Kibanda Express Ltd (“Kibanda”, “we”, “our”, or “us”) is committed to protecting your privacy and handling your personal data in a lawful, fair, and transparent manner. This Privacy Policy explains how we collect, use, store, and share your personal information when you interact with the Kibanda Platform — including through our mobile application, website, WhatsApp services, or rider-agent network.
This policy also outlines your rights as a User, Vendor, Rider, or Agent, and how you can exercise control over your personal data in compliance with applicable Kenyan law, including the Data Protection Act, 2019.
This Policy applies to:
Users who browse or place orders through Kibanda;
Riders and Agents who fulfill deliveries and errands;
Vendors who sell goods or offer services through our platform;
Any individual accessing, interacting with, or registering on any part of Kibanda’s digital infrastructure.
This policy does not apply to third-party websites or vendors not operating on the Kibanda Platform, even if accessed through our app or via an errand.
By using the Kibanda Platform, you:
Acknowledge that you have read and understood this Privacy Policy;
Consent to the collection, processing, and storage of your personal data as described herein;
Confirm that any data you provide to us (e.g., ID, location, instructions) is truthful, complete, and lawful.
If you do not agree with any part of this Policy, you must not use the Platform or provide any personal data through it.
We reserve the right to update this Privacy Policy from time to time. All updates will be posted publicly, and continued use of the Platform constitutes your acceptance of the revised terms.
We collect various types of data to provide, secure, and improve our services. The information we collect depends on how you use the Platform (e.g., as a User, Rider, Vendor, or Agent) and which Modules you interact with (e.g., Grocery, Kitchen, Parcel, Rides, Pharmacy).
When you register or place an order, we may collect:
Full name
Mobile phone number
Email address (optional)
Gender (optional)
National ID number, Passport, or Driver’s License (where identity verification is required)
Profile photo (optional for Riders/Vendors)
We collect data on:
Items you purchase (e.g., groceries, food, medicine)
Vendor/store chosen
Order value and payment status
Order frequency, cancellation patterns, refund history
Delivery method and service tier (e.g., free, VIP)
With your permission, we may collect:
Live GPS location of your device (for delivery dispatch and Rider visibility)
Approximate location based on IP address or estate Wi-Fi
Device identifiers, operating system, and browser version
Time of app activity, clicks, and navigation paths
Note: Riders are required to share real-time GPS while logged into delivery mode.
When you interact with our team (via chat, WhatsApp, phone, or email), we may collect:
Conversation transcripts
Call recordings (if applicable)
Screenshots or documents you share (e.g., proof of payment, delivery complaint)
For Vendors and Riders, we may additionally collect:
Business registration or trade license (for Vendors)
Passport photo or selfie (for onboarding verification)
Motorbike/tuk-tuk/car details (if applicable)
Emergency contact information
Next-of-kin or estate reference (optional for Agents)
All the above data is collected either:
Directly from you (e.g., signup, orders, chat);
Automatically through the app or web platform;
Via third-party integrations (e.g., M-Pesa API, Google Maps, identity verification tools).
We use the data we collect for the following lawful, operational, and user-driven purposes. Your data enables Kibanda to function safely, efficiently, and personally within estate zones and surrounding areas.
We use your personal and transactional data to:
Confirm your identity and account ownership
Match you with the appropriate Rider, Vendor, or Agent
Route orders to the correct address or drop-off point
Send real-time delivery updates and notifications
Facilitate order tracking and rider-user communication
Manage refunds, cancellations, or follow-ups
When you request an errand or parcel:
We use your order notes, instructions, or attachments to direct Agents
Store information on store preferences or special requests
Capture proof of pickup/delivery (e.g., rider photos, GPS tag, timestamps)
This ensures accountability and personalized service in high-trust, manual transactions.
To keep your experience safe, we may use your data to:
Verify National ID or phone number during onboarding or suspicious activity
Flag or block fake, duplicate, or abuse-linked accounts
Detect high-risk behavior such as refund misuse or delivery scams
Authenticate devices and session access for Wallet protection
We may also temporarily restrict accounts until additional verification is completed.
We use device and behavior data to:
Personalize vendor suggestions and order shortcuts
Offer loyalty programs, rewards, or targeted vouchers
Analyze heatmaps and app usage to improve navigation
Streamline repeat orders, reorder buttons, and app response times
We retain and process your data to:
Comply with the Kenya Data Protection Act (2019) and other legal obligations
Cooperate with police, government agencies, or estate committees when formally requested
Investigate complaints or disputes involving Vendors, Riders, or Users
Defend against legal claims, fraud attempts, or regulatory inquiries
Data shared under this category is limited, justified, and documented internally.
Kibanda limits data sharing to what is necessary for fulfilling your order, improving your experience, and complying with legal requirements. We do not sell your data to third parties.
We share limited personal information with Riders and Agents strictly for delivery and errands, including:
Your full name
Estate, building, gate instructions, and phone number
Order type, vendor/store, and any drop-off instructions
Riders are prohibited from storing, reusing, or disclosing this information outside the current task. Breaches lead to suspension or legal referral.
When you place an order with a Vendor (e.g., a shop, kitchen, pharmacy), we share:
Your name and phone number (to confirm order)
The selected items, instructions, and time of order
Pickup coordination data (e.g., rider location or urgency status)
Vendors are contractually bound to use this information only for order fulfillment.
We may share your data with trusted technology or payment partners who help us:
Process M-Pesa or Wallet transactions
Power maps, analytics, and performance metrics
Prevent fraud or duplicate signups
These partners operate under strict data protection agreements and are not permitted to use your information for their own purposes.
We may disclose your information without further consent when required to:
Respond to valid legal requests (e.g., court orders, police summons)
Prevent fraud, theft, or platform abuse
Protect Kibanda’s rights, Users, Riders, or estate community
All such disclosures are made only when legally necessary and properly documented.
Kibanda Express Ltd is committed to safeguarding your personal data throughout its lifecycle — from collection and processing to storage and deletion. We follow principles of minimal retention, lawful usage, and secure disposal.
Your personal data is stored on:
Secure cloud servers managed by trusted third-party infrastructure providers located within or outside Kenya (in compliance with local cross-border data transfer laws);
Kibanda’s internal admin dashboard and databases, which are protected by access controls, encryption, and strict role-based permissions.
We take all reasonable steps to ensure these systems meet industry-standard security protocols.
We retain personal data only for as long as necessary to:
Fulfill the purposes outlined in this Privacy Policy;
Satisfy legal, accounting, or regulatory reporting obligations;
Support order and refund history, including dispute investigation.
Retention periods include:
Order data: up to 6 years (for tax, audit, fraud protection);
Rider GPS history: up to 90 days;
Wallet logs and payment data: 7 years (for financial compliance);
Support chats, call logs: 12 months;
Inactive account data: purged after 365 days of no activity (after notice).
Upon account deactivation or deletion:
Your profile is marked “inactive” and no longer accessible through the app;
Active subscriptions are cancelled;
Any available Wallet balance may be forfeited unless a valid refund request is made beforehand;
Historical order data is retained in anonymized form for reporting and fraud protection;
Identifiable personal data is permanently deleted or archived securely (as required by law).
You may initiate deletion by emailing info@kibandaexpress.com with the subject line: “Delete My Account”. Please allow up to 14 business days to complete the process.
Kibanda respects your rights over your personal data and ensures you can access, control, and manage your information in line with Kenyan law. You may exercise these rights at any time by contacting privacy@kibanda.app.
You have the right to request:
A summary of the personal data we hold about you;
How it is used, for what purpose, and with whom it is shared.
We will respond within 14 working days, subject to identity verification.
You may request the correction of:
Incorrect names, contact details, estate/block address;
Updates to ID numbers or KYC documents for riders/vendors.
Edits to certain fields may require manual review to avoid fraud or impersonation.
You may request that your account be:
Deactivated (temporarily paused); or
Permanently deleted (with full data erasure).
Please note:
Some financial and order data may be retained as required by law;
You will lose access to subscriptions, Wallet balances, and previous order history.
You may revoke consent previously given to:
Receive marketing messages or push notifications;
Share your live location during app use;
Participate in surveys or referral programs.
Withdrawal does not affect prior data processing already completed under valid consent.
If you believe your data has been:
Misused or processed unlawfully;
Shared without consent; or
Denied without explanation,
You may file a complaint directly with:
Office of the Data Protection Commissioner (ODPC)
Republic of Kenya
[Insert website/email once known]
We encourage Users to first contact Kibanda’s internal Data Protection Officer at info@kibandaexpress.com to resolve the matter swiftly and respectfully.
Kibanda uses cookies, beacons, and other tracking technologies to enhance user experience, streamline delivery logistics, and improve service performance. By continuing to use our Platform, you consent to our use of such tools as outlined below.
Cookies are small text files stored on your device or browser. Kibanda uses the following types:
Session Cookies: Temporary cookies used to maintain your login state or shopping cart during a single visit;
Authentication Cookies: Help recognize your account and device after logging in;
Performance & Analytics Cookies: Used to understand app speed, bounce rates, and usage behavior;
Preference Cookies: Save your delivery address, preferred vendors, or interface language;
Security Cookies: Help detect fraud, prevent abuse, and enforce rider logouts after long inactivity.
We use cookies to:
Keep you logged in securely;
Match you with the closest available Rider;
Remember selected stores, food preferences, and previous orders;
Analyze app performance and troubleshoot bugs;
Personalize content (e.g., showing top-rated vendors near you);
Reduce load time and improve your ordering flow.
You can control or disable cookies in your device or browser settings. Please note:
Disabling cookies may result in reduced app performance or lost functionality (e.g., session expiry, slower rider matching);
You may also clear stored cookies or data directly from your browser/app settings at any time.
For in-app tracking (e.g., live location), Android or iOS may offer additional permissions you can manage through your device settings.
Kibanda Express Ltd takes the security of your personal information seriously. We implement technical, operational, and administrative safeguards to ensure your data is protected from unauthorized access, alteration, misuse, or destruction.
All personal data is transmitted over encrypted channels (HTTPS) and stored using AES-standard encryption protocols.
Access to user data is strictly limited to authorized Kibanda personnel and system-level roles.
Admin access requires multi-factor authentication (MFA) and is logged for audit purposes.
Passwords are hashed and never stored in plain text.
Riders and Agents are required to:
Use updated smartphones with active screen locks or biometric protection;
Enable in-app GPS for real-time delivery tracking;
Avoid taking screenshots of user data or storing addresses outside the app.
Rider accounts are locked after multiple failed login attempts or inactivity over 7 days.
Kibanda uses intrusion detection tools and automated alerts to flag suspicious activity (e.g., bulk login attempts, duplicate refunds).
All changes to user accounts, orders, or vendor profiles are timestamped and traceable.
The system is regularly scanned for vulnerabilities and penetration tested by third-party security experts.
In the unlikely event of a data breach:
Kibanda will assess the scope and impact within 72 hours;
Affected Users will be notified if their personal data was compromised;
The Data Protection Commissioner of Kenya will be informed where required;
Steps will be taken to secure the system and prevent recurrence.
Kibanda Express Ltd is committed to safeguarding the privacy and safety of minors. Our Platform is designed for use by individuals aged 18 and above. We do not knowingly collect or process personal data from children without verified parental or guardian consent.
Users must be at least 18 years of age to register, place orders, or create a Kibanda account.
Any User found to have submitted false age information or impersonated an adult will have their account immediately suspended and reviewed for deletion.
In limited cases, a parent or guardian may:
Place orders on behalf of a minor (e.g., school lunch or medicine);
Designate a child to receive an order under supervision (e.g., parcel from a known contact).
In such cases:
The adult remains fully responsible for the transaction;
Riders may refuse delivery if the receiving party appears to be underage for restricted items (e.g., alcohol, medicine, tobacco, sharp objects);
Kibanda assumes no liability if an order is handed to an unauthorized or unsupervised child without proper instruction.
Vendors and Riders are strictly prohibited from:
Soliciting minors for purchases;
Delivering age-restricted products (e.g., tobacco, alcohol) to anyone under 18;
Accepting orders from suspicious or child-operated accounts.
Violations will result in permanent platform bans and, where applicable, referral to law enforcement or child protection authorities.
Kibanda Express Ltd reserves the right to update or modify this Privacy Policy at any time in response to legal, technological, operational, or regulatory developments. You are encouraged to review this Policy regularly.
Material changes to this Policy will be notified via:
In-app pop-up or message;
Email (if you have provided one);
Updated publication on the Kibanda website and app.
Where legally required, we may seek your renewed consent before the updated policy takes effect.
By continuing to access or use the Kibanda Platform after changes have been posted, you agree to be bound by the revised Privacy Policy.
If you do not agree with any update, you may:
Stop using the platform;
Request data deletion via info@kibandaexpress.com
Deactivate your account as outlined in Section 5.
Each version of this Policy will be time-stamped and archived for transparency. The most current version will always be available at www.kibandaexpress.com/privacy (or successor URL).
If you have any questions, concerns, complaints, or requests regarding your data or this Privacy Policy, you may contact Kibanda Express Ltd using the following details:
Head of IT
Email: info@kibandaexpress.com
Subject line: Privacy Concern – [Your Full Name]
Email: info@kibandaexpress.com
WhatsApp Support: [Insert number if applicable]
For issues related to your orders, refunds, or account settings.
Vendors: info@kibandaexpress.com
Riders & Agents: info@kibandaexpress.com
For account setup, document updates, or conduct violations.
Kibanda Express Ltd
Benmark Complex, 2nd Floor
Athi River, Machakos County
Kenya
You have the right to escalate unresolved data-related concerns to the Office of the Data Protection Commissioner (ODPC) of Kenya. However, we encourage you to contact us directly first to resolve the issue amicably.
