Privacy Policy – Fleet Driver App

Version 1.0 • Last updated: 21 Sep 2025

Introduction

Welcome to the Fleet Driver App (“App”). This Privacy Policy explains how [Your Company Legal Name] (“we”, “us”, “our”) collects, uses, discloses, and protects information when drivers use the App to receive assignments, navigate, and update delivery status.

This policy is designed to meet requirements of the Kenya Data Protection Act (2019), the EU/UK GDPR, and the California CCPA/CPRA, to the extent applicable.

Important for drivers: The App is provided to you by your employer/contracting organization (“Organization”). Your Organization may be the data controller and set data retention and processing rules. We process your data as a controller or processor depending on the agreement with your Organization.

Who we are

Controller/Operator: Fleet Africa

Contact: [email protected]

Website: www.fleet.ke

Data we collect

We collect the following categories of personal and device information when you use the App:

Category	Examples	Collected When
Account & Identity	Name, phone number, employee/driver ID, organization ID, vehicle ID, email/username.	Account creation, login, assignment to an Organization.
Location (Foreground & Background)	GPS coordinates, speed, heading, accuracy, timestamps, trip routes, geofences (e.g., arrival at pickup/drop-off).	While app is in use, and—if enabled by your Organization—while running in the background to support live tracking and ETA accuracy.
Device & App Info	Device model, OS version, app version, unique identifiers (e.g., Instance ID), push tokens, network type, IP address.	On install, login, and during normal operation for diagnostics and notifications.
Usage & Diagnostics	Crash logs, performance metrics, feature usage events, error reports.	Automatically collected for reliability and support.
Operational Data	Orders/trips assigned, timestamps (accept, start, arrive, complete), photos of proof of delivery (POD), signatures, notes, scan data.	When you accept/complete tasks, capture PODs, or update statuses.
Media (Camera/Photos)	Images for POD, damage evidence, ID or document scans (if your Organization enables these flows).	When you use in-app camera or upload media.
Contacts/Call Logs (Optional)	Customer or dispatcher phone numbers (dial-out), call duration (no content), if your Organization enables in-app dialer.	When you place calls from the App (we don’t record call audio).
Payments (Optional)	Stipend/payout account details if payouts are managed in-app (via a secure provider).	When you set up or receive payouts.

Why background location? Background location enables accurate live tracking, dispatch optimization, geofence-based updates, and ETAs even when the App is minimized. Your Organization configures whether background tracking is required for operations or compliance.

How we use data

Dispatch & Routing: Assign trips, compute routes/ETAs, geofence arrivals, and optimize fleets.
Proof & Compliance: Capture POD photos/signatures, timestamps, and audit logs for service levels and legal/regulatory obligations.
Safety & Security: Detect fraud/route deviations, support driver safety policies enabled by your Organization.
Support & Quality: Diagnose crashes, improve performance, and assist with support requests.
Notifications: Send task updates, reminders, safety alerts, and critical service messages.
Analytics (aggregated/de-identified): Improve features, reliability, and planning. We do not sell your personal information.

Legal bases (GDPR/KE DPA)

Performance of a contract (provide the App and services to your Organization).
Legitimate interests (security, fraud prevention, product improvement).
Consent (where required, e.g., certain background tracking or notifications).
Legal obligation (retain records for tax/transport compliance if applicable).

Data retention

We retain personal data for as long as needed to provide the App and fulfill the purposes above, and as required by your Organization’s policy and applicable laws.

Data Type	Typical Retention
Operational records (trips, POD, timestamps)	12–84 months (per Organization policy/regulation)
Location traces	3–24 months (minimized where feasible)
Crash & diagnostics	Up to 24 months
Account & identifiers	While account is active, then securely archived or deleted

You or your Organization may request deletion as described below.

Your privacy rights

Depending on your jurisdiction, you may have the right to:

Access your personal data.
Correct inaccurate or incomplete data.
Delete your data (“erasure”) subject to legal/contractual limits.
Object or restrict certain processing.
Port your data to another service (where feasible).
Withdraw consent at any time (where processing is based on consent).

To exercise rights, contact us at [email protected] or contact your Organization’s administrator. We will coordinate as needed.

CCPA/CPRA: California residents may request access/deletion and opt out of “sale”/“sharing” (we do not sell or share for cross-context behavioral advertising).

Android permissions & data safety

The App may request these Android permissions (exact set depends on your Organization’s configuration and your device OS version):

ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION – precise/approximate location for routing, ETAs, geofencing.
ACCESS_BACKGROUND_LOCATION – continuous tracking for active trips and safety, even when minimized (Organization-controlled).
ACTIVITY_RECOGNITION (optional) – motion detection to optimize tracking and battery usage.
CAMERA / READ_MEDIA_IMAGES – POD/damage photos and uploads.
POST_NOTIFICATIONS – task updates, alerts, reminders.
READ_PHONE_STATE / CALL_PHONE (optional) – initiate calls to customers/dispatch; we do not record call audio.
INTERNET / ACCESS_NETWORK_STATE – connectivity and sync.
RECEIVE_BOOT_COMPLETED (optional) – resume essential background services after reboot during active shifts.

In the Google Play Data Safety form, we disclose collection, purpose, and sharing consistent with this policy and the App’s current feature set.

Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including encryption in transit (TLS), access controls, logging, and minimization. No method of transmission or storage is 100% secure; we continually improve our protections.

Children’s privacy

The App is intended for professional use by adults. We do not knowingly collect data from persons under the age of 16 (or the age defined by local law). If you believe a minor has provided data, contact us and we will take appropriate action.

International data transfers

Your data may be processed in countries other than where you reside. Where required, we rely on lawful transfer mechanisms (e.g., Standard Contractual Clauses) and ensure comparable protections.

Changes to this policy

We may update this policy to reflect changes in the App, laws, or operational practices. We will post updates here and, where appropriate, notify you in-app. Continued use after the effective date constitutes acceptance.

Contact us

Questions or requests about privacy? Contact our Privacy Team:

Email: [email protected]

Data deletion requests: Email [email protected] with your full name, driver ID, Organization name, and the device phone number used with the App. We will verify and process your request in coordination with your Organization.