PikiPiki Privacy Policy Page

PikiPiki Privacy Policy

Effective Date: September 27, 2025

Introduction

Welcome to PikiPiki! We are a ride-hailing service based in Uganda. PikiPiki is a product owned and managed by Vlaux Artificial Intelligence, located at Q8C5+772, Opp. Pece Stadium Venue, Gulu, Uganda. We operate two mobile applications: PikiPiki Rider (for passengers) and PikiPiki Driver (for drivers). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use and share it, and your rights regarding your information. We only collect and use personal data as described here, in compliance with applicable laws (including Uganda’s Data Protection and Privacy Act, 2019) and Google Play Developer Policies. By using our apps and services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use PikiPiki.

User Data

We collect and handle user data with your privacy in mind and in accordance with Google Play’s User Data policies and applicable laws. The types of data we collect include personal information (such as your name, contact details, and profile photo), location data, financial/payment information, device and usage data, and any content or files you choose to provide (like photos or ID documents). We only collect data that is necessary to provide and improve our services, and we obtain your consent for any sensitive information. We do not sell your personal data to third parties, and we protect all user data with strong security measures described in this policy.

Sensitive Permissions: Our apps may request access to certain device features or data, but only to enable core functionalities of the PikiPiki service. For example, we ask for your permission to use location services so we can match riders with drivers and provide navigation during rides. If you grant background location access, the app will collect your location even when it’s not in use, but only when you have an active ride (this ensures continuous tracking for accurate routes and safety monitoring). We display a clear in-app prompt explaining why background location is needed, and we only start collecting it if you explicitly opt in. Similarly, we may request permission to use your camera (for taking profile pictures or uploading documents) or to read/send SMS (for reading one-time passcodes or sharing ride details with your consent). These permissions are entirely optional – you can still use many features of PikiPiki if you decline, though certain functionalities (like automatically detecting a verification code or continuously updating trip progress) might be limited. We will never activate any sensitive permission (such as your GPS or camera) in the background without your knowledge; data from these sources is used solely for the purposes you approve.

Account and Data Deletion: We adhere to Google Play’s Account Deletion requirements by offering you a straightforward way to delete your account and data. If you decide you no longer want to use PikiPiki, you can delete your account through the app or by contacting us, as detailed in the “Account Deletion” section below. Once you initiate deletion, we will remove your personal information from our active systems (aside from data we must keep for legal reasons) and you will not be able to access your account. This process gives you control over your data and the freedom to discontinue using our service at any time.

Data We Collect

We collect both personal information (that can identify you) and non-personal information when you use PikiPiki. This includes data you provide directly and data collected automatically through the app’s features and permissions.

Personal Identifiable Information: When you create an account or use PikiPiki, you provide information like your name, phone number, email address, and profile photo. This helps identify you on the platform. For drivers, we may also collect additional details such as license or ID documents (via camera upload) for verification purposes.

Location Data: We collect precise GPS location data from your device to match riders and drivers and to track rides in real time. This includes location information while you’re using the app in the foreground, and background location data when you have an active ride even if the app is closed or not in use. Important: We only collect background location with your explicit permission. The PikiPiki app will display a prominent in-app disclosure explaining why background location is needed (for continuous ride tracking, navigation, and safety features), and we will ask you to affirmatively consent (opt-in) before enabling it, in accordance with Google Play policies. You can choose not to grant background location access; however, certain features (like live trip tracking and SOS emergency assistance) will not function without it.

Payment and Financial Data: To facilitate payments for rides, we collect payment-related information. For mobile money transactions, we may store a payment token or transaction ID and your mobile wallet provider (e.g., MTN Mobile Money or Airtel Money). For card payments, we may collect the last four digits of your card or a payment token. Please note: We do not store full credit/debit card numbers or bank PINs on our servers. Card payments are processed by secure third-party payment processors, and any sensitive card details are handled by them.

Device and App Usage Data: We automatically collect technical data about your device and how you interact with our apps. This includes your device model, operating system version, App Set ID (a unique app-specific identifier), IP address, PikiPiki app version, and device language/region. We also gather usage and log information such as features you use, pages or screens viewed, taps and menu interactions, ride request logs, timestamps, and crash or error reports. We collect diagnostic logs and crash data (for example, through crash reporting tools) to troubleshoot issues and improve app stability.

Camera, Photos and Storage: Our apps may request access to your device’s camera and/or storage (photos, media, files) when necessary. For instance, drivers may need to upload profile pictures, identification documents, or vehicle documents using the camera or photo library. Riders might upload profile images or photos when reporting an issue. Any images or documents you provide are collected only for the specific verification or support purpose and stored securely. We will ask for your permission before accessing your camera or photos, and you can decline or later revoke this permission in your device settings.

SMS Data (Text Messages): In certain cases, PikiPiki may request access to your SMS messages or send SMS from your phone. This is only used for specific features such as automatically reading a one-time password (OTP) sent to your phone for verification, or enabling you to share ride details or invitations via an SMS you initiate. We do not collect your SMS messages for any other purpose, and we will only access SMS with your consent. (For example, during account verification, you can grant the app permission to read the SMS OTP to autofill the code, or you may choose to send an SMS to a friend with your ride link if that feature is available.) If you do not grant SMS permission, you can still manually enter verification codes or use alternative methods.

Additional Data Sources: We may receive information about you from other sources to the extent you use certain features – for example, if you contact our customer support, we will collect the information you provide during the support interaction (such as emails or call recordings for quality assurance). If another user refers you to PikiPiki or you use a referral code, we may note who referred you (but we do not collect third-party contact information without consent).

We do not intentionally collect any sensitive personal data that is not mentioned above, such as your race, religion, health status, or biometric data, unless required for a specific feature and with your consent. PikiPiki is not intended to collect data from children (see “Children’s Privacy” below).

How We Use Your Data

We use your personal and device data to provide, maintain, and improve the PikiPiki services. Specifically, we use data for the following purposes:

Providing the Ride-Hailing Service: We use your information to create and manage your account, and to allow you to use the PikiPiki apps as a rider or driver. This includes using your personal details to verify your identity when logging in and ensuring only authorized users access your account.

Matching Riders and Drivers: Your location and profile data are used to match riders looking for transportation with nearby available drivers. For riders, when you request a ride, the app uses your GPS location (pickup point) to find drivers and to display your location to the driver who accepts the request. For drivers, your location helps us show your position to riders (before and during a trip) and match you with ride requests in your vicinity.

Real-Time Trip Tracking and Navigation: We track rides in real time using GPS data so that riders and drivers can see each other’s location during the trip, get accurate turn-by-turn navigation, and receive ETA updates. Background location tracking (when you have an ongoing ride but the app is not actively open on screen) ensures the trip can continue to be monitored if, for example, a rider’s phone screen turns off or the app is minimized. This continuous location tracking is crucial for safety and accurate fare calculation. It also enables features like showing the rider’s trip progress to a trusted contact (if trip sharing is enabled) and allowing our system to detect if a trip has stopped unexpectedly (for potential emergencies).

Safety Features and Emergency Response: Safety is a core part of PikiPiki. We use collected data to provide safety features such as SOS emergency buttons, ride sharing/trip updates to emergency contacts, and driver/rider identity verification. For example, if you trigger an SOS alert in the app, we will use your GPS location and profile info to assist emergency services or our 24/7 support team in responding. We may also use past ride information and location history to investigate safety incidents or complaints. Additionally, location and identity info help us implement measures like ensuring riders get the correct driver (by showing the driver’s name and photo) and enabling two-way ratings after each ride to maintain quality and safety standards.

Calculating Fares and Processing Payments: We use ride distance and duration (obtained from GPS) to calculate trip fares. Your payment information (mobile money token, card details, etc.) is used to process payments for rides. For example, after a ride, we charge your selected payment method the appropriate fare. We also use payment data to process refunds, apply discounts or promotions, and resolve any payment disputes. All payment processing is done securely, and we adhere to relevant security standards (like not storing full card numbers, as mentioned).

Communications and Notifications: We use your contact information (email, phone) to communicate with you about rides and our services. This includes sending ride confirmations and receipts, informing you of ride status (e.g., driver arrival notifications, ride completion), and responding to your inquiries or support requests. We may also send in-app push notifications or SMS for important alerts, such as changes in your ride or updates to our terms. If you are a driver, we might send you information about rider requests, tips for using the app, or updates required for your account.

Ratings, Reviews, and Dispute Resolution: After each ride, riders and drivers can rate each other and provide feedback. We collect and use these ratings and reviews to maintain service quality, resolve complaints, and, if necessary, investigate and take action against misconduct. For example, if we receive a complaint about unsafe driving or inappropriate behavior, we will use the data related to that ride (user identities, trip route, timestamp, feedback comments) to review the incident and take appropriate measures (which could include contacting the parties involved, providing coaching, or suspending an account as warranted). Similarly, if there is a payment dispute or fare issue, we will use trip and payment records to resolve it.

Customer Support: If you contact PikiPiki Customer Support (via in-app chat, phone, or email at info@pikipiki.co), we will use the information you provide, along with your account info and ride history, to help answer your questions or address your issues. This may involve accessing relevant details (like your last trip, or device info if it’s a technical problem) to troubleshoot and resolve the problem effectively.

Service Improvement and Analytics: We continuously strive to improve PikiPiki’s functionality and user experience. To do so, we analyze the data on how users interact with our apps and services. We may use aggregated usage data and analytics tools to identify trends (for example, which app features are most used, average wait times, crash frequencies) and to fix bugs or improve performance. Crash logs and device information help us debug issues and ensure the app works smoothly on various devices. Usage statistics (in an anonymized form) might help us optimize driver allocation in high-demand areas or improve the user interface. We also may run limited trials or new features for some users and use data to evaluate their effectiveness.

Marketing and Promotional Communications: We may use your email or phone number to send you promotional messages or special offers about PikiPiki, but only if you have agreed to receive them. For example, we might send a newsletter with new feature announcements, or a discount code for a holiday promotion. You have the choice to opt out of marketing communications at any time (see “Your Rights and Choices” below), and we will not spam you or share your contact details with third-party advertisers. If you opt out, we will stop sending promotional messages, though you will still receive essential transactional messages (like ride receipts or account alerts).

Legal and Regulatory Compliance: Finally, we may use your personal data as necessary to comply with legal obligations or requirements. This includes using data to enforce our Terms of Service, to ensure compliance with relevant transportation or safety regulations, and to cooperate with lawful requests from authorities if we are required by law to provide information. For instance, we might retain invoice records for accounting/tax purposes, or use identity information to ensure drivers meet regulatory requirements. We will only use and disclose the minimum data necessary for such compliance or lawful purposes.

We will not use your personal data for purposes that are not disclosed in this Privacy Policy without notifying you and obtaining appropriate consent. We do not engage in any automated decision-making that produces legal or similarly significant effects on you without human review (for example, any account suspension or actions due to safety reports involve human evaluation).

Sharing of Data

We understand that your personal information is important, and we are careful about who gets access to it. We do not sell your personal data to third parties for their own marketing or profit. We only share your information in the following situations, and only to the extent necessary for the purposes described:

Between Riders and Drivers: When you participate in a ride, certain information is shared between the rider and the driver to facilitate the trip. For example, when a driver accepts a rider’s request, the rider will see the driver’s name, photo, vehicle details (like motorcycle plate number or description), and real-time location. Likewise, the driver will see the rider’s first name, pickup location, and destination (after starting the ride), and may be able to contact the rider via phone call or in-app communication. If a call is needed, we may either share the phone number (in a masked way) or use a system that connects calls without revealing phone numbers, if available. This exchange of information is crucial for coordinating pickups and drop-offs and ensuring both parties recognize each other. Riders and drivers are only allowed to use this information for the purpose of the ride – misuse of information (such as harassing someone after a ride) is strictly against our policies.

Service Providers and Partners: We employ trusted third-party companies and service providers to perform certain functions on our behalf, and we may share the necessary data with them to provide or improve our services. These include:

  • Payment Processors: We share relevant payment details with payment processing partners (such as mobile money operators or payment gateways) to execute transactions. For instance, if you choose to pay via mobile money, we’ll share the necessary data (your phone number or payment token and the transaction amount) with the mobile money service to charge your account. If you use a card, the token or encrypted payment info is sent securely to our card payment processor for authorization. These partners are bound to handle your data securely and only for purposes of processing payments.

  • Map and Navigation Services: PikiPiki uses mapping and geolocation providers (for example, Google Maps, Mapbox, or similar services) to provide maps, geocoding (translating addresses to coordinates), and navigation guidance. When you use the app, these mapping services may receive data such as your current location, the pickup and drop-off coordinates, and route information in order to display maps or calculate directions. This data sharing is typically handled through the software developer kit (SDK) of the map provider integrated in our app. Such providers are expected to handle location data per their privacy policies and are restricted from using it for purposes other than providing services to PikiPiki (for example, Google’s Maps SDK will use location only to show the map/route and not for other Google purposes, as per their terms).

  • SMS and Communication Providers: If our app sends SMS messages (such as OTP codes or ride status alerts) or facilitates phone calls between riders and drivers, we may use third-party SMS gateways or telephony providers. For example, to send an OTP SMS, we provide your phone number and message content to an SMS delivery service. Similarly, to mask phone numbers on calls, we might route the call through a telephony service. These providers may log the transaction (for instance, that a message was sent to your number or a call occurred) for delivery and auditing purposes. They are not permitted to use your phone number for their own marketing.

  • Analytics and Crash Reporting Services: We use third-party tools (such as Google Firebase Analytics, Crashlytics, or similar) to collect app usage analytics and crash reports. These services may receive device identifiers, usage logs, and crash data (as described in “Device and App Usage Data” above). This helps us understand app performance and user engagement, and to quickly find and fix crashes or bugs. The data shared with these analytics providers does not include your contact information but may include pseudonymous identifiers (like an App Instance ID) and event info. We ensure that such data is used only to provide insights to us and not for profiling or advertising to you.

  • Cloud Storage and IT Providers: PikiPiki may host data on cloud infrastructure or use cloud services (for example, servers or databases hosted by reputable providers like Amazon Web Services or Google Cloud). If your personal data is stored on or processed through these cloud systems, it is subject to strict security measures. Cloud service providers technically have access to stored data as part of maintaining the service, but they are not allowed to use or disclose it except as needed to maintain our services and comply with the law. We encrypt sensitive data where appropriate and ensure our cloud providers commit to confidentiality.

  • Other Business Partners: In the future, we may partner with other companies for additional services (for example, an insurance company for accident coverage, or a partner offering loyalty rewards). If such partnerships require sharing your data, we will update our policy and ensure data is only shared with your knowledge and as needed for the service. For instance, if riders are offered insurance coverage for each ride, we might share minimal data like trip details with the insurance provider to administer coverage. Any such partner would be contractually required to protect your data and use it only for the specified purpose.

  • Third-Party SDKs Compliance: All third-party software development kits (SDKs) integrated into our apps (including those for analytics, mapping, payment, etc.) are reviewed for compliance with Google’s policies and data protection standards. We only integrate SDKs from companies that adhere to strong privacy and security practices. These third parties act on our behalf to deliver specific functionalities and are obligated to process user data in accordance with this Privacy Policy, Google Play Developer Policy, and applicable privacy laws. We do not allow our third-party service providers to use your data for their independent marketing or purposes not authorized by PikiPiki.

Legal Compliance and Protection: We may disclose your personal information to third parties if we determine in good faith that such disclosure is required to (a) comply with applicable laws, regulations, legal processes, or enforceable governmental requests, (b) enforce our Terms of Service or other agreements, (c) detect or prevent fraud, security, or technical issues, or (d) protect the rights, property, or safety of PikiPiki, our users, or the public. For example, if law enforcement provides a lawful subpoena or court order requiring certain user data for an investigation, we may be legally obligated to provide it. In such cases, we will only provide the data specifically required by the request. Similarly, if a serious incident occurs (like an accident during a ride), we may share data with emergency responders or insurers as necessary and as permitted by law.

Business Transfers: If PikiPiki or its assets are involved in a merger, acquisition, investment, financing, or sale (e.g., if another company acquires us or we undergo a corporate reorganization), user information may be transferred to the successor or new owner as part of that transaction. If this happens, we will ensure that your personal data remains protected by this Privacy Policy (unless you’re notified otherwise and consent to a new policy). We will also notify users of any change in data ownership or control, providing an opportunity to discontinue using the service or delete data if they wish, subject to legal requirements.

With Your Consent: Apart from the cases above, we will seek your consent before sharing your personal data with any third party for purposes not covered by this policy. For instance, if we ever want to share your testimonial or user story on our website or marketing materials, we would ask for your permission. Or if you choose to link PikiPiki with a third-party service (for example, a loyalty program or a budgeting app that tracks your rides), we would share data only at your direction and with your consent.

Aggregated or De-Identified Data: We may also share information that has been aggregated (combined with data from many users) or anonymized (stripped of personally identifying characteristics) in a way that it can no longer be associated with you. For example, we might share statistics like total rides per month in Gulu, or average driver earnings, or general usage trends with business partners, researchers, or in public reports. This data does not identify any individual and is used for purposes such as business analysis, research, or marketing of our services (e.g., “X rides completed via PikiPiki this year”). There are no restrictions on using or sharing aggregated/non-personal information.

Rest assured, we never sell or rent your personal data to advertisers or other third parties. All third parties who process user data on our behalf are held to strict confidentiality and data protection obligations. If you have questions about specific third parties we work with, you can contact us for more information.

Third-Party Services and SDKs

As noted, PikiPiki uses third-party services and software components (SDKs) to power certain features of our apps. We want to be transparent about these and how they handle data:

Analytics & Crash Reporting SDKs: We incorporate tools such as Google Firebase Analytics/Crashlytics, which collect app usage data and crash reports. These tools help us understand app performance (e.g., which screens are most visited, how often the app crashes) and improve stability. Data sent to these services may include unique device or instance IDs, events (like “ride_requested”), and error logs. We ensure these partners do not use the data to personally identify you or for any purpose outside providing analytics to us. Google’s Firebase, for instance, adheres to Google’s user data privacy requirements and we configure it to anonymize IP addresses where feasible.

Mapping and Location SDKs: Our use of mapping SDKs (e.g., Google Maps SDK for Android) allows the app to display maps and navigation. When these SDKs are used, they may process location coordinates and map queries. We rely on these third parties to treat location information in line with their policies and Google’s location data guidelines. We do not send more data than necessary (for example, we don’t send your identity directly to Google Maps, only the location coordinates needed for map tiles or directions).

Payment SDKs: If we integrate an SDK for payment (for instance, an SDK provided by a mobile money aggregator or card payment provider), that SDK will handle sensitive financial data in a secure manner (e.g., by opening a secure page to enter a PIN or OTP for mobile money). These SDKs might collect device info or phone number to detect the mobile account, but they are governed by strict financial data protection rules (such as PCI-DSS for card processing) and by Google’s Play policies for financial apps.

Other SDKs: We may use additional SDKs for features like push notifications (to deliver real-time alerts to your device), in-app messaging/support chat, or social media integration (if you choose to share something from PikiPiki on a social network, for example). These SDKs will have access only to the data needed for their function (for example, push notification services get a device push token but not your personal info; support chat SDK may handle the messages you send to support).

Our Commitment: For every third-party SDK or service we use, PikiPiki:

  • Reviews the third party’s privacy and security practices to ensure they meet our standards.

  • Only integrates the SDK if it’s necessary for app functionality and value to our users.

  • Discloses the use of these SDKs and their purpose (as we have done above) in this Privacy Policy or within the app’s settings/consent dialogs.

  • Ensures that users are informed and consent is obtained for any SDK that processes sensitive personal data beyond what’s described (for example, if an SDK were to collect additional data, we would include it in our disclosures).

  • Requires the third-party providers to handle user data securely and lawfully, consistent with this Privacy Policy and any applicable regulations. If any data is shared with an SDK provider, it is under agreements that the data will only be used to provide the contracted service to PikiPiki and not for other purposes.

If in the future we significantly change the third-party services we use or start using a new type of data through an SDK, we will update this Privacy Policy and, if necessary, notify you or obtain additional consent.

Your Rights and Choices

We believe it’s important that you have control over your personal data. Subject to applicable law, you have several rights regarding the data we hold about you, as well as choices in how it is used. These include:

  • Right to Access: You have the right to request a copy of the personal data we have about you. We can confirm if we’re processing your data and provide you with a copy of the information in our records, typically free of charge. For example, you can ask for a summary of your account information, ride history, and any other personal info we maintain. We will provide this unless legal exceptions apply.

  • Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to correct it. You can update some information directly in the PikiPiki app (for instance, you can edit your profile details like name, email, phone number, or profile picture in the app’s account settings). For any information you cannot update yourself, you can contact us and we will assist in correcting or updating it. Keeping your data current helps us serve you better (for example, an updated phone number ensures you receive SMS alerts).

  • Right to Deletion (“Right to be Forgotten”): You have the right to request the deletion of your personal data. This means you can ask us to erase the information we have about you. The easiest way to do this is by deleting your account (see “Account Deletion” below for instructions on how to delete your PikiPiki account through the app or via email). When you delete your account, we will remove or anonymize your personal data so it no longer identifies you, except for data we are required or permitted to retain by law (see Data Retention). If you simply stop using PikiPiki without deleting your account, your data will be retained as long as you have an account with us (or as otherwise outlined under Data Retention).

  • Right to Withdraw Consent: In cases where we rely on your consent to collect or use data (such as for background location tracking or receiving marketing communications), you have the right to withdraw that consent at any time. For example, you can disable location permissions for PikiPiki in your device settings if you no longer want us to collect your GPS data; you can unsubscribe from marketing emails or opt out of promotional SMS if you previously consented to them. Withdrawing consent will stop the affected data collection or use going forward, but does not invalidate any processing done previously while consent was in effect. Note that if you withdraw certain consents (like location access), some features of the service may not work.

  • Right to Object to Processing: You have the right to object to certain types of data processing, especially if we are processing your data based on our legitimate interests. For instance, if you object to us using your data for direct marketing, we will honor that and stop such use. In other cases, if you object to processing (like for analytics or improvements), we will evaluate your request and see if we have compelling legitimate grounds to continue (or if data can be isolated).

  • Right to Restrict Processing: You can ask us to limit or “pause” the processing of your personal data in certain circumstances. For example, if you contest the accuracy of the data or have objected to processing, you can request restriction while we address your concern. While restricted, we will store your data securely and not use it (except for exempted purposes like legal compliance) until the issue is resolved.

  • Right to Data Portability: For data you provided to us and which we process by automated means based on your consent or to perform a contract, you have the right to request a copy in a structured, commonly used, machine-readable format (for example, a CSV or JSON file). This would allow you to take your data to another service if you wish. For example, you might want to export your ride history and ratings. Where feasible, if you request, we can also transmit this data directly to another service at your direction (provided it’s technically possible and secure to do so).

  • Right to Not Be Subject to Automated Decisions: PikiPiki does not currently make any purely automated decisions about you that have legal or significant effects (such as automated account banning without review). If that changes, you would have the right to contest such a decision and request human intervention.

  • Right to Information and Transparent Communication: You have the right to be informed in a clear and plain manner about how we handle your data – this Privacy Policy is part of fulfilling that right. If anything is unclear, you can ask us for more information.

In addition to the above rights, we strive to provide you with practical choices in how your data is handled:

Profile Management: Through the app, you can access and update your profile details at any time. Keeping your information up-to-date (especially contact info and payment methods) ensures you have uninterrupted access to the service.

Location Sharing: You can control location data collection. During installation or first use, PikiPiki will request permission to access your device’s location. You may choose “Allow only while using the app” or “Allow all the time” (background access), or deny access. If you initially allow background location but later change your mind, you can go to your device’s settings (under App Permissions > Location) and change PikiPiki’s permission to “Only while app is in use” or “Deny”. We will respect your setting. Be aware that denying or limiting location access will prevent you from ordering rides (as the service relies on location) or will disable features like background tracking (meaning your ride may not update if the app is not open). We will usually remind you in-app if a certain permission is necessary for a feature you’re trying to use, but the choice remains yours.

Notifications and Communications: You can opt out of marketing emails or SMS by using the “Unsubscribe” link in emails or replying “STOP” to promotional SMS as instructed. Transactional messages (like receipts or important service announcements) will still be sent as they are part of the service. For push notifications (in-app notifications on your device), you can typically control these via your phone’s notification settings for the PikiPiki app. For example, you might disable sound or banners. However, core notifications (like ride arrival alerts) are important for service functionality, so we recommend keeping them on.

Cookies and Website Tracking: If PikiPiki has a website that uses cookies or similar technologies, you will be informed via a banner or in the cookie policy, and you can set preferences. (This mainly applies if you visit our site; the mobile apps themselves don’t use cookies but may use local storage for similar purposes like keeping you logged in.)

Refusing Certain Data Collection: If you do not want certain data collected (like crash analytics), some platforms allow opting out (for example, on Android, you can opt out of sharing usage & diagnostics with app developers in your Google settings, which we honor for Firebase Crashlytics). If you have concerns about specific data collections, let us know and we can guide you if an opt-out mechanism exists.

To exercise any of your rights or make requests regarding your data, you can contact us at info@pikipiki.co or through the in-app help/support section. We may need to verify your identity (for your protection) before fulfilling certain requests, especially for data access or deletion, to ensure that we are dealing with the correct individual. We will respond to your request within a reasonable time frame and in accordance with applicable law. In Uganda, the law may allow us up to 30 days or more to respond to certain requests, but we aim to be faster if possible. If we cannot fulfill your request (due to legal reasons or others), we will explain why (for example, if you request deletion of data we are legally required to keep, we will inform you of that obligation).

Lastly, if you have any concerns or complaints about how we handle your data, we encourage you to contact us directly so we can address them. We take privacy seriously and will do our best to resolve any issue. If you are in Uganda and feel we have not adequately addressed your concern, you have the right to lodge a complaint with Uganda’s Personal Data Protection Office (PDPO) or other relevant supervisory authority.

Account Deletion

You have the flexibility to delete your PikiPiki account whenever you choose. We have made the account deletion process straightforward, in line with Google Play’s user data requirements, to ensure you can easily stop using our service and have your personal data removed.

In-App Account Deletion: The PikiPiki Rider and Driver apps both include an account deletion option within the app. Typically, you can find this in the Account Settings or Profile section of the app. (For example, it may be under “Privacy” or “Account” settings with a button labeled “Delete Account”.) When you initiate deletion in-app, we will ask you to confirm this action (for security, since it’s irreversible). Once confirmed, your account will be marked for deletion. We may sign you out immediately and begin the data deletion process described in the next section (Data Retention).

After confirming deletion, you will no longer be able to log into PikiPiki with that account. Your profile will be removed from the platform (so drivers cannot see a deleted rider and vice versa). If you are a driver, any upcoming rider requests will not be sent to you once your account is deleted. If you are a rider with a scheduled ride (if that feature exists), you should cancel those rides before deleting the account.

What gets deleted: All personal information associated with your account (name, contact info, profile photo, etc.), ride history, and any stored payment tokens will be deleted or anonymized in our main databases, except for data we must retain (see below). Other users will not see your information going forward. If someone searches for you (as a rider or driver) in our system after deletion, you will not be found. Ratings or feedback you provided may remain in aggregate (for example, a driver’s average rating isn’t recalculated because one rider deleted their account), but it will no longer be linked to you personally.

Account Deletion via Email: If for some reason you cannot access the app to delete your account (e.g., perhaps your phone was lost or you uninstalled the app), you can still request deletion by contacting us. Send an email to info@pikipiki.co from the email address associated with your PikiPiki account (or include a phone number associated with your account, if email wasn’t set). Use a subject like “Account Deletion Request” and include your identifying details so we can verify your identity. We may reply to confirm the request and possibly ask some verification questions (to ensure the rightful owner is requesting deletion). Once verified, we will process the deletion of your account and send you a confirmation when it’s completed.

No Website Deletion Option (Currently): Please note that at this time, we do not have a web-based self-service deletion portal. The primary ways to delete your account are through the mobile app or by contacting us via email as described. We apologize for any inconvenience; we aim to make deletion as accessible as possible. In future, if we introduce a web deletion option, we will update this policy and our user guidance accordingly.

Important Considerations When Deleting:

  • If you have any outstanding issues on your account (for example, an unpaid balance or an ongoing dispute), we encourage you to resolve that before deletion. Deleting your account will not automatically cancel any pending payments you owe or disputes in progress, although once data is deleted, it may be difficult to investigate or address issues.

  • Account deletion is permanent. If you change your mind after initiating deletion, you might have a short window to contact us to attempt cancellation of the deletion (we cannot guarantee this, as we try to process deletions quickly). Otherwise, you would have to create a new account to use PikiPiki again, and your prior data (rides, ratings, credits, etc.) would not be recoverable.

  • When you delete your account, PikiPiki will delete your personal data as described in the next section, usually within a reasonable time frame. However, as noted, we may retain certain minimal information if required for legal, fraud-prevention, or safety reasons. For example, if you were involved in a serious safety incident, we might retain a record to prevent duplicate accounts or for legal defense. Or we may keep transaction records as required by financial regulations. But such data will no longer be linked to an active account and will be kept only for the prescribed period before being permanently deleted.

  • If you are a driver, deleting your account will disable your access to the Driver app and you will not be able to accept rides. Any earnings not yet paid out will be handled according to our driver terms (we might reach out to settle any final payments). Ensure you’ve withdrawn any balance or contacted support about final payouts prior to deletion to avoid delays.

  • We are committed to complying with users’ deletion requests promptly. Under normal circumstances, when you request deletion (either in-app or via email), we will confirm and begin processing it as soon as possible. You should receive a confirmation of deletion once completed (especially if done via email, we will reply; in-app, you may see a confirmation message upon deletion).

  • If you have any issues deleting your account or feel that your request was not honored, please contact us so we can resolve it. Google Play also requires that apps honor deletion requests – we take this seriously and will make sure your data is removed according to our policy and obligations.

Data Retention

We retain personal data only for as long as it is necessary to fulfill the purposes described in this Privacy Policy, or as required by law. The length of time we keep specific types of data may vary based on the nature of the data and the reasons we need it. Below is an overview of our data retention practices:

Active Account Data: If you have an active PikiPiki account, we will retain your data for as long as you are using the service. This allows us to provide you with your ride history, maintain your preferences, and comply with our legal and contractual obligations to you (for example, providing receipts, supporting warranties, etc.). Even if you take a break from using PikiPiki, we generally keep your account data unless you delete your account or we decide to remove inactive accounts after a long period.

Upon Account Deletion: When you delete your account, we aim to promptly delete or anonymize your personal data from our production systems. This includes your profile information, contact details, saved payment tokens, and ride history linked to you. In practical terms, after a deletion request, we put your data in a queue for removal. Many data points (name, email, etc.) are erased within a short time (often immediately or within a few days). Some of your data might remain in secure backups for a short period until those backups cycle out – we have retention limits on backups and use them only for disaster recovery. We do not actively use backup data unless needed for restoration, and when backups expire, that data is deleted permanently.

Data We May Retain After Deletion: There are certain circumstances where we may keep some information even after account deletion, strictly for legal or necessary reasons:

  • Legal Obligations: We might retain data to comply with laws or regulations. For example, financial and transaction records might need to be kept for a minimum period for tax or accounting purposes (in Uganda or applicable jurisdictions, this could be several years). If you’ve made payments, we may keep invoices or receipts as required by financial regulations. Similarly, if there’s an investigation by authorities, we may retain relevant data as required by law.

  • Fraud Prevention: To protect our platform and users, we may retain information necessary to detect and prevent fraud or abuse. For instance, if an account was terminated for fraud, we might keep a hash of the email or a device ID in a “do not allow” list to prevent the same bad actor from creating new accounts. This is done to protect the safety and integrity of our service. Such data will not be used for any other purpose and will be kept only as long as necessary (e.g., the lifetime of the platform or until the risk subsides).

  • Safety and Incident Records: If you were involved in a serious safety incident or violation of our terms, we may preserve some data about the case. For example, if we banned a driver or rider for dangerous behavior, we would keep a record of that incident (date, nature of incident, involved user identifiers) to defend our decision and to avoid re-onboarding the individual. Also, if we had to report an incident to law enforcement, we would retain the information we provided. This is both for legal protection and to enhance the safety of the community.

  • Dispute Resolution: If you have an open dispute or issue at the time of deletion (for example, you reported an accident or requested a refund that’s still being processed), we may retain the relevant information until the dispute is resolved. We want to ensure we can address lingering issues even if the account is gone. After resolution, that data would then be deleted if not needed further.

  • Aggregated/Anonymized Data: As mentioned, we might derive aggregate insights from your data (such as total rides or average ratings). These aggregate statistics do not personally identify you, and we may retain them indefinitely for analytical purposes, even after your account is deleted, since they are not linked to you as an individual.

In all the above cases, any data retained will be limited to what is necessary. We apply the principle of data minimization, meaning we strive to keep the least amount of data required for the shortest time possible. For example, if we need to keep transaction records for 5 years by law, we will keep them securely for that period and then delete them. If we keep an incident report, we might strip it of extraneous personal info and just store key identifiers or facts needed for reference.

Once the retention period for any retained data expires, or once we determine that the data is no longer needed for the stated purpose (whichever comes sooner), we will delete or permanently anonymize that data. Anonymization means modifying the data such that it can no longer be linked to you (for example, hashing identifiers, aggregating numeric values, etc.).

Uninstalling the App vs. Deletion: Please note, if you simply uninstall the PikiPiki app from your device without deleting your account, your account and data remain intact on our servers. Uninstalling does not trigger deletion. Your data will still be retained as per our normal retention policy for active accounts. If you want your data removed, please follow the account deletion steps above.

Inactivity Policy: If your account is completely inactive for an extended period (e.g., a few years of no logins or rides), we may reach out to confirm if you still want to keep it. If we receive no response, in some cases we might delete or anonymize the account due to inactivity, but we currently do not have a fixed timeframe for auto-deletion of inactive accounts. We will update you if such a policy is implemented.

Security of Your Data

Protecting your personal data is a top priority for us. We implement a variety of technical, administrative, and physical security measures to safeguard your information against unauthorized access, alteration, disclosure, or destruction. Here are some of the key security practices in place:

Encryption: We use encryption to protect sensitive data. All communication between the PikiPiki app and our servers is transmitted over secure channels using HTTPS (TLS encryption). This means that personal data like your login credentials, location, and any other details you send or receive through the app are encrypted in transit and cannot be easily intercepted by third parties. For certain sensitive information (such as passwords and payment details), we also apply encryption or hashing before storing it on our servers. For example, your account password is stored in a hashed form (not in plain text) — even our own staff cannot read it, and it’s only used to verify your login. Payment tokens/IDs stored for mobile money or card transactions are also handled securely according to industry standards.

Access Controls: Our company restricts access to personal data strictly to employees, contractors, and agents who need to know that information in order to process it for us. For instance, our customer support agents can access your account details and trip information when you contact them for help, but they do not have access to more sensitive data like your password or full payment information. We implement role-based access controls and ensure each authorized person is under confidentiality obligations. We also regularly review permissions to ensure that access is still needed and appropriate.

Secure Infrastructure: PikiPiki uses reputable cloud service providers and data centers with strong security track records. Our servers employ firewalls, intrusion detection systems, and other safeguards to protect against external attacks. Data is regularly backed up in secure facilities to ensure availability. When we store data in the cloud, we rely on providers that have high security standards (like ISO 27001 certification or similar) and we configure our instances securely (using encryption at rest, network isolation, etc.). Physical access to servers is controlled by the cloud providers, who have robust security at data center locations (guards, surveillance, biometric access controls, etc.).

Monitoring and Testing: We continuously monitor our systems for potential vulnerabilities and attacks. Software is kept up to date with security patches. We may conduct periodic security audits and penetration tests (using internal tools or third-party experts) to identify and fix potential weaknesses in our apps or backend systems. Any findings are prioritized and remedied as soon as possible. We also utilize secure coding practices in our development cycle to minimize bugs that could lead to security issues.

Data Minimization: As mentioned in Data Retention, we try not to collect or store more personal data than we need. By minimizing the data we have, we reduce the risk exposure. For example, since we don’t store full payment card numbers, a breach of our system would not expose that information. Also, we anonymize or delete data when it’s no longer necessary, so older data doesn’t linger unnecessarily.

Third-Party Security: When we work with third-party processors (as detailed earlier), we vet their security practices. We sign data processing agreements requiring them to protect your data to high standards. For instance, our payment processors are required to comply with PCI-DSS for handling card information. Our agreements with service providers include clauses on data security and breach notification to us if something were to go wrong on their side.

User Security Measures: We also encourage you to take some actions to protect your own data:

  • Authentication: Choose a strong, unique password for your PikiPiki account and do not share it. We recommend not using the same password as for other services. We never ask you for your password via email or phone. If you suspect someone else has access to your account, change your password immediately and contact us.

  • OTP and Verification: If we send you an OTP or verification code, do not share it with others. Our staff will never ask you for an OTP code over the phone. Those codes should only be entered in the app.

  • Device Security: Ensure your device is protected (with a PIN, fingerprint, etc.) and keep your operating system updated. Be cautious of installing apps or software from unknown sources that could compromise device security. Log out of the app or lock your device if you let someone else use your phone.

  • Phishing Awareness: Be wary of unsolicited communications that appear to come from PikiPiki asking for personal info. Always verify if the communication is legitimate (for example, emails from us would come from an official @pikipiki.co address). When in doubt, contact us directly through official channels.

  • Incident Response: Despite all our efforts, no system is completely foolproof. In the event of a data breach or security incident that affects your personal data, we will act promptly to contain and investigate the issue. We have an incident response plan in place. If a breach poses a significant risk to your rights or privacy, we will notify you and the appropriate authorities (such as the PDPO in Uganda, if applicable) as required by law. We will let you know what happened, the data involved, and the steps we are taking to remediate the issue and prevent future occurrences. We may also provide you guidance on how to protect yourself, if relevant (for example, if passwords were affected, we’ll prompt you to change them).

Our goal is to give you peace of mind that your data is safe with PikiPiki. We continually review and enhance our security practices to adapt to new threats and technologies. However, it’s important to recognize that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. By using PikiPiki, you acknowledge and accept that risk. We promise to do our utmost to guard your data and to be transparent with you regarding its security.

If you have specific questions about our security measures or if you suspect any vulnerabilities, please contact us at our provided contact information. Your input helps us keep PikiPiki secure.

Children’s Privacy

PikiPiki’s services are not directed to children under the age of 18. Our platform is intended for adult users (e.g., riders who can enter legal agreements and drivers who meet the legal age and licensing requirements). We do not knowingly collect personal data from anyone under 18 years of age.

For Riders: If you are under 18, you should not create an account or use the PikiPiki Rider app without involvement of a parent or guardian. We understand that minors may ride as passengers on a motorcycle (e.g., as part of a family ride), but the account through which a ride is booked should be managed by an adult. If we discover that we have collected personal information from a person under 18 without proper consent, we will take steps to delete that information promptly.

For Drivers: Drivers must meet certain age (and licensing) criteria to use the PikiPiki Driver app (typically 18 or older, given Uganda’s laws for boda-boda riders). We do not allow underage individuals to register as drivers. If a person is found to be underage, their account will be terminated, and any data collected from them will be removed.

Parental Responsibility: Parents or guardians who believe that their child (under 18) may have provided us personal information or is using our service improperly should contact us immediately. We will work with you to investigate and remove any such data and account.

Exception – Educational or Promotional Events: Occasionally, PikiPiki might engage in community events or safety campaigns that involve minors (for example, road safety workshops at a school). In those contexts, we might collect minimal information (like photos or first names) but always with explicit permission from a parent or guardian and in compliance with applicable laws. Such information would not be tied to a ride account and would be used only for the limited purpose (e.g., posting a workshop photo on social media with consent).

By using PikiPiki, you affirm that you are at least 18 years old or using the service under the supervision and consent of a parent/guardian (in which case the adult is the actual account holder). We are committed to protecting children’s privacy and will never knowingly exploit or handle children’s data inappropriately.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time as our services evolve, or as laws and regulations require. If we make any material changes to how we collect, use, or share your personal information, we will notify you by appropriate means. This may include:

  • Posting a prominent notice in our apps (for example, a pop-up notification or banner) informing you of the change.

  • Updating the “Effective Date” at the top of the policy.

  • In some cases, we might send an email to the address on your account or a text message, especially if you need to be aware of the changes before continuing to use the service.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of PikiPiki after any changes to this Privacy Policy constitutes your acceptance of those changes, provided that if the changes are substantial and retroactive (which is unlikely), we would seek your consent where required.

If you do not agree with a change in the policy, you have the choice to stop using our services and request account deletion. We will always indicate the date of the latest revision so you know if it has been updated since your last read.

Some of the reasons we might update this policy include:

  • Changes in our business practices or features (e.g., if we introduce a new feature that affects personal data, like a new communication tool or partnership, we’ll update the policy to reflect that).

  • Changes in legal requirements (e.g., if new privacy legislation comes into effect in Uganda or if we choose to comply with new international standards, we’ll adjust our practices and policy accordingly).

  • Feedback from users or other stakeholders (e.g., if something in the policy is unclear and we receive questions, we might clarify that section in the next update).

  • As part of the annual review – it’s a good practice for us to revisit the policy regularly to ensure it’s accurate and comprehensive.

We will keep older versions of this Privacy Policy available (for example, we may archive them or provide a “Last Updated” history note) so you can see how it has changed over time.

Contact Us

Your privacy is important to us, and we welcome any questions or concerns you might have about this Privacy Policy or our data practices. If you need to contact us for any reason (to exercise your rights, for clarifications, or to raise a concern), please reach out through any of the following channels:

  • Email: You can email our team at info@pikipiki.co. This is our primary contact for privacy inquiries, and we monitor this email regularly. Please include a clear subject line (e.g., “Privacy Inquiry” or “Data Request”) and describe your question or request in detail. If you are contacting us to exercise a specific right (like accessing or deleting your data), you may need to provide information to verify your identity (such as the phone number or email associated with your account). We will respond as promptly as we can, typically within a few business days.

  • Telephone: (If available) At this time, we primarily handle privacy matters via written correspondence (email) to ensure proper documentation and security. If we establish a dedicated phone line for privacy or support, we will provide the number here in a future update. For now, you may reach customer service through the app for general inquiries, but for formal privacy requests we prefer email to info@pikipiki.co for tracking and accuracy.

  • Postal Mail: If you wish to send us a written letter, you can reach us at the address below. (Please note that response times for physical mail will be slower, and we recommend email for urgent matters.)

    Vlaux Artificial Intelligence
    Attn: Privacy Officer/Team
    Q8C5+772, Opp. Pece Stadium Venue
    Gulu, Uganda

  • In-App Support: The PikiPiki app may offer a help or chat feature. You can use that to ask questions, and if it’s a privacy-specific question, the support team will route it to the appropriate personnel. However, for exercising legal rights or obtaining copies of your data, we might still direct you to send an email for verification purposes.

  • Data Protection Officer: Given our current size, we may not have a formally designated Data Protection Officer (DPO) yet. If we appoint one or register with the Personal Data Protection Office (PDPO) in Uganda, we will include their contact information here. For now, our privacy team at Vlaux Artificial Intelligence handles data protection compliance collaboratively.

We are Vlaux Artificial Intelligence, a company registered in Uganda. We take full responsibility for the processing of personal data in connection with our services. If you have any issues regarding data protection, please contact us and we will do our best to address them.

If you’re contacting us from outside Uganda (in case our service expands or you’re using it while traveling), please note this Privacy Policy is focused on users in Uganda, but we will still try to accommodate any privacy inquiries according to applicable laws.

Finally, if you feel that we have not adequately resolved your privacy concern, and you are in a jurisdiction with a data protection authority, you have the right to contact that authority. In Uganda, that would be the Personal Data Protection Office (PDPO). We sincerely hope it never comes to that, and we are committed to working with you directly to resolve any issues fairly and transparently.

Thank you for taking the time to read our Privacy Policy. We aim to protect your data and use it responsibly to provide a safe and efficient ride-hailing service. By using PikiPiki, you place your trust in us, and we will work hard to uphold that trust. If you have any questions or suggestions about privacy or any other aspect of our service, please don’t hesitate to get in touch. Safe rides!

Please feel free to save or download this Privacy Policy for your records. If you need it as a file, you can copy the entire text and save it as a document (for example, a .txt or .docx file). The content above is the full and latest Privacy Policy for PikiPiki