Riley CourierTransport Management

Privacy Policy

Last updated: 19 May 2026

This policy explains what personal information Riley Courier Ltd ("Riley", "we", "us") collects when you use our transport management system (TMS), driver mobile app, partner portal and customer portal, how we use it, and the choices you have. We are based in Nairobi, Kenya and process your data in accordance with the Data Protection Act, 2019.

1. Who this policy applies to

This policy applies to everyone who uses our products, including:

2. Information we collect

2.1 Account information

2.2 Location information (Riley TMS Driver app only)

The driver app collects precise and approximate location data while the app is running, including while it is in the background, in order to:

The app shows a persistent foreground notification ("Tracking location") whenever location tracking is active, so it is always clear when the service is running. You can revoke the location permission at any time in your device's Settings → Apps → Riley TMS Driver → Permissions; the app will stop sending location updates immediately, although some app features will no longer work.

2.3 Operational data

2.4 Device and technical information

2.5 Information we do not collect

We do not knowingly collect data from children under 18. We do not access your contacts, SMS, microphone or accelerometer. We do not use advertising identifiers and we do not run third-party advertising SDKs in any of our apps.

3. How we use your information

PurposeLegal basis (Kenya DPA 2019)
Operate the dispatch, delivery, tracking and settlement workflow.Performance of a contract.
Send transactional emails and push notifications about trips, payments and account actions.Performance of a contract.
Authenticate you and protect your account (audit logs, login alerts, failed-login throttling).Legitimate interest in security.
Comply with tax, accounting and customer-service obligations.Legal obligation.
Diagnose and fix crashes and bugs via Sentry error reports.Legitimate interest in product quality.

4. Who we share information with

We do not sell your personal information. We share data only with:

5. Data retention

We keep operational records (orders, trips, settlements, invoices) for as long as the business relationship is active, and afterwards for the period required by Kenyan tax and commercial-records law (currently 7 years for accounting records). Location pings older than the retention period are aggregated or deleted. Audit log entries are retained for at least 12 months for security purposes.

6. Security

7. Your rights

Under the Kenya Data Protection Act, 2019 you have the right to:

To exercise any of these rights, contact us using the details below. We aim to respond within 30 days.

8. International transfers

Our hosting is in the European Union (Frankfurt) and our service providers operate in the European Union and the United States. Where data is transferred outside Kenya, those providers are bound by the safeguards required by their respective data-protection regimes (GDPR, etc.) and by data-processing agreements with us.

9. Children

Our services are not directed at children under 18 and we do not knowingly collect data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced inside the apps and on this page. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Riley Courier Ltd
Nairobi, Kenya
Privacy enquiries: [email protected]
General contact: [email protected]