1. Introduction
Cynosure Ventures ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Logistics Management System mobile application and related services.
We are the developer and operator of the Logistics Management System app, available on Google Play Store. This privacy policy applies to all users of our application and services.
2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information:
- Name and contact information (email, phone number)
- Driver license and identification documents
- Vehicle registration information
- Employment history and work experience
- Educational background and qualifications
- Payment information (for applicable transactions)
- Profile photos and images
2.2 Automatically Collected Information
When you use our application, we automatically collect certain information including:
- Browser type and version
- Device information (device ID, operating system, model)
- IP address and approximate location data (derived from IP address)
- Precise location data (if you explicitly grant location permission)
- Pages visited and time spent on the app
- App usage statistics and performance data
- Cookies and tracking technologies
2.3 Location Data
Our application may access and collect location data for the following purposes:
- Approximate Location (IP-based): We automatically collect approximate location information based on your IP address to help us understand where our users are located for analytics and to customize content based on your region.
- Precise Location (if permitted): If you explicitly grant location permissions, we may collect precise location data to provide location-based services such as:
- Real-time vehicle tracking and fleet management
- Route optimization and navigation
- Geofencing and geozone alerts
- Finding nearby job opportunities or services
- Data Sharing: Location data is processed locally and is not shared with third parties unless required for providing requested services (e.g., sharing your location with fleet managers or dispatchers when on duty, with your explicit consent).
- Control: You can control or disable location access through your device settings at any time. Please note that disabling location services may affect certain features of the app.
2.4 Health and Medical Information
We may collect and process health-related information in the following circumstances:
- Emergency Contact Information: We collect emergency contact details (name, phone number, relationship) for all drivers and staff. This information is used solely to contact next of kin in case of emergency or accident.
- Driver Fitness Certification: For commercial vehicle operators, we may collect and store information related to driver fitness certifications and medical clearances as required by transportation regulations. This includes information about driving licenses, medical examination status, and certifications required by local transport authorities.
- Accident and Incident Reports: In the event of a vehicle accident or incident, we may collect information about injuries, medical treatments, and health status for insurance and regulatory reporting purposes.
- Health Data Usage: Health information is:
- Used only for compliance with transportation regulations and safety requirements
- Shared with insurance providers and regulatory authorities as required by law
- Not used for any discriminatory or employment-related decisions beyond regulatory compliance
- Retained only as long as required by applicable regulations
- Your Rights: You have the right to access, correct, and request deletion of your health-related information. Contact us to exercise these rights.
2.5 Third-Party Services and Integrations
Our application uses the following third-party services:
- M-Pesa (Safaricom): For mobile money payments and transactions in Kenya. When you make or receive payments through M-Pesa, transaction details (phone number, transaction ID, amount) are processed through Safaricom's API. We receive transaction confirmation data to update your account balance and transaction history.
- Push Notifications: We use push notification services to send you updates about deliveries, messages, alerts, and important notifications. You can disable push notifications through your device settings.
- Location Services: Our app uses your device's GPS and location services to provide real-time vehicle tracking, route optimization, and geofencing features.
- Device Information: We collect device information (device type, operating system, unique device identifiers) for security, analytics, and to provide a better user experience.
2.6 Analytics and Performance Monitoring
We use analytics tools to understand how users interact with our app:
- App Performance: We collect data about app crashes, bugs, and performance issues to improve stability.
- Usage Analytics: We track which features are most used to prioritize development efforts.
- Analytics Data: This includes anonymized data about device type, OS version, session duration, and feature usage. This data cannot be used to identify you personally.
2.7 App Permissions
Our app requires the following permissions to function properly:
- Location (Precise & Approximate): Required for real-time vehicle tracking, route optimization, geofencing alerts, and finding nearby services. You can revoke this permission at any time through your device settings.
- Camera: Used to capture photos of deliveries, vehicles, documents, and receipts. Access is only granted when you actively use the camera feature.
- Storage/Media: Required to save and access photos, documents, and files shared within the app.
- Phone: Used for M-Pesa payments and to make emergency calls. This permission does not allow us to make calls without your action.
- Notifications: Used to send you important updates, messages, and alerts. You can disable notifications in your device settings.
- Network Access: Required to connect to our servers and sync data.
All permissions are used only for the purposes stated above and in accordance with this privacy policy.
2.8 Financial and Payment Data
For payment processing, we may collect:
- Payment Information: We process payments through M-Pesa mobile money service. We do not store your full payment credentials on our servers - all payment processing is handled securely by Safaricom's M-Pesa platform.
- Transaction History: We maintain records of all transactions including payments, invoices, and fuel purchases for accounting and reconciliation purposes.
- Banking Details: For driver payouts and vendor payments, we may collect bank account details which are encrypted and stored securely.
3. Scope and Coverage
This Privacy Policy applies to all Cynosure Ventures services, including:
- The Logistics Management System mobile application (Android)
- Web-based administration portal
- Related websites and services operated by us
- Customer support communications
- Third-party integrations used within our services
By accessing or using any of our services, you agree to the terms of this Privacy Policy.
4. Legal Basis for Processing
Under applicable data protection laws, we rely on the following legal bases for processing your personal data:
- Consent: You have given us clear consent to process your personal data for a specific purpose (e.g., push notifications, precise location access)
- Contractual Necessity: Processing is necessary to fulfill our contractual obligations to you (e.g., providing logistics services, processing payments)
- Legal Obligation: Processing is necessary to comply with our legal and regulatory obligations (e.g., tax records, driver licensing requirements)
- Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights (e.g., fraud prevention, service improvement, analytics)
- Vital Interests: Processing is necessary to protect someone's life (e.g., emergency contact information in case of accidents)
5. How We Use Your Information
We use the information we collect to:
- Provide logistics and fleet management services
- Track vehicles and deliveries in real-time
- Manage driver assignments and schedules
- Process fuel purchases and expense tracking
- Communicate with you about shipments, deliveries, and updates
- Verify driver identity and credentials
- Process payments and transactions
- Improve our services and user experience
- Comply with legal and regulatory obligations
- Generate reports and analytics for business customers
- Send you important notifications and alerts
- Maintain the security and integrity of our services
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it:
- Active Accounts: Data is retained for the duration of your account activity plus 3 years after account inactivity
- Transaction Records: Financial records, invoices, and payment history are retained for 7 years as required by tax and accounting laws
- Location History: GPS tracking data is retained for 90 days unless required for ongoing investigations or legal proceedings
- Message History: Chat and message content is retained for 2 years after the last activity in the conversation
- Driver Documents: License and certification documents are retained for the duration of employment plus 3 years
- Account Deletion: When you request deletion, we will delete your personal data within 30 days, except where retention is required by law
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
- Access Controls: Role-based access controls ensure only authorized personnel can access personal data
- Authentication: Multi-factor authentication is available for all administrative accounts
- Monitoring: We continuously monitor our systems for unauthorized access attempts and security breaches
- Security Audits: Regular security assessments and penetration testing are conducted
- Employee Training: All staff receive data protection and security awareness training
- Breach Response: In the event of a data breach, we will notify affected users within 72 hours
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence:
- Primary Processing Location: Kenya, where our servers and operations are based
- Third-Party Processors: Our third-party service providers may process data in various jurisdictions
- Legal Framework: We ensure adequate data protection through contractual obligations and, where applicable, Standard Contractual Clauses (SCCs)
- Your Consent: By using our services, you consent to the transfer of your data to Kenya and other jurisdictions where we operate
9. Automated Decision-Making and Profiling
We use limited automated decision-making in the following circumstances:
- Fraud Detection: Automated systems may flag suspicious transaction patterns for review
- Performance Analytics: Driver performance scores are calculated using automated metrics based on data you provide
- Geofencing Alerts: Automated alerts are triggered when vehicles enter or exit designated geozones
- Your Rights: You have the right to request human intervention in any automated decision that significantly affects you. Contact us to exercise this right.
- Profiling: We do not use your personal data for automated profiling that produces legal effects or similarly significant effects on you.
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of all personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request that we limit the way we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to our processing of your data, including direct marketing
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with a data protection authority in your jurisdiction
- Right to Human Intervention: Request human review of automated decisions
To exercise any of these rights, contact us at cynosureventure@gmail.com or call +254 705 622 071. We will respond within 30 days.
11. Children's Privacy
Our services are not intended for children under the age of 16:
- We do not knowingly collect personal information from children under 16
- If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately
- If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly
- Our age verification measures include self-declaration during account registration
12. Third-Party Links and Services
Our application may contain links to third-party websites or services:
- M-Pesa/Safaricom: Payment processing is handled by Safaricom. Their privacy policy applies to payment data they collect
- Google Maps: Map and navigation features may use Google's services, subject to Google's privacy policy
- Push Notification Services: Notification delivery is handled by Google's Firebase Cloud Messaging
- We are not responsible for the privacy practices of third-party services
- We encourage you to review the privacy policies of any third-party services you interact with
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors:
- Material changes will be communicated through in-app notifications or email
- The "Last Updated" date at the top of this policy will be revised
- We recommend reviewing this policy periodically
- Continued use of our services after changes constitutes acceptance of the updated policy
- Previous versions of this policy may be available upon request
14. Governing Law and Dispute Resolution
This Privacy Policy is governed by the laws of Kenya, including:
- The Data Protection Act, 2019 (Kenya)
- The Kenya Information and Communications Act
- Applicable international data protection standards
Any disputes arising from this policy shall first be addressed through good-faith negotiations. If unresolved, disputes may be submitted to the Office of the Data Protection Commissioner (ODPC) in Kenya or appropriate courts.
15. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: