monitoring, logging, and audit trails.

11. Your Rights

Depending on applicable law, you may have rights to access, correct or delete personal data, object to or restrict processing, withdraw consent, and request portability. To exercise your rights, contact [email protected].

12. Children's Privacy

The Services are not intended for children under 18. We do not knowingly collect personal data from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post updates in-app or on our website and update the effective date when changes are made.

14. Contact

For privacy questions or requests, contact: [email protected]