Privacy Policy

Effective Date: 23 December 2024

This Privacy Policy (“Policy”) governs the collection, use, storage, and disclosure of personal information by Twytch (Pty) Ltd and Twytch South Africa (Pty) Ltd (“we,” “us,” or “our”) in connection with our website, application, and other services (collectively, the “Platform”).  We are committed to safeguarding your privacy and managing your personal data responsibly, in accordance with the Protection of Personal Information Act (“POPI Act”) of South Africa.

By accessing or using our Platform, you agree to this Policy’s terms, which apply to all users, including passengers, drivers, and associated third-party participants (collectively, “Users”). If you do not agree with this Policy, please refrain from using our Platform.

1. Information We Collect

1.1 Personal Information: To offer our services, we collect information directly provided by you and data gathered through your usage of the Platform. This includes:

  • Identification Data: Such as your full name, contact details (phone number, email address), physical address, age, gender, identification documents (e.g., driver’s license, national ID), and a profile photo.
  • Location Data: Real-time GPS location data is collected when you enable location services on your device and use the app. This allows us to accurately provide pickup and drop-off locations, calculate fare estimates, and match drivers and passengers.
  • Payment Information: Details needed for processing payments, such as bank account details, credit or debit card numbers, billing addresses, and transaction history.
  • Communications: Includes any correspondence with our customer service team, in-app messaging, feedback, and responses to surveys. This data aids in addressing issues, improving services, and enhancing customer support.
  • Usage Data: Information related to how you use the Platform, such as trip history, frequency of use, page visits, app features accessed, and interaction patterns.

1.2 Device Information: When you use our Platform, we collect data from your device, including device type, model, operating system, IP address, device ID, and browser type. This data assists us in ensuring compatibility, optimizing performance, and identifying potential technical issues.

1.3 Sensitive Information: We may collect sensitive personal information, such as biometric data (e.g., a driver’s photo for identity verification), when it is required for security and fraud prevention. Sensitive information is stored with additional safeguards and used only as necessary for Platform functionality and safety.

2. How We Use Your Information

2.1 Service Provision and Maintenance: We process personal data to:

  • Enable core Platform services, such as providing ride bookings, driver-passenger matching, and ride tracking.
  • Personalize and optimize the experience based on usage patterns and preferences.
  • Communicate ride details, manage user accounts, and send receipts post-ride.

2.2 Security and Fraud Prevention: We use your data to:

  • Conduct identity verification and background checks (for drivers), using third-party service providers where necessary.
  • Implement fraud prevention measures, monitor Platform activities, and investigate potentially malicious activity, ensuring a secure environment for all users.

2.3 Communication: We may contact you to:

  • Confirm bookings, share trip details, provide customer support, deliver receipts, and notify you of relevant Platform updates.
  • Send marketing communications (with your consent) related to promotions, special offers, loyalty programs, and service enhancements. Users can opt out of promotional communications, although critical service notifications may still be sent for account management purposes.

2.4 Personalization and Improvements: We analyze usage data to:

  • Enhance user experience by identifying areas for Platform improvement, such as optimizing app features, addressing user needs, and personalizing the app interface.
  • Test new features, improve efficiency, and identify and address service issues.

2.5 Legal and Regulatory Compliance: We may use personal information as required to:

  • Comply with legal obligations, such as maintaining financial records for tax purposes, conducting audits, and providing information to law enforcement in accordance with the POPI Act.
  • Enforce our Terms of Use, investigate misuse of the Platform, and cooperate with government authorities where legally obligated.

3. Sharing Your Information

3.1 Third-Party Service Providers: We engage third-party vendors to assist in providing services such as:

  • Payment Processors: To securely process transactions and prevent fraud.
  • Analytics Providers: To collect Platform usage data and assist in app improvement.
  • Cloud Storage Providers: For secure storage of personal information. Third parties are bound by contractual agreements to maintain data security and confidentiality, ensuring POPI Act compliance.

3.2 Legal Requirements and Safety: Personal data may be disclosed in response to:

  • Subpoenas, court orders, or other legal processes.
  • Requests from law enforcement or government agencies, when disclosure is necessary to protect our rights, property, or safety, as well as the rights, property, or safety of our Users and the public.

3.3 Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred to the acquiring entity, subject to confidentiality agreements and compliance with South African data privacy laws.

4. User Rights Under the POPI Act

4.1 Access to Personal Information: You have the right to request a record of your personal information. Access requests may require identity verification and a reasonable fee to cover administrative costs, as permitted by law.

4.2 Correction and Deletion: You may request:

  • Correction of any inaccurate data or updating of outdated information.
  • Deletion of your personal data if it is no longer needed for the intended purpose, subject to legal and regulatory requirements for data retention.

4.3 Objection to Processing: Users can object to the processing of personal data, especially for direct marketing or when processing is based on legitimate interests that may affect your privacy.

4.4 Data Portability: We can provide your personal data in a structured, commonly used, machine-readable format if you need it for use on another service.

4.5 Withdraw Consent: Where processing relies on consent, you have the right to withdraw consent at any time, affecting only future data processing.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Once no longer required, data is deleted, anonymized, or de-identified in a secure manner. Our data retention policy considers various legal, business, and technical requirements.

6. Security of Your Information

Our commitment to data security includes:

  • Encryption: Protecting sensitive information during transmission and at rest.
  • Access Control: Limiting access to personal data only to authorized personnel and implementing strict identity verification measures.
  • Regular Audits: Conducting periodic reviews of data security practices to ensure compliance with the POPI Act and evolving security standards.

Despite our security measures, no method of electronic transmission or storage is completely secure; therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. International Data Transfers

If personal data is transferred to jurisdictions outside South Africa, we ensure compliance by:

  • Implementing data transfer agreements using standard contractual clauses or other POPI Act-compliant safeguards.
  • Verifying that receiving jurisdictions have adequate data protection laws equivalent to South Africa’s.

8. Children’s Privacy

Our Platform is designed for use by individuals 18 years and older. If a minor accesses the Platform without parental or guardian consent, we will promptly delete any personal information if we become aware of it.

9. Marketing Communications

We may send you updates, promotions, and news about our Platform. While you can opt-out of such marketing communications, we may still send critical notifications, including:

  • Trip confirmations, receipts, and customer service responses.
  • Updates to our Terms of Use or Privacy Policy.

To manage your communication preferences, you may follow unsubscribe instructions in marketing emails or adjust your notification settings within the app.

10. Changes to This Policy

We reserve the right to amend this Privacy Policy periodically. Significant changes will be communicated through Platform notifications or by email, where applicable. Your continued use of the Platform following any such updates signifies acceptance of the amended Policy.

11. Contact Us

If you have any questions about this Privacy Policy, your data rights, or wish to lodge a complaint regarding our data practices, please reach out to our appointed Data Protection Officer (DPO) via:

  • Email: support@twytch.app
  • Phone: +27 (0)11 282 0722

Disclaimer: This Policy is subject to South African law, specifically the POPI Act. It is intended to protect both our Platform and User privacy but does not create rights or obligations beyond legal requirements. This document does not serve as a binding contract outside statutory regulations, and compliance with the POPI Act is our priority.

Effective Date: 23 December 2024

Version:  1.0