Privacy Policy
RIDER PRIVACY POLICY
Effective Date: June 2026
1. Introduction
BlinkTheApp Limited ("Blink", "we", "us", "our") is committed to protecting your personal data in compliance with the Kenya Data Protection Act, 2019. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the Blink ride-hailing platform as a rider ("you", "your").
References to "Blink" throughout this document refer to BlinkTheApp Limited, the data controller responsible for your personal information.
We are registered with the Office of the Data Protection Commissioner (ODPC) under Registration Number: 143-1709-D3A0. This policy also explains your data protection rights, which you can exercise at any time.
Non-compliance with the Data Protection Act may result in penalties of up to KSh 5 million.
2. Data We Collect
We collect information necessary to provide you with safe, reliable ride-hailing services and to improve your experience on the Blink platform.
2.1 Information You Provide to Us
|
Data Category |
Examples |
|
Registration Data |
Full name, phone number, email address, password |
|
Profile Information |
Profile photo (optional), saved home/work addresses, payment preferences |
|
Payment Information |
M-Pesa transaction details, card payment data (processed by secure third-party payment processors — we do not store full card numbers) |
|
Communications |
Messages you send to drivers through the app, customer support inquiries, ratings and feedback you provide |
|
Promotional Codes |
Information about codes you redeem |
2.2 Information Collected Automatically
|
Data Category |
Examples |
|
Location Data |
Real-time GPS location when the app is open and during active trips. This is essential for: matching you with nearby drivers, calculating fares, providing accurate ETAs, and enabling safety features (trip tracking, emergency assistance). |
|
Trip Data |
Pickup and drop-off locations, route taken, trip duration, distance traveled, fare charged |
|
Device Information |
IP address, device type, operating system, mobile network, device identifiers, app version |
|
Usage Data |
How you interact with the app (features used, screens viewed, time spent) |
2.3 Information from Third Parties
|
Source |
Examples |
|
Payment Processors |
Confirmation of payment completion (we do not receive full financial details) |
|
Referral Programs |
If you were referred by another user, we collect information about that referral |
|
Safety Partners |
In emergency situations, information may be shared with emergency services or security partners |
2.4 Information from Driver Risk Flags (Your Safety Contribution)
When drivers flag locations as unsafe using our driver-led safety feature, aggregated, anonymized data may be used to identify high-risk zones. Your trip data may contribute to these safety insights, but your personal identity is never associated with flagged locations. Data is anonymized by removing all direct identifiers such as name and phone number, and is analyzed only in aggregate.
3. How We Use Your Information
We use your personal data for the following purposes, based on the legal bases specified in the Data Protection Act, 2019.
3.1 Service Provision (Lawful Basis: Performance of a Contract)
|
Purpose |
How We Use Your Data |
|
Account Creation |
To create and manage your rider account |
|
Ride Matching |
To connect you with nearby drivers based on your location |
|
Navigation |
To provide accurate ETAs and route guidance |
|
Fare Calculation |
To calculate trip costs based on distance, time, and dynamic pricing |
|
Payment Processing |
To process payments through M-Pesa or card (via secure third parties) |
|
Receipts & History |
To provide trip receipts and ride history |
|
Customer Support |
To respond to your inquiries and resolve issues |
3.2 Safety, Security & Fraud Prevention (Lawful Basis: Legitimate Interests)
Your safety is our top priority. We process your personal data, including real-time location, trip details, and device information, to help ensure a secure experience for both riders and drivers. This processing is essential for our legitimate interest in providing a safe platform and is conducted in accordance with the Data Protection Act, 2019.
We use your data for a range of safety and security measures, which may include, but are not limited to:
- Real-Time Trip Monitoring: Our systems track your trip to detect potential safety incidents, such as unexpected route deviations, prolonged stops, or speed anomalies that are unusual for the road conditions.
- Safety Feature Functionality: We use your location and trip data to enable features such as trip sharing with trusted contacts, in-app emergency assistance, and high-risk zone alerts.
- Incident Investigation: In the event of a safety incident, we may analyze your trip data, communications, and other relevant information to investigate and take appropriate action.
- Fraud Prevention: We monitor for fraudulent activity to protect our users and platform. This includes detecting fake accounts, trip manipulation, and payment fraud.
- Feature Innovation: As we develop new safety features for the Blink app, we may analyze your existing trip, location, and behavior data in new ways to power these features. For example, after collecting data from trips in a specific area, our systems may identify patterns (such as repeated route deviations or cancellation patterns) that help us improve fraud detection, enhance safety alerts, or optimize ride matching. If a new safety feature requires collecting additional categories of personal data or using your data for a purpose that is not compatible with the original purposes described in this policy, we will seek your fresh, explicit consent before proceeding. You will be informed of any significant new processing activities through our app or this policy.
3.3 Legal & Regulatory Compliance (Lawful Basis: Legal Obligation)
We use your data to:
- Comply with lawful requests from Kenyan authorities including:
- National Transport and Safety Authority (NTSA)
- National Police Service
- Office of the Data Protection Commissioner (ODPC)
- Courts of law
- Maintain records as required by tax laws
- Respond to valid legal process
3.4 Platform Improvement & Business Operations (Lawful Basis: Legitimate Interests)
|
Purpose |
Description |
|
Algorithmic Matching |
We analyze rider preferences, driver proximity, and past trip patterns to improve match quality |
|
Dynamic Pricing |
Fares may be adjusted based on real-time weather conditions (e.g., heavy rain, fog, extreme heat) that impact driving safety and demand |
|
App Improvement |
We analyze usage patterns to improve app functionality and develop new features |
|
Analytics |
We conduct business analytics using anonymized or aggregated data where possible |
|
Research |
We may use aggregated trip data for safety research and urban mobility insights |
3.5 Communications (Lawful Basis: Consent / Legitimate Interests)
|
Type |
Basis |
|
Transactional Communications |
Trip receipts, account updates, safety alerts — sent as part of service provision |
|
Marketing Communications |
Promotional offers, new features — sent only with your consent (opt-in) |
|
Safety Communications |
"Are you okay?" check-ins, high-risk zone alerts — sent as part of our safety obligations |
You can opt out of marketing communications at any time through app settings or by contacting support. We will not share your personal data with third parties for their own marketing purposes.
4. How We Share Your Information
We do not sell your personal data. We only share it in limited circumstances.
What "Selling" Means vs. "Sharing"
When we say we do not sell your personal data, we mean:
- We do not transfer your personal data to third parties for their own independent use, marketing, or commercial benefit.
- We do not receive payment or other consideration in exchange for your personal data.
The sharing described in this Section 4 is different from selling:
- We share data only when necessary to provide our ride-hailing service, ensure your safety, comply with the law, or handle disputes.
- Our service providers (such as payment processors and cloud storage providers) process your data only on our behalf and only for the specific purposes we instruct. They cannot use your data for their own purposes.
- Regulatory authorities, law enforcement, and insurance providers receive data only when required by law or to process legitimate claims.
In short: We share to serve you, not to sell you.
4.1 With Drivers
When a driver accepts your ride request, we share:
- Your first name
- Your pickup location
- Your destination (once trip starts)
- Your rating (anonymized average)
- In-app call/SMS capability (phone numbers are masked — neither party sees the other's real number)
4.2 With Service Providers
We engage trusted third-party vendors who process data on our behalf:
|
Provider Type |
Examples |
Safeguards |
|
Payment Processors |
M-Pesa integration, card payment gateways |
Strict contractual data protection obligations |
|
Cloud Storage |
Data hosting services |
Servers may be located outside Kenya — see Section 8 |
|
Customer Support |
Support ticketing systems |
Access limited to what's necessary |
|
Analytics |
App usage analysis |
Anonymized where possible |
|
Safety Partners |
Emergency response services |
Shared only during active emergencies |
4.3 For Legal Reasons
We may share your information if required by:
- Law, regulation, or legal process
- Governmental or regulatory request (NTSA, police, ODPC)
- Enforcement of our Terms of Service or Community Guidelines
4.4 For Safety & Protection
We may share information to protect the rights, property, or safety of:
- Blink (including our drivers and employees)
- Our riders
- The public
This includes sharing with law enforcement in emergency situations or during incident investigations.
4.5 Business Transfers
In connection with a merger, sale of company assets, financing, or acquisition of all or a portion of our business, your information may be transferred to the acquiring entity. You will be notified of any such change.
4.6 With Your Consent
We may share your information for other purposes with your explicit consent. You will be informed of the specific purpose, the data to be shared, and the third parties involved before we seek your consent. You may withdraw your consent at any time.
5. Phone Number Masking & Communications
5.1 Anonymous Calling
When you call a driver through the Blink app, your phone number is masked. Both parties see a temporary, anonymous number instead of personal contact details. This protects your privacy before, during, and after the trip.
5.2 In-App Chat
Messages sent through the app are stored temporarily for safety and dispute resolution purposes.
5.3 Recording Features (If Applicable)
If Blink introduces optional audio or video recording features to enhance safety and provide evidence in disputes:
- You will be notified before any trip where recording is enabled
- Recordings are encrypted and stored on the driver's device — Blink cannot access or listen to them unless shared voluntarily by the driver or rider
- Recordings can only be shared with Blink or authorities to investigate a safety incident, with your consent or as required by law
Important: When drivers use third-party recording apps (such as dash cams), they are solely responsible for their compliance with the Data Protection Act, 2019. This includes displaying clear notices that recording is taking place and obtaining consent from passengers where required. Blink provides guidance but compliance is the driver's individual responsibility.
Feature Innovation: As we develop new safety features for the Blink app, we may analyze your existing trip, location, and behavior data in new ways to power these features. If a new recording feature requires collecting additional categories of personal data or using your data for a purpose that is not compatible with the original purposes described in this policy, we will seek your fresh, explicit consent before proceeding. You will be informed of any significant new processing activities through our app or this policy.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal data against:
- Unauthorized access
- Alteration
- Disclosure
- Destruction
Security measures include:
- Encryption of data in transit and at rest
- Secure authentication protocols
- Regular security assessments
- Access controls limiting internal access to what's necessary
- Staff training on data protection
While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure.
Data Breach Response: In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Office of the Data Protection Commissioner within 72 hours of becoming aware of the breach, as required by law. Affected users will also be notified without undue delay where the breach is likely to result in a high risk to their rights.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
|
Data Category |
Retention Period |
Justification |
|
Account Information |
Duration of account + 3 years after closure |
Statute of limitations for claims |
|
Trip Data |
90 days |
Safety investigations, dispute resolution |
|
Location Data |
90 days |
Safety monitoring, fraud prevention |
|
Payment Records |
5 years |
Legal obligation under Tax Procedures Act, 2015 (Section 23) |
|
Communications with Support |
3 years |
Customer service improvement, dispute resolution |
|
Safety Alerts |
90 days |
Incident investigation, pattern analysis |
|
Anonymized/Aggregated Data |
Indefinitely |
Business analytics, research (no longer linked to you) |
7.1 Account Deletion
When you request to delete your Blink account, the following process applies:
Immediate Deactivation: Your account will be immediately deactivated upon your deletion request. You will no longer be able to use the Blink platform or access your account.
30-Day Grace Period: After you request deletion, your account enters a 30-day grace period. During this time:
- Your data is not deleted immediately
- You may contact us to cancel your deletion request and reactivate your account
- After 30 days, your deletion request becomes permanent and cannot be reversed
What We Delete:
|
Data Category |
What Happens After Permanent Deletion |
|
Account Information (name, email, phone number, password) |
Permanently deleted |
|
Profile Information (photo, saved addresses, payment preferences) |
Permanently deleted |
|
Trip History (pickup/drop-off locations, routes, distances) |
Pseudonymized or permanently deleted (except where required for legal or safety purposes) |
|
Location Data |
Permanently deleted |
|
Usage & Device Data |
Permanently deleted |
|
Marketing Preferences |
Permanently deleted |
What We Retain:
|
Data Category |
Retention Period |
Why We Keep It |
|
Payment Records |
5 years |
Legal obligation under Tax Procedures Act, 2015 (Section 23) |
|
Customer Support Communications |
3 years |
To resolve any future disputes or complaints |
|
Safety Alerts & Incident Reports |
90 days |
To investigate any safety incidents that occurred before deletion |
|
Trip Data (if involved in an active investigation) |
Until investigation concludes |
Safety and legal compliance |
|
Anonymized/Aggregated Data |
Indefinitely |
Business analytics and research (no longer linked to you) |
When Deletion May Be Delayed:
We may delay or refuse an account deletion request in the following circumstances:
- You have an outstanding balance owed to Blink or a driver
- You have unresolved disputes or complaints with us
- Your account is under investigation for fraud or safety violations
- We are required by law to retain the data
- You have pending trips or transactions that need to be completed
If your deletion request is delayed for any of these reasons, we will inform you of the specific reason and the expected timeline for completion.
After these periods, data is securely deleted or anonymized.
8. Cross-Border Data Transfers
Your personal data may be transferred to and stored on secure servers located outside Kenya (for example, in the European Union or United States) where our cloud infrastructure providers operate.
Where we transfer your data outside Kenya, we ensure appropriate safeguards are in place as required by Section 48 of the Data Protection Act, 2019, including:
- Standard data protection contractual clauses adopted by the ODPC
- Ensuring the recipient country has adequate data protection laws (for EU transfers, adequacy decisions)
- Binding corporate rules where applicable
You have the right to request a copy of the safeguards applied to cross-border transfers by contacting our Data Protection Officer.
8.1 Local Data Storage
In compliance with the Office of the Data Protection Commissioner's (ODPC) guidelines for the transport sector, Blink maintains a synchronized copy of Kenyan user data within local data centers in Kenya. This ensures that your personal data is always accessible within the country, as required by law
9. Automated Decision-Making & Account Flagging
9.1 Automated Decision-Making
Blink uses automated systems for:
- Trip matching (based on location, availability, past interactions)
- Weather-based pricing (fares adjusted based on real-time weather conditions such as rain, fog, or extreme temperatures)
- Safety alerts (automated detection of route deviations, speeding, long stops)
- Account flagging (automated review triggers for repeated safety alerts or concerning patterns)
- Fraud detection (pattern analysis to detect fake accounts, payment fraud, or collusion)
9.2 Flagging & Review Process
Our automated systems may flag your account for review when concerning patterns are detected. The review process is designed to be fair, transparent, and timely:
|
Severity |
Examples |
Action |
Review Timeline |
|
Critical |
Repeated safety violations, fraud patterns |
Account temporarily blocked pending investigation |
Decision within 24 hours |
|
High |
Multiple safety alerts in one trip, concerning patterns |
Flagged for review |
Decision within 48 hours |
|
Medium |
Single safety anomaly, first-time concerning behavior |
Warning + incident logged |
30-day monitoring period |
|
Low |
Minor deviations, first-time minor issues |
Informal warning |
No action unless repeated |
Note: The specific thresholds for what constitutes each severity level may be adjusted from time to time to improve safety outcomes and adapt to changing conditions. You will be notified of any significant changes to the flagging criteria.
9.3 Your Appeal Rights
Where automated decisions result in legal effects (such as account deactivation), you have the right to:
|
Right |
How It Works |
|
Appeal Window |
7 days from notification |
|
How to Appeal |
Respond through the app with: your explanation, context (technical issue, false alert, misunderstanding), and any evidence you wish to submit |
|
Human Review |
Your appeal is reviewed by a human team member |
|
Decision Timeline |
• Critical cases: within 24 hours |
|
Flag History |
You can view your complete flag history in the app, including all past alerts, resolution of each case, notes from review team, and appeal status |
To exercise these rights, contact our Data Protection Officer.
10. Cookies and Tracking Technologies
10.1 What Are Cookies?
Cookies are small text files stored on your device when you use our app or website. They help us remember your preferences, understand how you interact with our platform, and improve your experience.
10.2 Types of Cookies We Use
|
Cookie Type |
Purpose |
|
Essential Cookies |
Necessary for the app to function (e.g., authentication, session management). Cannot be disabled. |
|
Performance/Analytics Cookies |
Help us understand how users interact with our app (e.g., which features are used most, error tracking). We use tools such as Google Firebase and Mixpanel for this purpose. |
|
Functionality Cookies |
Remember your preferences (e.g., language, saved addresses) to personalize your experience. |
|
Advertising/Marketing Cookies |
Used to deliver relevant promotional content and measure the effectiveness of our campaigns. These are only set with your consent. |
10.3 Your Choices
You can manage your cookie preferences through your device settings or our app settings. You may disable non-essential cookies at any time. However, disabling essential cookies may affect the functionality of our app.
10.4 Third-Party Tracking
Our app may include third-party SDKs (Software Development Kits) that collect device information and usage data for analytics and advertising purposes. These third parties process data in accordance with their own privacy policies.
11. Data Protection Impact Assessments
Blink is committed to protecting your privacy by design and by default. In accordance with the Data Protection Act, 2019, we conduct Data Protection Impact Assessments (DPIAs) for any high-risk processing activities, including:
- Processing of real-time location data for safety monitoring
- Automated decision-making systems that may affect your rights
- Introduction of new features involving sensitive data (e.g., audio/video recording)
- Large-scale processing of personal data
These assessments help us identify and mitigate privacy risks before they impact you. If a DPIA identifies a significant risk that cannot be mitigated, we will consult the Office of the Data Protection Commissioner before proceeding.
12. Your Data Protection Rights
Under the Data Protection Act, 2019, you have the following rights:
|
Right |
What It Means |
How to Exercise |
|
Right of Access |
Request a copy of your personal data |
Via app settings or email request |
|
Right to Correction |
Update inaccurate or incomplete data |
Edit profile directly in app |
|
Right to Deletion |
Request deletion of your data |
Subject to legal retention obligations |
|
Right to Objection |
Object to processing based on legitimate interests |
Contact DPO |
|
Right to Restriction |
Request restriction of processing while disputes are resolved |
Contact DPO |
|
Right to Portability |
Receive your data in structured, machine-readable format |
Contact DPO |
|
Right to Withdraw Consent |
Withdraw consent where processing is based on consent |
Toggle settings or contact support |
|
Right to Lodge a Complaint |
Complain to the Office of the Data Protection Commissioner |
complaints@odpc.go.ke / 0706 366 000 |
13. Children's Privacy
Our services are not intended for users under 18. We do not knowingly collect data from children under 18. If you believe a child has provided us with personal data, please contact us immediately.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or industry standards. We will notify you of significant changes through:
- In-app notification
- Email (if you have provided one)
- Notice on our website
The "Effective Date" at the top of this policy indicates when it was last updated.
15. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact:
|
Role |
Contact Details |
|
Data Protection Officer |
support@blinktheapp.com |
|
Privacy Team |
support@blinktheapp.com |
|
Customer Support |
support@blinktheapp.com |
|
Physical Address |
P.O BOX 27758 CITY SQUARE TELEPHONE: +254799995779 COUNTY: NAIROBI, DISTRICT: STAREHE DISTRICT, LOCALITY: STAREHE STREET: MAASAI ROAD, BUILDING: 209 |
Office of the Data Protection Commissioner (ODPC)
|
Contact |
Details |
|
Website |
|
|
|
complaints@odpc.go.ke |
|
Phone |
0706 366 000 |
|
Physical Address |
P.O Box 14926-00800, Westlands, Nairobi |
DRIVER PRIVACY POLICY
Effective Date: June 2026
1. Introduction
BlinkTheApp Limited ("Blink", "we", "us", "our") is committed to protecting your personal data in compliance with the Kenya Data Protection Act, 2019. This Privacy Policy for Drivers explains how we collect, use, share, and protect your personal data when you use the Blink platform as a driver ("you", "your").
References to "Blink" throughout this document refer to BlinkTheApp Limited, the data controller responsible for your personal information.
We are registered with the Office of the Data Protection Commissioner (ODPC) under Registration Number: 143-1709-D3A0. This policy also explains your data protection rights, which you can exercise at any time.
Non-compliance with the Data Protection Act may result in penalties of up to KSh 5 million.
2. Data We Collect
We collect information necessary to verify your eligibility to drive, facilitate safe rides, comply with legal obligations, and improve our platform.
2.1 Information You Provide to Us
|
Data Category |
Examples |
Why We Collect It |
|
Registration Data |
Full name, phone number, email address, KRA PIN, date of birth |
Account creation, tax compliance, identity verification |
|
Government Identification |
Copy of National ID card or Passport, driver's license number, passport-sized photo |
Legal requirement, identity verification, NTSA compliance |
|
Driver Credentials |
NTSA PSV badge number, PSV license details, defensive driving certificates |
Legal requirement, platform eligibility |
|
Vehicle Information |
Vehicle registration number, logbook, NTSB inspection reports, insurance certificates, vehicle photos |
Safety verification, legal compliance, rider transparency |
|
SACCO Membership |
Transport SACCO name, membership number |
Nairobi County regulatory requirement |
|
Bank/Payment Details |
Bank account details, M-Pesa business number |
Earnings disbursement |
|
Tax Information |
KRA PIN certificate, tax compliance documents |
Legal obligation under Tax Procedures Act |
|
Communications |
Messages with riders through the app, customer support inquiries, feedback you provide |
Service improvement, dispute resolution |
2.2 Information Collected Automatically
|
Data Category |
Examples |
Why We Collect It |
|
Location Data |
Real-time GPS location when the app is online and during active trips |
Trip matching, navigation, fare calculation, safety monitoring |
|
Trip Data |
Routes taken, pickup/drop-off locations, trip duration, distance traveled, fare earned |
Payment calculation, safety investigations, dispute resolution |
|
Device Information |
IP address, device type, operating system, mobile network, device identifiers, app version |
Fraud prevention, app optimization, security |
|
Usage Data |
How you interact with the app (online/offline patterns, acceptance rates, cancellation rates) |
Platform integrity, quality monitoring |
|
Safety Alerts |
Route deviations, speed anomalies, long stops, boda boda speed data, high-risk zone entries |
Safety monitoring, incident prevention, driver protection |
2.3 Information from Third Parties
|
Source |
Examples |
Why We Collect It |
|
NTSA |
Driver license verification, PSV badge status, vehicle registration verification |
Legal compliance, identity verification |
|
Payment Processors |
Payment confirmation records |
Earnings disbursement |
|
Insurance Providers |
Insurance policy verification |
Legal compliance, safety verification |
|
Rider Feedback |
Ratings, reviews, incident reports |
Quality assurance, safety monitoring |
|
Law Enforcement / Regulators |
Requests for driver information |
Legal compliance, incident investigations |
|
Safety Partners |
Emergency incident reports |
Driver safety, incident response |
3. How We Use Your Information
We use your personal data for the following purposes, based on the legal bases specified in the Data Protection Act, 2019.
3.1 Service Provision (Lawful Basis: Performance of a Contract)
|
Purpose |
How We Use Your Data |
|
Account Creation & Verification |
To create and manage your driver account, verify your identity and credentials |
|
Regulatory Compliance Verification |
To verify your NTSA PSV badge, driver's license, insurance, and vehicle inspection status |
|
Ride Matching |
To connect you with riders based on your location and availability |
|
Navigation |
To provide route guidance and ETAs |
|
Fare Calculation & Payment |
To calculate trip earnings based on distance, time, and weather-based pricing adjustments |
|
Earnings Disbursement |
To process payments to your bank account or M-Pesa |
|
Trip History |
To provide you with earnings statements and ride records |
|
Customer Support |
To respond to your inquiries and resolve issues |
3.2 Safety, Security & Fraud Prevention (Lawful Basis: Legitimate Interests)
Your safety and the safety of riders is our priority. We process your personal data, including real-time location, trip details, and device information, to help ensure a secure experience for both drivers and riders. This processing is essential for our legitimate interest in providing a safe platform and is conducted in accordance with the Data Protection Act, 2019.
We use your data for a range of safety and security measures, which may include, but are not limited to:
- Real-Time Trip Monitoring: Our systems monitor your location, speed, and route during active trips to detect potential safety incidents, such as unexpected route deviations, prolonged stops, or speed anomalies that are unusual for the road conditions.
- Safety Feature Functionality: We use your location and trip data to enable features such as high-risk zone alerts, emergency assistance, and route deviation warnings.
- Incident Investigation: In the event of a safety incident, we may analyze your trip data, communications, and other relevant information to investigate and take appropriate action. This includes reviewing rider reports, safety alerts, and complaints.
- Fraud Prevention: We monitor for fraudulent activity to protect our users and platform. This includes detecting fake trips, GPS manipulation, fake accounts, and collusion.
- Emergency Response: In critical situations, we may contact emergency services with your last known location to ensure your safety and the safety of riders.
- Driver Risk Flags: We collect and aggregate driver-submitted risk flags to identify dangerous locations and warn other drivers. Your identity is anonymized in this process.
- Feature Innovation: As we develop new safety features for the Blink app, we may process your data in new ways to power these features. You will be informed of any significant new processing activities through our app or this policy.
Our Security Alerts System: Your trip data feeds into our automated safety monitoring. Alerts are reviewed by our safety team, and in critical situations, appropriate action is taken up to and including contacting emergency services.
3.3 Legal & Regulatory Compliance (Lawful Basis: Legal Obligation)
We use your data to:
|
Obligation |
How We Comply |
|
NTSA Compliance |
Verify PSV badges, driver's licenses, vehicle inspection reports |
|
Nairobi County Compliance |
Verify SACCO membership and county permits |
|
Tax Compliance |
Report earnings to KRA, retain records for 7 years (Tax Procedures Act) |
|
Law Enforcement Requests |
Respond to lawful requests from police, NTSA, ODPC, and courts |
|
Insurance Requirements |
Verify active insurance coverage, provide data for claims |
|
Data Protection Compliance |
Maintain records as required by ODPC |
3.4 Platform Improvement & Business Operations (Lawful Basis: Legitimate Interests)
|
Purpose |
Description |
|
Algorithmic Matching |
We analyze driver location, availability, and rider preferences to improve match quality |
|
Weather-Based Pricing |
Fares may be adjusted based on real-time weather conditions (e.g., heavy rain, fog, extreme heat) that impact driving safety and demand |
|
Route Optimization |
We analyze trip data to improve navigation and ETA accuracy |
|
App Improvement |
We analyze usage patterns to improve app functionality and develop new features |
|
Safety Research |
We use aggregated trip data to identify accident hotspots and improve safety protocols |
|
Analytics |
We conduct business analytics using anonymized or aggregated data where possible |
3.5 Communications (Lawful Basis: Consent / Legitimate Interests)
|
Type |
Basis |
|
Transactional Communications |
Trip notifications, earnings statements, account updates, safety alerts — sent as part of service provision |
|
Marketing Communications |
Promotional offers, new features, earnings tips — sent only with your consent (opt-in) |
|
Safety Communications |
High-risk zone warnings, safety tips, incident follow-ups — sent as part of our safety obligations |
You can opt out of marketing communications at any time through app settings or by contacting support. We will not share your personal data with third parties for their own marketing purposes.
4. How We Share Your Information
We do not sell your personal data. We only share it in limited circumstances.
What "Selling" Means vs. "Sharing"
When we say we do not sell your personal data, we mean:
- We do not transfer your personal data to third parties for their own independent use, marketing, or commercial benefit.
- We do not receive payment or other consideration in exchange for your personal data.
The sharing described in this Section 4 is different from selling:
- We share data only when necessary to provide our ride-hailing service, ensure your safety, comply with the law, or handle disputes.
- Our service providers (such as payment processors and cloud storage providers) process your data only on our behalf and only for the specific purposes we instruct. They cannot use your data for their own purposes.
- Regulatory authorities, law enforcement, and insurance providers receive data only when required by law or to process legitimate claims.
In short: We share to serve you, not to sell you.
4.1 With Riders
When you accept a ride request, riders can see:
- Your first name
- Your vehicle make, model, color, and license plate
- Your photo
- Your overall rating
- Your real-time location during the trip
Phone numbers are masked — neither party sees the other's real number.
4.2 With Service Providers
We engage trusted third-party vendors who process data on our behalf:
|
Provider Type |
Examples |
Safeguards |
|
Payment Processors |
Bank transfers, M-Pesa integration |
Strict contractual data protection obligations |
|
Cloud Storage |
Data hosting services |
Servers may be located outside Kenya — see Section 10 |
|
Identity Verification |
NTSA integration partners |
Limited to verification purposes only |
|
Customer Support |
Support ticketing systems |
Access limited to what's necessary |
|
Analytics |
App usage analysis |
Anonymized where possible |
|
Safety Partners |
Emergency response services |
Shared only during active emergencies |
4.3 With Regulatory Authorities
We share information with Kenyan authorities as required by law:
|
Authority |
Examples of Sharing |
|
National Transport and Safety Authority (NTSA) |
Driver verification, PSV status, trip data for investigations |
|
Nairobi City County |
SACCO membership verification, permit compliance |
|
Kenya Revenue Authority (KRA) |
Earnings reports, tax compliance verification |
|
National Police Service |
Incident investigations, accident reports, criminal investigations |
|
Office of the Data Protection Commissioner (ODPC) |
Data protection compliance audits, complaint investigations |
4.4 For Legal Reasons
We may share your information if required by:
- Law, regulation, or legal process
- Court order or subpoena
- Enforcement of our Terms of Service or Community Guidelines
4.5 For Safety & Protection
We may share information to protect the rights, property, or safety of:
- Blink (including our employees and riders)
- Our drivers
- The public
This includes sharing with law enforcement in emergency situations or during incident investigations.
4.6 With Insurance Providers
In the event of an accident or incident, we may share relevant trip data with your insurance provider or the rider's insurance provider to facilitate claims.
4.7 Business Transfers
In connection with a merger, sale of company assets, financing, or acquisition of all or a portion of our business, your information may be transferred to the acquiring entity. You will be notified of any such change.
4.8 With Your Consent
We may share your information for other purposes with your explicit consent.
5. Driver Risk Flags & Community Safety
5.1 Driver-Led Safety Intelligence
Blink empowers drivers to contribute to community safety through our Driver Risk Flag feature.
|
Feature |
How It Works |
|
Submitting Risk Flags |
You can flag locations you perceive as unsafe directly in the app, including: GPS coordinates, reason (unsafe area, harassment, robbery, accident zone, poor lighting), and time of day when risk is most relevant |
|
Anonymization |
Your identity is not associated with verified zones. Only aggregated flag counts are used |
|
Verification |
When multiple drivers flag the same area, it becomes a verified "high-risk zone" |
|
Benefits |
Other drivers receive warnings before accepting trips to these zones; you may decline trips to verified high-risk zones with no penalty, no suspension, and no rating reduction |
5.2 Good Faith Requirement
Good Faith Requirement: Risk flags must be submitted in good faith. Submitting false or malicious flags to manipulate zones may result in account review or deactivation. The driver risk flag system is a safety tool intended to reduce risk but does not guarantee complete safety. We encourage you to remain vigilant at all times.
6. Phone Number Masking & Communications
6.1 Anonymous Calling
When riders call you through the Blink app, your phone number is masked. Both parties see a temporary, anonymous number instead of personal contact details. This protects your privacy before, during, and after the trip.
6.2 In-App Chat
Messages sent through the app are stored temporarily for safety and dispute resolution purposes.
6.3 Recording Features (If Applicable)
Feature Innovation: As we develop new safety features for the Blink app, we may process your data in new ways to power these features. You will be informed of any significant new processing activities through our app or this policy.
Important: When using third-party recording apps, you may act as a data controller for the personal data you collect. You are solely responsible for your individual compliance with the Data Protection Act, 2019. Failure to comply with legal requirements, including displaying clear notices and obtaining consent, may result in account review or deactivation
|
Feature |
Rules & Responsibilities |
|
Driver-Initiated Dash Cams |
|

