Overview
This Privacy Policy applies to MsosiExpress ("we," "our," or "us"), a food and goods delivery platform serving the United Republic of Tanzania. This Policy describes how we collect, use, store, share, and protect personal information when you use our website at msosiexpress.co.tz, our iOS and Android mobile applications, and all related services.
By using the MsosiExpress Platform, you acknowledge that you have read and understood this Privacy Policy. This Policy is incorporated into and forms part of our Terms and Conditions.
We operate in compliance with the Tanzania Personal Data Protection Act, 2022 and other applicable data protection regulations.
Scope: This Policy applies to all users of the Platform including registered customers, guest customers, merchant partners, delivery riders, and visitors to our website.
Information We Collect
We collect information you provide directly, information generated through your use of the Platform, and in some cases, information from third-party sources.
| Category | Data Collected | Required? |
|---|---|---|
| Account Information | Full name, phone number, email address, password (hashed) | Yes β Registration |
| Guest Information | Name, phone number, optional email for order tracking | Yes β Guest Orders |
| Location Data | Delivery addresses, GPS coordinates, saved locations | Yes β Delivery |
| Order Data | Items ordered, merchant, payment method, timestamps, order history | Automatic |
| Device Information | Device type, OS version, app version, device tokens for push notifications | Automatic |
| Usage Data | Pages visited, features used, session duration, click patterns | Automatic |
| Payment Data | Payment method type, transaction reference (no card numbers stored) | Yes β Payments |
| Communications | Messages sent via in-app chat, support ticket content | When used |
How We Use Your Information
We use the information we collect exclusively to provide, improve, and secure our services. We process your data only when we have a lawful basis to do so.
- Order fulfillment: Processing your orders, communicating order status, coordinating delivery, and generating delivery confirmation PINs
- Account management: Creating and maintaining your account, authenticating your identity, and managing preferences
- Delivery coordination: Sharing necessary delivery details with riders including your name, delivery address, and phone number
- Payment processing: Facilitating transactions and maintaining payment records for compliance purposes
- Customer support: Responding to inquiries, resolving disputes, and improving service quality
- Platform improvement: Analysing usage patterns to enhance features, fix bugs, and personalise your experience
- Safety & security: Detecting fraud, preventing abuse, and protecting all users on the Platform
- Legal compliance: Meeting our obligations under Tanzanian law including tax, consumer protection, and data protection regulations
- Notifications: Sending order updates, promotional offers (with consent), and important service announcements
Lawful Basis: We process your data based on contract performance (to fulfil your orders), legitimate interests (to improve our services), legal obligations (compliance), and consent (for marketing communications which you may withdraw at any time).
Location Data
Location data is essential to our core delivery service. We handle it with particular care.
- Delivery addresses: The addresses you enter for delivery are stored and associated with your account for convenience. You can manage or delete saved addresses at any time in your account settings.
- GPS coordinates: When you use our "Use my current location" feature, we access your device's GPS to determine your location. This requires your explicit permission.
- Rider location: Active delivery riders' locations are tracked during deliveries to enable real-time navigation and estimated arrival times. This tracking is limited to active delivery periods.
- Guest users: Guest location data is stored only in your browser session and is cleared when you close the application.
Your Control: You can revoke location permissions at any time through your device settings. Note that disabling location access may limit certain features such as automatic address detection and real-time delivery tracking.
Data Retention
We retain your personal information only for as long as necessary to provide our services and meet our legal obligations.
- Active account data: Retained for the duration of your account and up to 3 years after account closure
- Order history: Retained for 7 years for financial compliance and dispute resolution purposes
- Guest order data: Retained for 2 years for dispute resolution and legal compliance
- Communication logs: Retained for 2 years for quality assurance and dispute resolution
- Analytics data: Aggregated and anonymised data may be retained indefinitely
- Legal hold: Data subject to legal proceedings may be retained beyond standard periods until resolution
When your data is no longer required, it is securely deleted or anonymised in accordance with our data deletion procedures.
Data Security
We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, and destruction.
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
- Password security: Passwords are hashed using strong one-way algorithms and are never stored in plain text
- Access controls: Strict role-based access controls limit employee access to personal data to only those with a legitimate need
- Session management: Sessions are secured with unique tokens and automatically expire after periods of inactivity
- Infrastructure security: Our servers are hosted in secure data centres with physical and network security controls
- Regular monitoring: We monitor our systems for unusual activity and potential security threats
Security Incident: In the event of a data breach that may affect your rights, we will notify you and the relevant Tanzanian authorities in accordance with the Personal Data Protection Act, 2022 within the required timeframe.
Your Rights
Under the Tanzania Personal Data Protection Act, 2022 and applicable law, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@msosiexpress.co.tz. We will respond within 30 days. Some rights may be limited where we have legitimate legal grounds to retain or process your data.
Children's Privacy
MsosiExpress is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. Our Platform requires users to confirm they are 18 years or older during registration.
If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information from our systems. If you believe a child has provided us with personal information, please contact us at privacy@msosiexpress.co.tz.
Third-Party Services
We integrate with trusted third-party services to deliver our Platform. These services have access to limited data necessary to perform their functions.
- Google Maps Platform: Used for location search, address autocomplete, and map display. Subject to Google's Privacy Policy
- Push Notification Services: Used to send order status updates to your mobile device via Expo/Firebase Cloud Messaging
- Payment Gateways: Mobile money providers (M-Pesa, Tigopesa, Airtel Money) for payment processing, each subject to their own privacy policies
- Analytics Services: We may use analytics tools to understand Platform usage patterns using anonymised, aggregated data
- Cloud Infrastructure: Our Platform is hosted on secure cloud infrastructure. Data is processed in accordance with applicable data protection standards
Note: Our Platform may contain links to external websites or services. We are not responsible for the privacy practices of those external services and encourage you to review their privacy policies.
Data Transfers
Your data is primarily processed and stored within Tanzania. In limited circumstances, data may be processed by third-party service providers operating outside Tanzania, such as cloud infrastructure providers and analytics services.
When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Transfers only to countries with adequate data protection laws
- Contractual data protection clauses with receiving parties
- Technical safeguards including encryption and access controls
By using our Platform, you consent to the transfer of your data as described in this Policy.
Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Post a prominent notice on our Platform
- Send you a notification via email or push notification for significant changes
Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please reach out to us.
We aim to respond to all privacy-related requests within 14 business days. For urgent matters, please indicate the urgency in your subject line.