Last Updated: July 18, 2026
Effective Date: July 18, 2026
Boyasa Digital Limited ("Boyasa," "we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use the Boyasa platform, including our websites and mobile applications for Customers, Drivers/Riders, Businesses, and Companies (collectively, the "Platform").
We act as the data controller for personal data we collect and process through the Platform, unless stated otherwise. This Policy applies to all Users of the Platform, regardless of role, and should be read together with our Terms and Conditions.
By creating an account or otherwise using the Platform, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we will obtain your explicit consent for specific processing activities, such as marketing communications or optional location sharing.
Account and Identity Information: full name, email address, phone number, date of birth (where collected), profile photo, password (stored in hashed form), and, for Drivers/Riders, a government-issued national identification number and document image submitted for verification.
Business and Company Information: registered business or company name, business type, physical address, tax or business registration number, and the name and contact details of an authorized representative.
Location Information: real-time GPS location while the app is in use during an active Ride or Package Delivery; for Drivers/Riders, location may also be collected while online and awaiting Orders, and, where you have granted background location permission, for a limited period after an Order is accepted to support live tracking and safety features. Pickup and destination/delivery addresses associated with each Order are also stored.
Payment and Financial Information: Wallet balance and transaction history, bank account details you add for withdrawal (account name, account number, and bank name), and payment references from our third-party payment gateways. We do not store full card numbers; card payments are processed directly by our PCI-compliant payment partners.
Communications Data: messages you send through in-app chat with Boyasa support, with a matched Driver, Customer, or Business, and any reports, ratings, or reviews you submit.
Usage and Device Information: app version, device model and operating system, unique device identifiers, IP address, crash logs, and general usage analytics such as screens viewed and features used.
Order and Transaction History: details of Rides and Package Deliveries you request, accept, or fulfill, including fare or fee amounts, negotiated prices where applicable, timestamps, ratings given and received, and cancellation records.
Verification Data: OTP delivery and verification records, national ID document images (Drivers/Riders), and business/company registration documents (Businesses/Companies), used solely for identity and eligibility verification.
Directly from you, when you create an account, complete your profile, submit verification documents, make a booking, communicate with support or another User, or otherwise interact with the Platform.
Automatically, through your use of the Platform, including location data (where permitted), device information, and usage analytics collected via cookies, SDKs, or similar technologies.
From third parties, including our payment processors (transaction confirmations), identity verification providers, messaging providers (OTP delivery confirmations), and, where applicable, publicly available business registries used to verify Business or Company accounts.
To create and administer your account, verify your identity and eligibility, and authenticate your login sessions.
To provide the core Platform service: matching Customers and Businesses with available Drivers, calculating fare and delivery-fee estimates, facilitating price negotiation for Ride Orders, processing payments and Wallet transactions, and enabling live order tracking.
To enable communication between Users in connection with an Order, and between Users and Boyasa support.
To maintain safety and security, including verifying Driver documents, detecting and preventing fraud, GPS spoofing, and abuse, investigating reports, and responding to safety incidents.
To send transactional notifications (OTPs, Order status updates, payment confirmations, safety alerts) and, with your consent where required, promotional or marketing communications.
To analyze and improve the Platform, including troubleshooting, performance monitoring, and developing new features.
To comply with legal obligations, including tax, anti-money-laundering, and consumer protection requirements, and to respond to lawful requests from courts, regulators, or law enforcement.
To enforce our Terms and Conditions and this Privacy Policy, and to establish, exercise, or defend legal claims.
Where applicable data protection law requires a legal basis for processing (such as under the Nigeria Data Protection Act/NDPR, Ghana Data Protection Act, Kenya Data Protection Act, or the EU/UK GDPR for Users in those regions), we rely on one or more of the following: performance of a contract with you (providing the Platform service you requested), compliance with a legal obligation, our legitimate interests (such as fraud prevention, service improvement, and platform safety, balanced against your rights), and your consent (for optional processing such as marketing communications or optional location sharing beyond what is necessary for an active Order).
With other Users, as necessary to fulfill an Order: for example, a Customer's name, pickup/destination, and approximate location are shared with the assigned Driver, and the Driver's name, photo, vehicle details, and live location are shared with the Customer or Business during an active Order.
With service providers who perform functions on our behalf, including payment processors (such as Paystack, Flutterwave, and Stripe), cloud hosting and infrastructure providers, SMS/WhatsApp/email delivery providers, mapping and geolocation providers, and identity verification providers. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
With Companies overseeing affiliated Businesses or Drivers, limited to the operational data reasonably necessary for that Company to manage its network (such as order volume, ratings, and commission data), where your account operates under that Company's partnership arrangement.
For legal reasons, where we believe in good faith that disclosure is necessary to comply with a legal obligation, protect the rights, property, or safety of Boyasa, our Users, or the public, investigate fraud, or respond to a government or law enforcement request.
In connection with a corporate transaction, such as a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.
With your consent, in any other circumstance not described above.
We do not sell your personal data to third parties for their own marketing purposes.
We retain personal data for as long as necessary to provide the Platform service and fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Active account data is retained while your account remains active. Accounts that are inactive for an extended period may be flagged for deletion after reasonable prior notice, subject to applicable legal retention requirements.
Transaction and financial records are retained for a minimum of seven years to comply with tax, accounting, and anti-money-laundering obligations. Location data tied to a specific Order is retained for a limited period after Order completion (typically 30 days) for safety, dispute-resolution, and fraud-prevention purposes, and is not retained indefinitely. Chat messages are retained for up to one year to support dispute resolution and safety investigations. Identity verification documents (national ID, business registration) are retained for the duration of your account's active status plus any period required by applicable know-your-customer or record-keeping law.
Subject to applicable law (including the NDPR, the Ghana Data Protection Act, the Kenya Data Protection Act, and, where applicable, the GDPR), you have the right to: access the personal data we hold about you; request correction of inaccurate or incomplete data; request deletion of your data, subject to legal retention obligations; request a portable copy of data you provided to us; object to or request restriction of certain processing; and withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
You can exercise many of these rights directly through in-app account and privacy settings. For requests we cannot fulfill in-app, contact us at [email protected]. We will respond to verified requests within 30 days, or such other period required by applicable law.
You also have the right to lodge a complaint with your local data protection authority (for example, the Nigeria Data Protection Commission, the Ghana Data Protection Commission, or the Kenya Office of the Data Protection Commissioner) if you believe our processing of your data violates applicable law.
We implement technical and organizational safeguards designed to protect your personal data, including encryption of data in transit (TLS/SSL) and, where applicable, at rest; access controls limiting internal access to personal data on a need-to-know basis; hashed storage of passwords and transaction PINs; and regular review of our security practices.
No system is completely secure, and we cannot guarantee absolute security of your information. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected Users and relevant authorities within the timeframes required by applicable law (generally within 72 hours of becoming aware of the breach, where required).
Location data is central to how the Platform operates. Customers and Businesses share location to request and track Rides and Package Deliveries. Drivers and Riders share location so that they can be matched with nearby Orders and so their live position can be shown to a Customer or Business during an active Order.
You can control location permissions through your device settings at any time. Declining or revoking location access may limit or disable core features, such as the ability to request a Ride, be matched with Orders as a Driver, or view live tracking.
For Drivers and Riders, background location tracking (collected while the app is not actively open) is used only while you are online and available for Orders, or during an active, accepted Order, to support accurate matching, live tracking, and safety monitoring. You may disable background tracking at any time via your device settings, which will set your status to offline for matching purposes.
The Platform is intended for use only by individuals 18 years of age or older, and Business/Company accounts must be operated by authorized adult representatives. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected personal data from a minor, we will take steps to delete that data promptly.
Boyasa operates across multiple countries, and your data may be processed or stored in a country other than the one in which you reside, including by our cloud hosting and service providers. Where we transfer personal data internationally, we take steps designed to ensure an adequate level of protection, such as reliance on service providers with appropriate security and contractual safeguards, and compliance with applicable cross-border transfer requirements under the NDPR, Ghana Data Protection Act, Kenya Data Protection Act, and other relevant laws.
Our websites use cookies and similar technologies, including essential cookies required for core site functionality, analytics cookies that help us understand how the Platform is used, and, where applicable and with your consent, marketing cookies used to measure the effectiveness of promotional campaigns. Our mobile applications use comparable device identifiers and SDKs for analytics and crash reporting rather than browser cookies.
You can manage cookie preferences through your browser settings or, where offered, an in-app or on-site cookie consent tool. Disabling non-essential cookies will not affect your ability to use core Platform features.
Customers: your Order history, saved addresses, payment methods, and ratings are used to personalize your experience and are visible to a matched Driver only as necessary to complete an Order.
Drivers/Riders: your national identification document and vehicle information are used exclusively for verification and safety purposes and are not shared with Customers or Businesses beyond your name, photo, vehicle type, and plate number as needed to identify you during an Order.
Businesses: your business name and, where you opt to be searchable, your business profile are visible to Customers who wish to send a package directly to you. Internal business documentation (registration numbers, tax identifiers) is used only for verification and is not shared publicly.
Companies: operational and commission data about the Businesses and Drivers in your network is made available to you through in-app reporting tools solely to support your oversight responsibilities under your partnership agreement with Boyasa, and must not be used by you for any purpose inconsistent with this Policy or applicable law.
The Platform uses automated processes to match Orders with available Drivers based on factors such as proximity, vehicle type, and availability, and to calculate fare and delivery-fee estimates based on distance, time, and demand. These processes support, but do not replace, the ability of Drivers to review and accept or decline an Order, and of Customers to negotiate a Ride fare before acceptance. We do not use fully automated decision-making that produces legal or similarly significant effects concerning you without an opportunity for human review, except where required for fraud prevention and security, consistent with applicable law.
The Platform may contain links to third-party websites or integrate third-party services (such as payment gateways or map providers) that are governed by their own privacy policies. We are not responsible for the privacy practices of third parties, and we encourage you to review their policies before providing personal data to them.
Where you have provided consent, or where otherwise permitted by applicable law, we may send you promotional messages about new features, offers, or referral incentives via push notification, SMS, WhatsApp, or email. You may opt out of marketing communications at any time through your in-app notification settings or by following the unsubscribe instructions included in the communication, without affecting your receipt of transactional messages necessary to the operation of your account.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via in-app notification, email, or a prominent notice on the Platform, and will update the "Last Updated" date and version number above. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.
Nigeria: We process personal data in accordance with the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation (NDPR), and, where applicable, are registered with the Nigeria Data Protection Commission.
Ghana: We process personal data in accordance with the Ghana Data Protection Act, 2012 (Act 843), and, where applicable, are registered with the Ghana Data Protection Commission.
Kenya: We process personal data in accordance with the Kenya Data Protection Act, 2019, and, where applicable, are registered with the Office of the Data Protection Commissioner.
As Boyasa expands to additional countries, we will update this section to reflect the applicable local data protection framework.
If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact our Data Protection Officer at [email protected], or our general privacy team at [email protected]. You may also reach general support at [email protected].