Privacy Policy

What kind of data do we collect?

1. Personal information
   Full names, phone numbers, email addresses, and legal identification for both senders and recipients of parcels;
2. Business information
   For our business partnerse, we collect business registration details, details of management and/or other contact persons, and other general information such as the types and features of products sold;
3. Parcel information
   Descriptions of the items, declared value, weight, size, and any specific handling requirements;

Why do we collect this data?

1. Service delivery
   Provision of courier services, to facilitate the end-to-end delivery lifecycle, including pick-up, sorting, transit, and last-mile delivery; Generate and maintain a digital audit trail of a parcel's location, providing senders and recipients with precise status updates;
2. Customer support
   To provide our support teams with the necessary context to troubleshoot delivery, account or other issues; To investigate and resolve claims regarding damaged, delayed, or lost shipments through recorded transit data;
3. Identity verification
   Authenticate the identity of senders and recipients of parcels, mitigating the risk of fraud or theft;
4. Payment processing
   Verify billing information, process service fees, and manage customer accounts;
5. Compliance
   Fulfillment of mandatoy obligations across several legal frameworks including (but not limited to); postal and courier regulations regarding manifest record-keeping and transport safety; andapplicable data protection laws, ensuring that personally identifiable information (PII) is processed only for legitimate purposes;

How do we collect data?

1. Information provided directly by you
   
   1. Digital platforms
      Data provided through our website when creating an account, completing KYC, requesting deliveries;
   2. Direct communication
      Data captured via official correspondence, including email and telephonic inquiries, and engagement through our official social media channels;
   3. Physical touchpoints
      Data provided in person at our collection points or our head office by completing delivery forms, KYC documentation, or visitor logs;
   4. Marketing feedback
      Voluntary data submitted through participation in customer satisfaction surveys or promotional registrations;
2. Information provided by others
   This occurs when a customers provides us with your data as the intended recipient of a parcel they need us to deliver.

Why do we process data?

1. Service delivery
   To facilitate the end-to-end delivery lifecycle. This includes validating delivery instructions, calculation of tariffs, and synchronizing multi-point transit movements to ensure timely service delivery;
2. KYC
   To maintain a chain of custody by verifying the identity of senders and recipients of parcels, thereby mitigating the risk of mistaken or fraudulent handovers;
3. Automated transactional communication
   To maintain a real-time information flow between the Company and its customers, communicating; transactional metadata, delivery information and other updates via SMS or email, or both.
4. Quality assurance
   To provide reliable customer support, we process historical delivery and transactional data to investigate service discrepancies, resolve payment disputes, and improve our internal processes based on performance metrics and customer feedback.

How do we process data?

1. Geocoding and spatial analysis
   We use spatial processing techniques to convert physical addresses into geographic coordinates. This data is then analyzed against our service zones to determine delivery feasibility, calculate ETAs, allocate resources, and more.
2. Automated workflows
   We utilize server-side automated workflows to manage the delivery lifecycle. These process trigger immediate actions- such as calculating delivery fees based on information provided by the customer.
3. Deterministic algorithmic planning
   We utilize server-side processing of parcel, location, and other data, to manage our logistics workflows and coordinate routing and resource allocation.
4. Statistical modeling
   We utilize data aggregation to compile individual customer, parcel, and transaction data into statistical models. Through an anonymization process, we strip away personally identifiable information (PII). This allows us to analyze trends, identify weaknesses in our service delivery model, and improve our overall network efficiency without identfying individual users in reports.

Access to personal and operational data is strictly controlled and granted on a need-to-know basis to ensure confidentiality, integrity, and proper management of information. Specifically:

1. Internal access
   
   1. Management
      Our management team maintains access to operational data at all levels necessary to oversee our delivery operations, ensure targeted service quality, and fulfill regulatory obligations.
   2. Others
      Employees (and agents) have access only to the data required to perform their assigned duties, such as; receiving, storing, dispatching, or delivering parcels. Employees (and agents) do not have unrestricted access to all data across the organization.
2. Third-party service providers
   

   We maintain an ecosystem infrastructure comprising of globally recognized service providers. These third-party service providers are integrated into our operations as "sub-processors" under the following conditions:

   1. Global standards
      Many of our third-party service providers are required to comply with globally recognized data protection frameworks, such as General Data Protection Regulation (GDPR). This ensures that your data is handled with a globally recognized level of privacy regardless of where the processing occurs.
   2. Regulatory alignment
      In circumstances where a service provider is not subject to international frameworks such as GDPR, the shall still be required to comply with Personal Data Protection Act, 2022, and any subsequent Amendments or Regulations.
   3. Limited disclosures
      We only share specific data points strictly required for a provider to execute their designated task. By restricting access to these limited "scopes", we ensure that no third-party organization ever possesses a full or identifiable profile of our customers.

We implement a multi-layered data protection strategy to protect personal and operational data from unauthorized access, distribution, alteration, or destruction. Our security measures include:

1. Access controls
   Access to our database infrastructure is governed by robust authentication protocols. All devices are password protected;
2. Data redaction and scoping
   Prior to transmitting data to third-party service providers, we filter to isolate and remove any data points that are not strictly essential for the third party's specific task;
3. Data backup
   
   1. Point-to-point recovery
      Our database management system maintains rolling copies of all data for a period of seven (7) days. This allows us to restore the system to any specific moment within the last week in the event of a technical failure;
   2. Audit log
      We maintain detailed, time-stamped log of all database operations and system-level transactions. In the event of a data discrepancy or error, these logs serve as a critical recovery tool, and ensure that every action is reversible if necessary;
      
   3. Off-site recovery
      Moreover, we maintain secondary copies of data offline in the event of a failure of our cloud-based database management system.
   4. Employee training
      All employees (and agents) undergo orientation on how to handle customer information safely. This ensures employees (and agents) understand the importance of confidentiality.
4. Physical safeguards
   Access to physical records are securely stored in lockable cabinets with access limited to authorized personnel only.
   

In accordance with applicable law, you have the following rights:

1. Right to Access
   You have the right to view and obtain a copy of the personal data we hold about you. For your convenience, much of this information is accessible directly through your account.
2. Right to Rectification
   You have the right to request correction of inaccurate, incomplete or otherwise irrelevant personal data.
3. Right to Erasure ("Right to be Forgotten")
   You have the right to request deletion of your personal data, subject to regulatory obligations that require retention of the same.
4. Right to Restrict Processing
   You have the right to request that we temporarily suspend the processing of your personal data. Restricting this processing may result in the immediate suspension of our services to you.
5. Right to Object
   You have the right to object to the processing of your personal data for purposes other than the provision of courier services. This includes:
   1. Marketing
   2. Analytics and research

1. Roles
   The Company serves as a custodian of personal data (the "data controller") and is responsible for defining data protection objectives, policies, and processes, and ensuring that data is processed and disseminated lawfully.
2. Responsibilities
   
   1. Compliance
      Ensuring all activities are carried out in compliance with applicable laws and regulations.
   2. Policy Enforcement
      Actively implement and update this Privacy Policy to reflect changing business and technological environments the Company operates in.
   3. Resource Allocation
      Dedicating the necessary technical and human resources to maintain our database security.

1. Roles
   

   The customer is the individual, or entity, whose personal (and operational) information is collected and processed by the Company (the "data subject").

2. Responsibilities
   1. Provide information
      Providing personal (and business) information that is accurate, complete, and up-to-date.
   2. Account security
      Maintaining the confidentiality of account credentials.
   3. Provide timely updates
      Promptly notify the Company or updating their profile if there are changes to their contact or other information.
   4. Compliance
      Adhere to the Company's Terms of Service and this Privacy Policy, and exercise their rights in a lawful and transparent manner.

1. Collection methods
   The Company collects personal and other information through various touchpoints. This primarily occurs via our website when users create an account and use our website to request, track, or pay for deliveries, or communicate other information with us. We also collect information through direct communication, by phone, email or through our social media accounts.
2. Consent
   
   1. Web-based consent
      By creating an account through our website, you consent to the processing of your personal data.
   2. Contractual consent
      By engaging the Company in-person or off-line to handle and deliver parcels on your behalf, you consent to the processing of your personal data.

1. During the delivery lifecycle
   The Company processes personal, parcel and transactional data during the provision of courier services. This enables the Company to plan asset allocation and utilization, and enable automated communications and real-time tracking.
2. After the delivery lifecycle
   The Company may process historical data for internal analytical processes, such as evaluating service performance against regulatory standards.

For more details, see section 3.2 above.