Logo

Menu

Book a Ride

Pepea Privacy Policy – Riders

27th February 2026

Pepea Privacy Policy – Riders

Last Updated: 09/02/2026

 

  • Introduction and Scope

PEPEA DIGITAL COMMERCE LIMITED (“Pepea”, “we”, “us” or “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, store and otherwise process personal data of individuals who use the Pepea mobile applications, websites and related technology platform (together, the “Pepea Platform”) to request and receive passenger transport and related services as riders or passengers (“Riders”, “you”, “your”).

This Privacy Policy is designed to comply with the Kenya Data Protection Act, No. 24 of 2019 (the “DPA”) and any applicable regulations and guidelines issued by the Office of the Data Protection Commissioner (ODPC).

By creating an account, accessing or using the Pepea Platform as a Rider, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal data as set out herein.

This Privacy Policy applies only to Riders/Passengers. A separate privacy policy applies to Driver-Partners.

 

  • Data Protection Principles

In processing your personal data, Pepea adheres to the data protection principles set out in the DPA. In particular, we ensure that personal data is:

  • Processed lawfully, fairly and in a transparent manner.
  • Collected for explicit, specified and legitimate purposes, and not further processed in a manner incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  • Accurate and, where necessary, kept up to date, taking every reasonable step to ensure that inaccurate personal data is erased or rectified without delay.
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical and organisational measures.

 

  • Who We Are and How to Contact Us

Data Controller:  

PEPEA DIGITAL COMMERCE LIMITED  

P.O. Box 8635 – 00200, Nairobi, Kenya  

Two Rivers Complex, Southern Tower – 2nd Floor,  

Limuru Road, Nairobi – Kenya.

Privacy Contact Email (for all privacy matters):  info@pepeadigital.com

You may use the above email address to:

  • Ask questions about this Privacy Policy;
  • Exercise any of your rights under the DPA; or
  • Raise any concerns or complaints regarding our handling of your personal data.

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe that your data protection rights have been infringed.

 

  • Relationship with Other Terms and Policies

This Privacy Policy forms part of and is incorporated into the Pepea Rider Terms and Conditions (or other applicable user terms). In case of any inconsistency between this Privacy Policy and such terms regarding the processing of personal data, this Privacy Policy will prevail to the extent of the inconsistency.

Additional notices or terms may apply to specific features or promotions (for example, referral programmes or special campaigns). Where applicable, such notices should be read together with this Privacy Policy.

 

  • Definitions

For purposes of this Privacy Policy:

  • “Personal data” means any information relating to an identified or identifiable natural person, as defined under the DPA.
  • “Processing” means any operation or set of operations performed on personal data, such as collection, recording, storage, use, disclosure, adaptation or deletion.
  • “Rider” or “Passenger” means an individual who uses the Pepea Platform to request, receive or pay for transport or related services.
  • “Driver-Partner” or “Driver” means an independent service provider who uses the Pepea Platform to offer rides or related services to Riders.
  • “Pepea Platform” means Pepea’s mobile applications, websites, APIs and related online tools and services.
  • “Geolocation Data” means data that identifies your precise or approximate location (e.g. GPS coordinates, Wi‑Fi or cell tower signals, IP address).

 

  • Categories of Personal Data We Collect

We collect and process personal data about you from three main sources:

  • Personal data you provide to us directly;
  • Personal data we collect automatically when you use the Pepea Platform; and
  • Personal data we receive from third parties.
  • Personal Data You Provide to Us
  • Account and Profile Data

When you register and maintain a Rider account, we collect:

  • Full name;
  • Mobile phone number;
  • Email address;
  • Password and authentication details;
  • Profile photo (optional);
  • Preferred language, communication and notification settings;
  • Home, work and other saved/favourite locations (optional);
  • Date of birth (where required for eligibility or verification);
  • Any referral code you use or share.
  • Payment and Billing Data

To process payments and refunds, we collect:

  • Payment method details (e.g. mobile money wallet identifier, card type and masked card details, bank information as required to process payouts or refunds);
  • Transaction information (amounts billed, currency, dates, time, payment channel, authorisation codes, status of payments and refunds);
  • Limited billing information required for receipts/invoices (e.g. your name and contact details, and where relevant tax identification details if supplied by you).

Sensitive payment card data (such as full card numbers and CVV codes) is processed and stored by our PCI‑DSS–compliant payment service providers and not retained by Pepea beyond what is technically and legally necessary.

  • Communications and Support Data

When you contact us or interact with us, we collect:

  • The content of your communications with Pepea (in‑app chat, email, web forms, customer support calls);
  • Details of issues you report, safety or incident reports, disputes or complaints;
  • Attachments or evidence you choose to provide (screenshots, photos, audio clips or documents).
  • Feedback, Ratings and Survey Data

When you provide feedback on a trip or participate in surveys, we collect:

  • Star ratings you give to Drivers or trips;
  • Written comments, compliments, complaints or suggestions;
  • Responses to surveys and interviews on your experience, preferences, or perception of safety and service quality.
  • Marketing and Promotions Data

When you participate in promotions, referral programmes or opt into marketing:

  • Your participation details (e.g. campaign identifiers, referral code used, number of invites sent, rewards earned);
  • Your marketing preferences (channels, topics of interest).

 

  • Personal Data We Collect Automatically When You Use the Pepea Platform
  • Trip, Journey and Geolocation Data

When you request, take or cancel a trip via the Pepea Platform, we process:

  • Precise or approximate real‑time location data from your device (subject to your device and app settings);
  • Pickup and drop‑off addresses and GPS coordinates;
  • Route information (including route variations, detours, distance and estimated vs actual times);
  • Date, time and duration of trips, trip status (accepted, in progress, completed, cancelled);
  • Fare estimates and final fare amounts;
  • Information relating to trip changes (e.g. multiple stops, change of destination, waiting times).

You may choose to disable location services via your device settings; however, this may affect your ability to use certain features, and you may be required to manually enter pickup and drop‑off locations.

  • Device and Technical Data

We collect information about the devices and networks you use to access the Pepea Platform, including:

  • Device model, operating system and version;
  • Unique device identifiers (e.g. device ID, advertising identifier, push token);
  • Mobile network operator and country;
  • IP address and approximate location derived from IP;
  • Browser type and version;
  • App version and configuration.
  • App Usage and Log Data

We collect data relating to your use of the Pepea Platform, such as:

  • Dates and times you open, use and log out of the app;
  • Screens, pages and features you view or interact with;
  • Search queries (e.g. destinations, Driver or vehicle filters where applicable);
  • Actions taken (e.g. request a ride, apply a promo code, change payment method, cancel a trip);
  • App crashes, error logs and performance data.
  • Cookies and Similar Technologies

When you use the Pepea website or app, we may use cookies, SDKs and similar technologies to:

  • Remember your preferences and login status;
  • Understand how you navigate and use the Platform;
  • Measure performance and improve our services;
  • Support security features (e.g. session management, fraud detection);
  • Deliver or measure marketing and promotions in accordance with your preferences and applicable law.

You may manage your cookie preferences via your browser or device settings. Disabling certain cookies may affect the functionality of the Pepea Platform.

 

  • Personal Data We Receive from Third Parties

We may receive personal data about you from:

  • Driver-Partners: where they provide feedback, ratings, incident reports, lost‑and‑found information, or safety-related information about trips you have taken.
  • Other Riders/Referrers: if another Rider or contact refers you to Pepea or books a trip on your behalf; we may receive your name and phone number or other basic contact information.
  • Payment Service Providers and Financial Institutions: confirmation of payment status, chargebacks, fraud indicators, or information required to process refunds and resolve disputes.
  • Service Providers: analytics, security, anti‑fraud and customer support providers may provide risk scores, device intelligence or incident details linked to your account or transactions.
  • Public Authorities and Regulators: where required or permitted by law, for example in the context of investigations, law enforcement requests, or regulatory reporting.

 

  • Purposes and Lawful Bases for Processing

We process your personal data for the purposes set out below, relying on one or more lawful bases as provided under the DPA: consent, performance of a contract, compliance with legal obligations, legitimate interests, vital interests, and, where applicable, public interest.

  • Summary Table of Purposes and Lawful Bases

Purpose of Processing

Categories of Personal Data

Lawful Basis under DPA

Create, manage and authenticate your Rider account

Account & Profile Data; Device Data; Identification data as necessary

Performance of a contract; Legitimate interests (platform integrity and security)

Provide, operate and improve trip‑booking and transport services

Account & Profile Data; Trip/Journey & Geolocation Data; Payment & Billing Data; Device & App Usage Data

Performance of a contract; Legitimate interests (efficient service delivery and user experience)

Calculate fares, process payments, issue receipts and manage refunds

Payment & Billing Data; Trip/Journey & Geolocation Data; Account & Profile Data

Performance of a contract; Compliance with legal obligations (tax, accounting, financial regulations)

Customer support and dispute resolution

Account & Profile Data; Communications & Support Data; Trip/Journey & Geolocation Data; Feedback & Ratings

Performance of a contract; Legitimate interests (service quality, complaint handling); Compliance with legal obligations (where applicable)

Safety, security, fraud prevention and misuse detection

Account & Profile Data; Trip/Journey & Geolocation Data; Device & App Usage Data; Feedback & Ratings; Incident Reports

Legitimate interests (fraud prevention, platform safety and integrity); Compliance with legal obligations; Vital interests (protecting life and physical integrity)

Service quality monitoring, analytics and product improvement

Trip/Journey & Geolocation Data; Device & App Usage Data; Feedback, Ratings & Survey Data; Cookie/Analytics Data

Legitimate interests (improve services, develop new features); Consent where required (certain analytics/telemetry and cookies)

Direct marketing and promotions (including personalised offers)

Account & Profile Data; Contact Data; Marketing & Promotions Data; Limited App Usage Data

Consent (where required by law); Legitimate interests (informing customers of similar services, subject to opt-out)

Compliance with legal and regulatory obligations, enforcement of our terms, and management of claims

Any relevant category listed above, as reasonably necessary

Compliance with legal obligations; Legitimate interests (defence of legal claims, enforcement of rights); Public interest where applicable

Business continuity, corporate transactions (e.g. reorganisation, merger or acquisition)

Account & Profile Data; Trip & Transaction Data; other categories as strictly necessary

Legitimate interests (business continuity and corporate governance); Compliance with legal obligations
  • Further Detail on Key Purposes
  • Provision of the Pepea Services

We use your personal data to:

  • Register and maintain your account;
  • Authenticate your identity and prevent unauthorised access;
  • Allow you to request, schedule, manage and cancel trips;
  • Match you with suitable Driver-Partners based on location and other relevant parameters;
  • Provide in‑app communications between you and Drivers where available;
  • Provide accurate pickups, navigation, and drop‑offs using Geolocation Data;
  • Calculate estimated arrival times and dynamically update trip status.

Legal basis: Performance of a contract; Legitimate interests (ensuring efficient and safe service).

 

  • Payments and Billing

We process your data to:

  • Process trip payments via mobile money, bank cards or other approved methods;
  • Apply discounts, vouchers, referral rewards and promotional credits;
  • Issue digital receipts/invoices and enable access to your trip and payment history;
  • Manage chargebacks, reversals and refunds;
  • Comply with tax, accounting and other financial reporting obligations.

Legal basis: Performance of a contract; Compliance with legal obligations.

 

  • Safety, Security and Fraud Prevention

We process data to:

  • Detect, investigate and prevent fraud, unauthorised account access, payment abuse or misuse of vouchers;
  • Monitor unusual or high‑risk behaviours (e.g. excessive cancellations, suspected account sharing or identity misuse);
  • Investigate safety incidents, accidents, property damage or allegations of harassment, assault or other misconduct;
  • Temporarily restrict or permanently suspend accounts in cases of confirmed or suspected abuse or serious safety risks;
  • Support emergency response and cooperate with law enforcement where necessary to protect vital interests of Riders, Drivers or the public.

Legal basis: Legitimate interests (fraud prevention, safety and platform integrity); Compliance with legal obligations; Vital interests (in emergencies).

 

  • Customer Support and Service Quality

We use your data to:

  • Respond to queries, requests and complaints submitted via the app, email or other channels;
  • Access trip records and related information to investigate and resolve issues;
  • Review call recordings and chat logs (where applicable) for training, quality assurance and dispute resolution;
  • Monitor Rider satisfaction and service performance.

Legal basis: Performance of a contract; Legitimate interests (service quality improvement and issue resolution); Compliance with legal obligations where applicable.

 

  • Analytics, Research and Service Improvement

We analyse aggregated and pseudonymised data to:

  • Understand how Riders use the Pepea Platform;
  • Improve app design, route selection, pickup accuracy and trip completion rates;
  • Develop, test and roll out new features or services;
  • Perform statistical and trend analysis (e.g. demand patterns by time and area).

Where feasible, such analysis is conducted using data that does not directly identify you.

Legal basis: Legitimate interests (service improvement and innovation); Consent for certain cookies and analytics tools where required.

 

  • Marketing and Promotions

Subject to your preferences and applicable law, we may:

  • Send you information regarding Pepea services, features, offers, discounts and promotions;
  • Personalise marketing communications based on your usage patterns (e.g. frequently used routes, time of day, participation in past promotions);
  • Invite you to participate in surveys, feedback programmes or referral schemes.

You may opt-out of marketing communications at any time by using the unsubscribe link in the message or by adjusting your app settings. Transactional and service-related messages (e.g. receipts, safety alerts, changes to terms) will continue to be sent where necessary.

Legal basis: Consent (where required); Legitimate interests (direct marketing of similar services to existing customers, subject to your right to object).

 

  • Legal and Regulatory Compliance, Enforcement and Defence of Claims

We may process your data to:

  • Comply with obligations under transport, tax, anti‑money laundering and other applicable laws;
  • Respond to lawful requests, court orders and directions of competent authorities, including the ODPC and law enforcement agencies;
  • Enforce our contractual terms and conditions;
  • Establish, exercise or defend legal claims.

Legal basis: Compliance with legal obligations; Legitimate interests (protection of our rights and interests, and those of users); Public interest where applicable.

 

  • Cookies and Similar Technologies

We use cookies and similar technologies on our websites and, where applicable, within the app to:

  • Keep you logged in and secure your session;
  • Remember your preferences (such as language and saved locations);
  • Measure performance and usage (e.g. which pages are viewed, load times);
  • Tailor promotions and content, in accordance with your consent and preferences.

Where required by law, we will request your consent before placing non‑essential cookies or using tracking technologies for marketing or advanced analytics. You can adjust your browser or device settings to refuse or delete cookies; however, this may impact your experience and limit certain functionalities.

 

  • Sharing of Personal Data

We do not sell your personal data. We may share your personal data in the following circumstances, on a need‑to‑know basis and subject to appropriate confidentiality and data protection safeguards.

  • Sharing Between Riders and Driver-Partners

To enable trips to be fulfilled safely and efficiently:

Data shared with Driver-Partners:

  • Your first name;
  • Profile photo (if you have chosen to add one);
  • Pickup and drop‑off locations and route;
  • Information necessary to identify you at pickup (e.g. your chosen pickup point or notes you provide);
  • Your Rider rating and limited anonymised feedback where relevant for safety and service quality.

Where in‑app calling or messaging is available, Pepea may use number‑masking or similar methods so that your actual phone number is not disclosed to the Driver (save where disclosure is technically necessary, such as in certain markets or networks).

  • Service Providers and Professional Advisors

We may share your personal data with carefully selected third‑party service providers who support our operations, including:

  • Payment processors and financial institutions;
  • Cloud hosting and data storage providers;
  • Customer support tools and communication platforms;
  • Analytics, security and anti‑fraud solution providers;
  • Marketing and survey service providers (subject to your preferences);
  • Professional advisers such as auditors, legal counsel and consultants.

These service providers process personal data only on our documented instructions, are bound by confidentiality obligations, and are required to implement appropriate security measures.

  • Group Companies and Affiliates

Where applicable, we may share personal data with entities within the Pepea group (if any) for purposes consistent with this Privacy Policy, such as:

  • Centralised customer support and operations;
  • Shared infrastructure and security functions;
  • Corporate management, auditing and reporting.

Any such entities will be bound by equivalent data protection obligations.

  • Legal and Regulatory Disclosures

We may disclose personal data where required to do so by law or where we reasonably believe such disclosure is necessary to:

  • Comply with a legal obligation, court order, or law enforcement or regulatory request (including from the ODPC and the Kenya Police Service);
  • Protect the rights, property or safety of Pepea, our Riders, Driver-Partners or the public;
  • Investigate and respond to suspected fraudulent or illegal activity or serious misconduct on the Platform.

Where permissible, we will consider the impact on your rights and, where appropriate, notify you of such disclosure.

  • Business Transfers

If Pepea is involved in a merger, acquisition, restructuring, financing, sale of assets or similar corporate transaction, your personal data may be transferred as part of that transaction, subject to confidentiality and data protection safeguards. We will take reasonable steps to ensure the recipient processes your personal data in accordance with this Privacy Policy and applicable law, and we will notify you of any material changes to the processing of your personal data following such transfer.

 

  • International Data Transfers

Pepea is based in Kenya, but some of our service providers, systems or group entities may be located, or may store and process data, outside Kenya.

Where we transfer your personal data outside Kenya, we will ensure that such transfers comply with the requirements of the DPA, including by:

  • Transferring data only to countries which the ODPC or applicable law has determined provide an adequate level of data protection; or
  • Implementing appropriate safeguards, such as enforceable contractual clauses with data recipients that ensure an adequate level of protection consistent with the DPA; or
  • Relying on other legally recognised grounds for cross‑border transfers, such as your explicit consent where appropriate or where the transfer is necessary for the performance of a contract between you and Pepea or for the implementation of pre‑contractual measures at your request, or for the establishment, exercise or defence of legal claims.

Where required, we will provide you with further information on the safeguards in place for a specific transfer upon request, subject to confidentiality and security considerations.

 

  • Data Security

We implement and maintain appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. These measures include, among others:

  • Use of encryption and secure communication protocols, where appropriate;
  • Access controls and authentication mechanisms to limit access to personal data to authorised personnel on a need‑to‑know basis;
  • Physical and logical security of our systems and infrastructure;
  • Regular monitoring, logging and testing of systems for vulnerabilities;
  • Internal policies and procedures on data protection, information security and incident response;
  • Training of staff with access to personal data on their confidentiality and data protection obligations.

Despite our efforts, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your personal data. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ODPC and affected individuals in accordance with the DPA and applicable regulations.

 

  • Data Retention

We retain your personal data only for as long as is reasonably necessary for the purposes for which it was collected, or as required by law, regulation or to defend or exercise legal claims.

We apply the following general retention guidelines (which may be adjusted in light of legal, regulatory or operational requirements):

Category of Personal Data

Typical Retention Period

Rationale

Account & Profile Data

For the lifetime of your account and up to 7 years after account deletion or last active use

To maintain your account, comply with legal obligations (e.g. tax, contract records) and handle potential disputes

Trip/Journey & Geolocation Data (linked to your account)

Generally up to 7 years from the date of each trip

To support billing and tax records, handle complaints or legal claims, and comply with regulatory requirements

High‑resolution/real‑time Geolocation logs (where stored separately for operational analytics)

Typically up to 3 years, unless required longer for investigations or legal reasons

To improve service quality, routing and safety analytics without retaining data indefinitely

Payment & Billing Records

Up to 7 years from the relevant transaction

To comply with financial, accounting and tax regulations and to manage chargebacks/disputes

Communications & Support Records (e.g. chat logs, emails, call recordings)

Typically 3–5 years from the communication, depending on the sensitivity of the matter

To evidence support provided, resolve disputes and improve service quality

Safety Incident and Misconduct Records

Typically 7–10 years from closure of the incident, depending on severity

To protect users, enforce bans, and defend or exercise legal claims in serious safety cases

Feedback, Ratings & Surveys

For as long as your account is active and for up to 3 years thereafter (usually stored in aggregated or pseudonymised form over time)

To maintain accurate ratings and improve the service

Marketing and Promotions Data (including consent logs)

Until you withdraw consent or object, and for a limited period thereafter to record your preference (typically up to 2 years after last activity)

To manage marketing preferences and demonstrate compliance with consent and opt‑out requirements

Technical Logs and Analytics Data

Typically up to 2 years, often in aggregated or pseudonymised form

To maintain security, monitor performance and improve the Platform

Where we no longer need personal data for the purposes described above, or upon expiry of the applicable retention period, we will:

  • Securely delete or anonymise the data so that it no longer identifies you; or
  • Archive it securely and restrict access where retention is required by law or legitimate business needs (e.g. to defend a legal claim).

Retention periods may be extended where we are required to do so by law or if there is an ongoing dispute, investigation or legal process.

 

  • Your Rights as a Data Subject

Under the Kenya Data Protection Act, you have various rights in relation to your personal data. These rights are not absolute and may be subject to certain limitations or conditions under the law.

  • Right to be Informed

You have the right to be informed about the collection and use of your personal data. This Privacy Policy and related notices are intended to provide such information in a clear and accessible manner.

  • Right of Access

You have the right to request confirmation as to whether we process your personal data and, where we do, to request access to that data, including details of:

  • The purposes of processing;
  • The categories of personal data concerned;
  • The recipients or categories of recipients;
  • The envisaged retention period; and
  • The source of the data, where it was not collected directly from you.
  • Right to Rectification

You have the right to request correction of inaccurate, outdated or incomplete personal data about you. In many cases you can update your account information directly through the Pepea app.

  • Right to Erasure (“Right to be Forgotten”)

You may request that we delete your personal data in certain circumstances, for example where:

  • The data is no longer necessary for the purposes for which it was collected;
  • You withdraw consent (where consent is the sole lawful basis);
  • You successfully object to the processing; or
  • The processing is unlawful.

We may need to retain certain data where required by law or where we have overriding legitimate grounds (e.g. for the establishment, exercise or defence of legal claims, or to comply with regulatory obligations).

  • Right to Object to Processing

You have the right to object, on grounds relating to your particular situation, to our processing of your personal data where we rely on legitimate interests as the legal basis. We will assess your objection and cease processing unless we demonstrate compelling legitimate grounds which override your interests, rights and freedoms or where processing is required for the establishment, exercise or defence of legal claims.

You also have an absolute right to object at any time to the processing of your personal data for direct marketing purposes (including any related profiling). Where you object, we will stop processing your personal data for direct marketing.

  • Right to Restrict Processing

You may request that we restrict processing of your personal data in certain situations, for example where:

  • You contest the accuracy of the data (for a period enabling us to verify accuracy);
  • The processing is unlawful and you request restriction instead of erasure;
  • We no longer need the data but you require it for legal claims; or
  • You have objected to processing and a verification of our legitimate grounds is pending.

Where processing is restricted, we will continue to store the data but will only process it with your consent, for legal claims, to protect the rights of another person or for important public interest reasons.

  • Right to Data Portability

Where processing is based on your consent or on a contract with you, and is carried out by automated means, you may request a copy of your personal data in a structured, commonly used and machine‑readable format and, where technically feasible, request that we transmit it directly to another data controller.

  • Right to Withdraw Consent

Where we rely on your consent to process your personal data, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.

  • Right to Complain

If you believe that we have infringed your data protection rights, you have the right to:

  • Contact us using the details in Section 3 so we can address your concerns; and/or
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya.

 

  • Exercising Your Rights

To exercise any of your rights under the DPA, or to raise a query about how your personal data is processed, you may contact us at:

Email: info@pepeadigital.com

For security reasons, we may need to verify your identity before acting on your request. In some cases, we may ask for additional information to clarify your request or to enable us to locate the relevant data.

We aim to respond to all valid requests within the time periods required by law. Where we are unable to comply with your request in whole or in part, we will explain the reasons, including any applicable legal or regulatory constraints.

In addition to contacting us directly, you may also manage certain aspects of your personal data and preferences directly within the Pepea app settings, including:

  • Updating your contact details;
  • Managing marketing communications preferences;
  • Reviewing trip history.

 

  • Direct Marketing

We may send you direct marketing communications about Pepea services and promotions in accordance with applicable law and your preferences.

  • You can opt-out of receiving marketing messages at any time by following the “unsubscribe” instructions in the message or by updating your preferences in the Pepea app (where available).
  • Opting out of marketing does not affect your receipt of service‑related or transactional communications (such as trip confirmations, safety alerts, receipts, changes to terms or technical notifications).

Where the DPA requires consent for certain types of marketing communication (for example, electronic marketing to individuals with whom we do not yet have a customer relationship), we will seek your express consent before sending such communications.

 

  • Automated Decision-Making and Profiling

Pepea uses automated systems and algorithms to support the efficient operation of the Pepea Platform, including to:

  • Match Riders to nearby available Driver-Partners;
  • Estimate trip duration and fare amounts;
  • Detect and prevent fraud or misuse (e.g. automated rules that temporarily limit certain actions where suspicious behaviour is detected);
  • Support dynamic features such as estimated arrival times and routing.

These automated processes are designed to enhance safety and service quality. They do not involve decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you without human involvement, as understood under the DPA.

Where we consider that a particular automated process may have a significant effect on you, we will ensure that appropriate safeguards are in place and that you have an opportunity to obtain human review and to contest the decision, in accordance with applicable law.

 

  • Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements or for other operational reasons.

If we make material changes to this Privacy Policy, we will take appropriate steps to inform you, for example, by:

  • Posting an updated version on the Pepea Platform;
  • Displaying a prominent notice within the app or website, and/or
  • Sending you a notification through the app or by email, where appropriate.

The “Last Updated” date at the top of this Privacy Policy indicates when it was last revised. We encourage you to review this Privacy Policy periodically to stay informed about how we process your personal data.