Privacy Policy
Effective as of 02-05-2025 | Last updated: 20 March 2026
Welcome to eBakkie. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website (https://ebakkie.co.za) or use our mobile app (com.ebakkiesa.app), and tell you about your privacy rights and how the law protects you.
We encourage you to read this privacy policy alongside our Terms of Service to understand our practices regarding your personal data and how we will treat it. This Privacy Policy describes how eBakkie (operated by Ebakkie Pty Ltd) collects, uses, maintains, and discloses information collected from users (each, a "User") of the website, mobile applications (Android and iOS), and all products and services offered by eBakkie.
The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions unless otherwise defined in this Privacy Policy.
1. Information We Collect
We collect personal identification information from Users when they visit our site, register, place an order, fill out a form, respond to a survey, subscribe to the newsletter, or engage in other activities on our platform. We may collect the following categories of information:
1.1 Personal Information
- Full name (first name and last name)
- Email address
- Phone number
- Profile photograph
- Password (stored securely as a hash, never in plain text)
1.2 Driver-Specific Information
If you register as a driver, we additionally collect:
- Driver's license (front and back images or PDF documents)
- Vehicle information (make, model, year, colour, registration number)
- Vehicle photographs
- Bank account details (for earnings payouts)
- Real-time GPS location while online and on active rides
1.3 Location Data
We collect precise and approximate location data to enable core service functionality:
- Customers: One-time location capture when booking a ride (for pickup point)
- Drivers: Continuous GPS tracking while online to match with nearby ride requests and provide real-time tracking to customers
- Travel route and navigation between pickup and dropoff
- Real-time vehicle movement tracking during active rides
- Approximate location for nearby driver searches
1.4 Payment Information
- Payment method selected (cash, card, wallet)
- Transaction amounts, references, and status
- Wallet balance and top-up/withdrawal history
- Note: Card details are captured and processed by our payment processor (PayStack) on their secure, PCI-DSS compliant platform. eBakkie does not store your full card number, CVV, or PIN.
1.5 Communications Data
- In-app chat messages between customers and drivers during rides
- Ride ratings and written feedback
- Complaints and support requests
- SOS emergency alerts and associated location data
1.6 Technical & Device Data
- Device type, operating system, and version
- Push notification token (Firebase Cloud Messaging)
- IP address
- App version
- Network connection type
1.7 Ride & Delivery Data
- Pickup and dropoff addresses and GPS coordinates
- Ride status history (booked, accepted, arrived, started, completed, cancelled)
- Estimated and actual fare, distance, and duration
- Proof-of-delivery photographs (pickup and dropoff images)
- Delivery instructions and parcel type
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and maintain our ride-hailing and delivery services
- To match customers with nearby available drivers
- To process payments, refunds, and driver payouts
- To enable real-time ride tracking and navigation
- To verify driver identity and vehicle documentation
- To send transactional notifications (ride updates, payment confirmations, receipts)
- To send marketing communications (with your consent, which you can withdraw at any time)
- To handle complaints, disputes, and customer support
- To respond to SOS/emergency alerts
- To detect and prevent fraud, abuse, and safety incidents
- To improve our services, analyse usage patterns, and fix technical issues
- To comply with legal obligations
3. Social Login
The app uses third-party services for social login, including Google Sign-In and Apple Sign-In. When you choose to sign in via a social provider, we capture your email address and name as disclosed by that provider. We do not access your social media contacts, posts, or other account data.
4. Third-Party Service Providers
We share your information with the following third-party service providers, solely for the purpose of providing our services:
- PayStack — Payment processing (card transactions, bank transfers). PayStack is PCI-DSS compliant and handles all card data securely. PayStack Privacy Policy
- Google Maps Platform — Map display, route calculation, address geocoding. Google receives pickup/dropoff coordinates and your IP address. Google Privacy Policy
- Firebase Cloud Messaging (Google) — Push notifications. Firebase receives your device token and notification delivery data. Firebase Privacy
- Supabase — Authentication and database hosting. User profiles, wallets, and authentication data are stored on Supabase's secure infrastructure. Supabase Privacy Policy
- Amazon SES — Email delivery for transactional and marketing emails.
- Twilio — SMS delivery for ride updates and verification codes.
These third parties are contractually obligated not to disclose or use your information for any purpose other than performing the tasks assigned to them on our behalf.
We do not sell your personal information to any third party for advertising or marketing purposes.
5. Log Data
When you use our Service, in the case of an error in the app we may collect data and information on your device called Log Data. This Log Data may include information such as your device Internet Protocol ("IP") address, device name, operating system version, the configuration of the app when utilising our Service, the time and date of your use of the Service, and other diagnostic statistics. This data is used solely for debugging and improving the service.
6. Cookies
Our website uses minimal cookies for authentication purposes only (Supabase session cookie). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The mobile app does not use cookies. Third-party libraries integrated into our app may use cookies to collect information and improve their services. You have the option to accept or refuse these cookies.
7. Data Storage & Security
We implement industry-standard security measures to protect your data:
- All network communication uses HTTPS/TLS encryption
- Authentication tokens are stored in encrypted device storage (Android Keystore / iOS Keychain)
- Passwords are hashed using bcrypt (never stored in plain text)
- Database access is controlled by Row Level Security (RLS) policies
- Payment card data is handled by PCI-DSS compliant payment processors
- API access is authenticated via JSON Web Tokens (JWT)
However, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.
8. Data Retention
- Account data: Retained for as long as your account is active
- Ride history: Retained for tax and legal compliance purposes (minimum 5 years)
- Chat messages: Retained for the duration of the ride plus 90 days for dispute resolution
- Location data: Driver location is stored while online; historical tracking data is retained for ride records
- Payment records: Retained for 5 years per financial regulations
- Deleted accounts: All personal data is permanently removed within 30 days of account deletion
9. Location Permissions Explained
Our app requests the following location permissions:
ACCESS_FINE_LOCATION (Precise Location): Required for GPS-based ride booking, real-time driver tracking, and navigation. Without this permission, the app cannot function as a ride-hailing service.
ACCESS_COARSE_LOCATION (Approximate Location): Used as a fallback when precise GPS is unavailable, using Wi-Fi networks and cell towers for approximate positioning.
ACCESS_BACKGROUND_LOCATION (Background Location): Used only for drivers who need to remain trackable while the app is in the background during active rides. Customers are never tracked in the background. Drivers can disable background location by going offline in the app.
10. Camera & Photo Permissions
Camera: Used to capture profile photos and delivery proof-of-capture images (pickup and dropoff photographs). Camera access is only activated when you explicitly choose to take a photo.
Photo Library: Used to select existing photos from your device for profile images or delivery proof. We only access photos you explicitly select.
11. Push Notifications
We use Firebase Cloud Messaging (FCM) to send push notifications for ride updates, driver assignments, payment confirmations, and promotional offers. You can disable push notifications at any time through your device settings or in the app's notification preferences. Transactional notifications (ride status updates, security alerts) may still be delivered via SMS or email even if push notifications are disabled.
12. Notification Preferences & Marketing
You can manage your notification preferences in the app Settings page:
- Email notifications: Toggle on/off for marketing emails
- SMS notifications: Toggle on/off for marketing SMS
- Push notifications: Toggle on/off in device settings
Transactional messages (ride updates, payment confirmations, security alerts) are always sent regardless of marketing preferences, as they are essential for service delivery. All marketing emails include a one-click unsubscribe link.
13. Your Rights Under POPIA
Under the Protection of Personal Information Act (POPIA) of South Africa, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of your personal information
- Object to the processing of your personal information
- Withdraw consent for marketing communications at any time
- Lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, contact us at [email protected].
14. Delete Your Account
You can request deletion of your account and all associated data through the profile page in the mobile app or by contacting us at [email protected].
Once you delete your account:
- All your personal data will be permanently removed from our systems within 30 days
- This includes your profile image, email, phone number, social login connections, booking history, chat messages, and wallet data
- Payment records may be retained for 5 years as required by financial regulations
- Deleted user data and accounts are irrecoverable
15. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us so that we can take necessary action to remove that information.
16. Links to Other Sites
Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. These external sites are not operated by us. We strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
17. International Data Transfers
Your data may be processed and stored on servers located outside of South Africa, including servers operated by our service providers (Supabase, Google, Firebase, PayStack). Where data is transferred internationally, we ensure appropriate safeguards are in place to protect your information in accordance with POPIA.
18. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you a notification via email or in-app message. You are advised to review this page periodically for any changes.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: