HoodlynkHoodlynk

· Menu

Start a project

Nairobi, Kenya

info@hoodlynkinnovations.com·+254 713 130 013

· Legal

Privacy Policy

Effective date: 14 May 2026 · Last updated: 14 May 2026

01

Who we are

Hoodlynk Innovations (K) Ltd (“Hoodlynk”, “we”, “us” or “our”) is a private limited company incorporated in Kenya, with its registered office in Nairobi.

We are the data controller responsible for the personal data we collect through our websites (including hoodlynk.com), our mobile and desktop applications, and the platforms we operate, including Hoodlynk, Rolling Track and Branchluup(together, the “Services”).

For Services we operate on behalf of partners (for example, the platforms we power for DAFRIC), the partner is the data controller and Hoodlynk is the data processor. In those cases, the partner’s privacy notice applies in addition to this one.

Our Data Protection Officer can be reached at info@hoodlynkinnovations.com.

02

Scope and legal basis

This policy is issued in accordance with the Kenya Data Protection Act, 2019 and its regulations, and reflects principles drawn from comparable frameworks (GDPR, the Apple App Store Review Guidelines and Google Play Developer Programme Policies) so that you receive consistent protection wherever you use our Services.

We rely on one or more of the following legal bases to process your data:

  • Your consent — for marketing, optional analytics, and any sensitive data.
  • Performance of a contract — to deliver the Service you have requested.
  • Compliance with a legal obligation — tax, accounting, anti fraud, court orders.
  • Our legitimate interests — security, service improvement, fraud prevention, and limited business communications.
  • Vital interests or public interest — in narrow safety related scenarios.
03

What we collect

We only collect what we need to operate the Service well and safely.

a. You give us

  • Account details: name, email, phone, profile photo, password (hashed).
  • Identity / KYC where the Service requires it (e.g. landlord, fleet operator, branch manager): national ID number, business registration documents, vehicle ownership documents.
  • Communications you send us via forms, email, chat or support tickets.
  • Payment instructions you submit (processed by regulated providers — we do not store full card numbers).

b. We collect automatically

  • Device and log data: IP address, device model, OS, app version, crash reports.
  • Approximate or precise location, only when you grant permission and only for features that need it (e.g. fleet tracking, listing geocoding).
  • Telemetry from IoT devices we deploy on your behalf (GPS, fuel, temperature, sensor readings) — owned by you or your organisation.
  • Cookies and similar technologies for authentication and limited analytics. See section 9.

c. We receive from third parties

  • Identity verification providers, payment processors, mapping providers, SMS / email gateways, and partners whose platforms we operate.

We do not knowingly collect data from children under 18. If you believe a child has provided us data, contact us and we will delete it.

04

How we use your data

  • To create and operate your account and authenticate you securely.
  • To deliver core Service features you have requested.
  • To process payments, generate invoices and meet tax obligations.
  • To detect, investigate and prevent fraud, abuse and security incidents.
  • To communicate with you about your account, transactions and material changes to the Service.
  • To improve the Service through aggregated, deidentified analytics.
  • To comply with applicable law and respond to lawful requests by public authorities.

We do not sell your personal data. We do not use your data to train third party generative AI models. We do not share data with data brokers.

05

Sharing and disclosure

We share data only with parties that have a clear, lawful reason to receive it:

  • Sub processors: hosting (e.g. Cloudflare, Supabase / PostgreSQL on EU & US regions), email, SMS, payment, mapping, identity verification and analytics providers — bound by written data processing agreements.
  • Hardware partners: Teltonika and similar IoT manufacturers, only as needed to provision and maintain devices we deploy on your behalf.
  • Our partners: when you use a Service we operate on a partner’s behalf (e.g. DAFRIC), data is shared with that partner who is the controller of that platform.
  • Authorities: where required by Kenyan law, valid court order or regulatory request.
  • Successors: in the event of a merger, acquisition or asset transfer, with appropriate safeguards and notice to you.
06

International transfers

Some of our sub processors are located outside Kenya. Where we transfer personal data abroad, we rely on lawful transfer mechanisms recognised under the Kenya Data Protection Act, 2019 — including adequacy decisions, standard contractual clauses, or your explicit consent — and we put in place additional technical and organisational measures proportionate to the risk.

07

How long we keep data

We retain personal data for as long as your account is active and for such additional period as is necessary to comply with our legal, accounting and dispute resolution obligations (typically up to seven years for transaction records under Kenyan tax law). Telemetry data from IoT devices is retained according to your organisation’s configured policy. Where retention is no longer required, we delete or irreversibly anonymise the data.

08

Your rights

Subject to applicable law, you have the right to:

  • Be informed about how we process your data.
  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion (“right to be forgotten”) where lawful.
  • Restrict or object to certain processing.
  • Receive your data in a portable, machine readable format.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with the Office of the Data Protection Commissioner (Kenya).

To exercise any of these rights, email info@hoodlynkinnovations.com. We respond within 30 days. We will never charge you a fee for a reasonable request, and we will never retaliate for exercising a right.

In app account deletion: every Hoodlynk operated app provides a self service way to delete your account and associated personal data, in line with Apple App Store and Google Play requirements. If you cannot find it, email us and we will action your request manually within seven days.

09

Cookies and trackers

We use a small set of strictly necessary cookies for authentication and security, and minimal first party analytics to understand which pages and features are useful. We do not use cross site advertising cookies or third party ad networks. Where the law requires, we ask for your consent before any non essential cookie is set.

10

Security

We protect your data with encryption in transit (TLS 1.2+) and at rest, role based access controls, audit logging, least privilege for staff access, mandatory MFA for production systems, and regular third party penetration testing. No system is perfectly secure; if a breach affects you, we will notify you and the Office of the Data Protection Commissioner within 72 hours of becoming aware, as required by law.

11

Children

Our Services are not directed to children under 18, and we do not knowingly collect data from them. Parents or guardians who believe their child has used the Service should contact us so we can delete the data.

12

Changes to this policy

We may update this policy as the Service evolves. Material changes will be communicated by email or in app notice at least 14 days before they take effect. The current version is always available at this URL.

13

Contact us

Hoodlynk Innovations (K) Ltd
Data Protection Officer
Nairobi, Kenya
info@hoodlynkinnovations.com
+254 713 130 013

← HomeTerms of Service →