Your Privacy Matters

Welcome to Kose. Kose Africa (Pvt) Ltd, a subsidiary of Zano Money (Pvt) Ltd ("Kose", "we", "our", or "us") operate a ride-hailing, e-commerce, and payments super-app serving users across Zimbabwe, Zambia, and South Africa.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Kose mobile application, website, and related services (collectively, the "Platform"). By creating a Kose account or using any of our services, you agree to the terms of this Policy.

We are committed to complying with applicable data protection laws in each country we operate in, including Zimbabwe's Data Protection Act, Zambia's Data Protection Act 2021, and South Africa's Protection of Personal Information Act (POPIA).

2.1 Information You Provide Directly

• Full name, email address, and phone number when you register
• Profile photo (optional)
• Payment information, including mobile money account details (EcoCash, MTN Mobile Money, etc.) and card details
• Delivery address and saved locations
• Identity verification documents where required by law
• Communications you send to our support team

2.2 Information Collected Automatically

• Precise GPS location data when you use the app, including pickup and drop-off points
• Device information: model, operating system, unique device identifiers, and mobile network information
• App usage data: features accessed, time spent, search queries, and clicks
• Transaction history: rides taken, orders placed, amounts paid, and timestamps
• Log data: IP address, browser type, pages visited, and crash reports

2.3 Information from Third Parties

• Payment processors and mobile money operators confirming transaction status
• Identity verification partners for KYC compliance
• Google Maps and mapping services for route calculations
• Social login providers if you sign in with Google or Facebook

3.1 Providing Our Services

• Matching you with available drivers for ride requests
• Processing payments and maintaining your transaction history
• Facilitating e-commerce orders and deliveries
• Sending real-time trip updates, ETAs, and order confirmations
• Enabling in-app communication between riders and drivers

3.2 Safety and Security

• Verifying user identity to prevent fraud and account misuse
• Monitoring for suspicious transactions or abnormal account activity
• Sharing location data with emergency services if you activate the SOS feature
• Investigating complaints, accidents, or safety incidents

3.3 Improving Our Platform

• Analysing usage patterns to improve features and performance
• Conducting internal research and analytics
• Testing new features and services

3.4 Marketing and Communications

• Sending promotional offers, discounts, and service updates (with your consent)
• Personalising content and recommendations based on your usage
• Sending transactional messages such as receipts and booking confirmations

You may opt out of marketing communications at any time through the app settings or by contacting us.

Kose requires access to your precise location to function. Location data is used to:

• Identify your pickup point and suggest nearby drivers
• Calculate route distances and estimated fares
• Track trip progress in real time
• Detect unusual trip deviations for safety purposes

We do not sell your personal information. We share your data only in the following circumstances:

5.1 With Drivers

When you book a ride, we share your first name, pickup location, destination, and profile photo with the assigned driver. Your full phone number is not shared; all calls and messages are routed through anonymised channels.

5.2 With Service Providers

We work with trusted third-party vendors for payment processing, cloud infrastructure, customer support, and analytics. These providers are contractually obligated to protect your data and may only use it to deliver services on our behalf.

5.3 For Legal and Regulatory Compliance

We may disclose your information to government authorities, law enforcement, or courts when required by law, in response to a valid legal process, or to protect the rights and safety of Kose, our users, or the public.

5.4 Business Transfers

If Kose undergoes a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to equivalent privacy protections.

We retain your personal information for as long as your account is active or as needed to provide you with our services:

• Account data: retained for the duration of your account, plus 5 years after closure
• Trip and transaction records: retained for 7 years for accounting and regulatory compliance
• Support communications: retained for 3 years
• Location data from completed trips: retained for 2 years

After the applicable retention period, data is securely deleted or anonymised.

Depending on your country of residence, you may have the following rights regarding your personal data:

• Right to access: request a copy of the personal data we hold about you
• Right to correction: request that we correct inaccurate or incomplete data
• Right to deletion: request erasure of your data, subject to legal retention requirements
• Right to portability: receive your data in a structured, machine-readable format
• Right to object: object to processing for direct marketing or profiling
• Right to withdraw consent: where processing is based on consent, withdraw it at any time

We implement appropriate technical and organisational measures to protect your personal information. Our security practices include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest
• Role-based access controls limiting who can access your data
• Regular security audits and vulnerability assessments
• Incident response procedures for data breaches

Despite our measures, no system is completely secure. In the event of a data breach that poses a risk to your rights, we will notify you and relevant authorities as required by applicable law.

Kose services are intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe a minor has created a Kose account, please contact us immediately at privacy@kose.africa.

Our website and app use cookies and similar technologies to remember your preferences, maintain session security, and analyse usage. You can manage cookie preferences through your browser settings. Disabling cookies may affect some functionality of the Platform.

Your data may be processed in countries outside your country of residence where our cloud infrastructure or service providers are located. We ensure that such transfers are protected by appropriate safeguards, including standard contractual clauses and data processing agreements aligned with applicable law.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email at least 14 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our Data Protection Officer:

If you are dissatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your country: