🚖 Rideon by Citrus - Data Policy

This Data Policy outlines how Rideon by Citrus collects, processes, and safeguards driver data in compliance with the Kenya Data Protection Act (DPA) 2025.

All data processing follows the Kenya Data Protection Act 2025 and related regulations. Citrus Labs Limited is registered with the ODPC.

We collect driver identity, vehicle details, trip data, payment records, and location data through direct input and automated systems.

Data is used for fare calculation, payment processing, fraud detection, and platform performance improvement.

Data sharing is limited to essential third parties like M-Pesa and Google Maps, with proper safeguards in place.

Drivers have the right to access, rectify, erase, object to processing, and request data portability.

We employ encryption, access controls, audit trails, and employee training to protect driver information.

Session cookies and fraud-prevention tokens are used. Drivers can manage cookie preferences.

All vendors comply with Kenya's DPA through binding contracts that enforce data protection obligations.

Incidents are investigated within 72 hours, with prompt notification to ODPC and affected drivers.

Last updated October 30, 2025. Updates are shared via in-app notice, email, or SMS.

Contact us at legal@citruslabs.co.ke or escalate unresolved concerns to ODPC.