Mwenzako Mwenzako
  • Find a ride
  • Offer a ride Sign in
Privacy

Privacy and Data Protection Policy

This policy explains how Mwenzako collects, uses, stores, shares, protects, and otherwise processes personal data when you use our platform and related services.

Version applicable from 18 March 2026
Data controller: Maraton Profii Limited
Terms & Conditions Privacy Policy Cookies Policy

Terms & Conditions | Privacy Policy | Cookies Policy

Version applicable from 18 March 2026

1. General

Maraton Profii Limited, trading as Mwenzako, places significant importance on the protection of your privacy and the fair handling of your personal information.

Mwenzako operates a digital mobility platform accessible through our website and, where applicable, mobile or similar interfaces (the “Platform”). The Platform is intended, among other things:

  • to connect drivers travelling to a destination with passengers heading in the same direction so that travel costs may be shared;
  • to allow users to search, view, and book seats on bus trips or other transport options listed on the Platform;
  • to support trip publication, account management, booking administration, ratings, reviews, and related communications.

For the purposes of this Privacy Policy, “Mwenzako”, “we”, “us”, and “our” refer to Maraton Profii Limited.

Mwenzako acts as a data controller for the personal data collected, used, stored, disclosed, or otherwise processed through the Platform for the purposes described in this policy.

Where you purchase or reserve a transport service that is operated by a third-party transport provider, some of your personal data may also be shared with that provider so that the requested service can be delivered. In those situations, the relevant transport operator may act as a separate data controller for its own service.

If the Platform later offers products or services distributed by third parties, such as insurance, financing, rentals, or similar partner services, the relevant partner may also act as a separate controller for the processing it performs for its own purposes.

This Privacy Policy, together with our Terms & Conditions and Cookies Policy, explains how we process personal data that you provide to us directly or that we collect when you use the Platform. We encourage you to read this document carefully.

Company contact details:
Maraton Profii Limited / Mwenzako
Email: Vakha971@gmail.com

2. Information we collect

We may collect, receive, store, and process the categories of data described below.

2.1 Information you provide directly

When you use our Platform, you may provide information that identifies you directly or indirectly, or that identifies other passengers for whom you make a reservation (“Personal Data”). This may occur when you complete forms, register for an account, publish or book a trip, contact us, participate in promotions, surveys, or support interactions, or report a problem.

Depending on the service you use, this data may include:

  • 2.1.1 Registration and service data: information required to create an account and provide the service, such as your first name, last name, phone number, email address, city, date of birth where requested, password or authentication credentials, and other mandatory registration details. If you do not provide required information, we may be unable to create your account, allow you to book a seat, publish a trip, or provide certain services.
  • 2.1.2 Profile information: profile photo, biography, gender where voluntarily provided, language preferences, and other details you choose to add to your profile.
  • 2.1.3 Address and contact information: postal address, phone number, email address, and other contact details you choose or need to provide.
  • 2.1.4 Vehicle and trip publication data: vehicle make, model, type, colour, number plate, seat count, route details, departure and arrival points, intermediate stops, date and time, price per seat, trip preferences, notes, and availability.
  • 2.1.5 Booking and participation details: records of bookings made, booking requests submitted, booking status, traveller counts, special trip notes, and related operational information.
  • 2.1.6 Passenger details: where you book on behalf of another person, the identity and trip-related data necessary for that traveller to participate.
  • 2.1.7 Communications and correspondence: copies of written exchanges with Mwenzako, support messages, complaint details, platform messages where relevant, and records of customer service interactions. Where we use phone support or other live support channels, calls may be recorded, listened to, or reviewed for training, safety, fraud prevention, or quality purposes.
  • 2.1.8 Transaction and payment-related information: payment references, booking amounts, refund data, billing information, limited payment metadata, bank or wallet details where relevant to payouts, and other accounting or financial records connected to Platform transactions. Full payment card information should normally be handled by compliant payment providers rather than stored directly by us, except where a permitted tokenized or consent-based feature is used.
  • 2.1.9 Ratings, reviews, surveys, and questionnaire data: reviews you leave, ratings received or given, feedback, poll responses, product test participation, and survey answers.
  • 2.1.10 Problem reports and support information: the subject of your support request, issue description, evidence you submit, or other information needed to investigate a problem.
  • 2.1.11 Location-related information you provide: trip origin, destination, pickup points, nearby route searches, or location details you choose to share when searching for or publishing trips.
  • 2.1.12 Identity and verification data: copies of identification documents or similar materials, such as a passport, driving licence, national ID card, or other document you agree to provide for profile verification, fraud prevention, trust and safety, or legal compliance.
  • 2.1.13 Insurance or partner-service data: if insurance or a similar third-party product is made available through the Platform, we may process data relating to subscription requests, eligibility, waivers, declarations, claims support, or contract administration to the extent necessary.

2.2 Data collected automatically

When you use the Platform, we may automatically collect certain technical, usage, and activity information.

  • 2.2.1 Social authentication and connected services data: if we offer sign-in or linked features through a third-party social or identity platform, we may receive limited information from that provider, such as your name, email address, or profile picture, in accordance with the provider’s own rules and permissions.
  • 2.2.2 Device, browser, and connection data: IP address, browser type and version, operating system, device type, plug-ins, log-in data, session information, referral data, navigation path across pages, content viewed, search terms, errors encountered, duration of visits, advertising identifier where applicable, and user interaction metrics.
  • 2.2.3 Activity and platform usage data: number of trips published, number of bookings, response rates, registration date, ratings averages, support interactions, and similar account performance indicators. Some of this information may be visible on your public profile if the relevant feature exists.
  • 2.2.4 Cookies and similar technologies: we may use cookies, local storage, pixels, tags, scripts, and similar tools for authentication, security, analytics, remembering preferences, and where applicable, performance or marketing measurement. More details are available in our Cookies Policy.
  • 2.2.5 Partner-derived information: where relevant, we may receive information from payment partners, insurance partners, fraud prevention tools, or identity verification services relating to your eligibility, risk profile, compliance checks, or subscription status.

2.3 How long we keep your data

We keep personal data only for as long as needed for the purposes for which it was collected, unless a longer period is required or justified by law, regulatory obligations, security concerns, fraud prevention, dispute management, or the enforcement of our rights.

In general, the following retention principles apply:

  • 2.3.1 Standard account and profile data: personal data may be archived up to 5 years after your last meaningful use of the Platform if you do not close your account.
  • 2.3.2 Closed accounts: data is generally deleted or anonymised around 30 days after account closure, except where a negative report, fraud concern, dispute, or legal requirement justifies longer retention. In some cases, data may be retained for up to 2 years after closure where necessary for trust and safety.
  • 2.3.3 Financial and accounting records: payments, reimbursements, invoices, booking accounting records, and related documentation may be retained for the period required by tax, audit, and accounting laws, which may extend up to 10 years.
  • 2.3.4 Insurance- or partner-service records: where insurance or similar products are involved, data may be retained for the duration of the contract and any additional period necessary for claims handling, compliance, or dispute resolution.
  • 2.3.5 User-generated content: ratings, reviews, and similar content may remain visible in anonymised or partially anonymised form after direct identifiers are removed.
  • 2.3.6 Technical logs: system logs, security logs, and related technical records are generally retained for up to 12 months, unless longer retention is needed for investigations or security purposes.
  • 2.3.7 Support calls and related analysis: call recordings, where used, may be retained for a short period such as up to 1 month, while related internal analysis records may be kept for longer where justified.
  • 2.3.8 Identity verification and fraud detection data: such data may be kept for around 1 year or longer where law, ongoing investigations, or trust and safety needs require it.
  • 2.3.9 Suspended or blocked accounts: where an account is suspended or blocked for breach, fraud, abuse, or safety reasons, data may be retained for 2 or 10 years depending on the seriousness of the issue and the need to prevent circumvention of platform rules.
  • 2.3.10 Archival retention for legal defence: in some situations, limited data may be kept in archive form for up to 5 additional years in order to comply with legal obligations or defend legal claims.

3. How we use the data we collect

We carry out different forms of processing involving your personal data. The main purposes and the typical legal bases for those activities are set out below.

Purpose Legal basis
2.1 Create and manage your account, provide access to the Platform, and deliver the services you request. Performance of our contract with you.
2.2 Enable you to publish trips, search routes, book seats, manage bookings, and participate in trips. Performance of our contract with you.
2.3 Process payments, refunds, credits, and payout-related operations via our payment flows or service providers. Performance of our contract and compliance with legal obligations.
2.4 Allow you to save certain payment preferences or payment methods for later transactions where this feature is offered. Consent.
2.5 Enable profile personalisation, profile photographs, biography information, and user preferences. Consent and/or performance of contract.
2.6 Support communication and coordination between drivers, passengers, and, where relevant, transport operators. Performance of our contract.
2.7 Enable location-based or interactive features such as nearby trip search or route publishing assistance. Performance of our contract and, where required, consent.
2.8 Give you access to customer support and respond to questions, complaints, incidents, and service issues. Performance of our contract, legitimate interests, and where relevant legal claims handling.
2.9 Improve support quality, review customer service interactions, and train support teams. Legitimate interests.
2.10 Detect, prevent, and respond to fraud, abuse, fake accounts, safety incidents, fee circumvention, and breaches of our Terms or policies. Legitimate interests, compliance with legal obligations, and/or performance of contract.
2.11 Carry out identity verification, document verification, or profile authenticity checks where available or required. Performance of contract, legitimate interests, consent in some contexts, and legal obligations where applicable.
2.12 Send service messages, booking confirmations, login or security codes, trip updates, and essential account communications. Performance of our contract and legal obligations.
2.13 Inform you about changes to our services, features, terms, policies, or support information. Legitimate interests, performance of contract, and in some cases legal obligations.
2.14 Send marketing communications relating to Mwenzako services, offers, and related updates. Legitimate interests and/or consent where required by law.
2.15 Send marketing or promotional information about selected partner services, where you have agreed to receive it or where law permits. Consent.
2.16 Show, limit, or measure relevant advertising on third-party platforms or websites. Legitimate interests and/or consent where required.
2.17 Conduct surveys, product tests, statistics, analytics, customer satisfaction studies, and service improvement research. Legitimate interests.
2.18 Administer, secure, troubleshoot, analyse, test, maintain, and optimise the Platform and its technical features. Legitimate interests.
2.19 Study the impact of mobility services, route demand, usage behaviour, sustainability, safety, or related operational questions. Legitimate interests and, where relevant, legal obligations.
2.20 Respond to lawful requests from courts, regulators, law enforcement, tax bodies, or competent authorities. Legal obligations.
2.21 Establish, exercise, or defend legal claims, and protect our rights, users, business, and platform. Legitimate interests and/or performance of contract.

In some cases, automated tools may be used to identify suspicious activity, risk indicators, likely fraud, or breaches of our rules. Where a decision significantly affects you, you may contact us and request review by a human where applicable.

4. Who receives the information we collect and why

Depending on the circumstances, some of your personal data may be shared with the following categories of recipients:

2.1 Other users of the Platform. Certain information may be visible to other members through your public profile or through the booking flow where this is necessary to organise a trip, maintain trust and safety, or operate the service. For example, this may include your first name, profile photograph, reviews, ratings, trip status, and, where justified by the booking relationship, contact information such as your phone number.

2.2 Transport operators and service providers linked to a booking. Where you book a bus trip or another transport service operated by a third party, we may transmit the data necessary for that provider to deliver the service. In that case, the transport provider may process your personal data under its own privacy rules.

2.3 Group companies, restructuring, or business transfers. We may share information within our corporate structure where necessary for the purposes described in this policy. If we sell, buy, merge, transfer, finance, or otherwise restructure part or all of our business or assets, personal data may be disclosed to potential or actual counterparties subject to appropriate safeguards.

2.4 Authorities, regulators, and legal recipients. We may disclose data to courts, police, customs, tax authorities, regulators, government entities, or authorised third parties where required by law, where necessary to respond to a legal request, where necessary to investigate wrongdoing, or where needed to protect the rights, safety, property, or integrity of Mwenzako, its users, or third parties.

2.5 Service providers and subcontractors. We work with third parties that help us operate the Platform and related services, including providers of hosting, infrastructure, messaging, OTP delivery, customer support, analytics, payment processing, identity verification, anti-fraud tools, document handling, email services, and technical maintenance.

2.6 Business partners. We may collaborate with partners who offer products or services through or alongside the Platform, such as insurance, finance, rental, travel-related services, social integrations, or promotional offers. Data will only be shared where relevant to the requested service, where you ask for it, or where another lawful basis applies.

2.7 Publicly visible content. Reviews, ratings, profile elements, and similar trust-related information may be visible on the Platform to visitors or members where our review or community features require that visibility.

2.8 Payment providers and compliance checks. Payment transactions may be processed by independent payment institutions or fintech partners. Those providers may request identity and compliance information, including KYC documentation, and may act as separate data controllers for their regulated processing operations.

2.9 Third-party connected services. If you choose to connect your account with a third-party service, sign in via an external identity provider, or use a partner feature, that partner’s own privacy policy may also apply to their independent processing.

2.10 Aggregated or combined information. Where allowed by law and, where required, with your consent, we may combine information about you with information received from partners or derived from cookies in order to improve services, measure performance, or support marketing and analytics. Aggregated insights may be used only for compatible purposes.

We do not sell your personal data as a standalone commercial asset to unrelated advertisers.

5. How we use and moderate your messages

We may review, scan, or analyse messages exchanged through the Platform for reasons connected to fraud prevention, support, service improvement, safety, compliance, and enforcement of our Terms.

For example, we may use automated or manual review to identify attempts to bypass the booking system, move transactions off-platform, share prohibited contact details, send abusive content, or otherwise misuse the Platform.

We do not use your private messages for personalised commercial advertising profiling. Where possible, moderation tools may operate automatically, but you may contact us if you believe content or messaging measures were applied incorrectly.

6. Targeted advertising and communications

Subject to applicable law and, where required, your consent, we may use information you provide through the Platform, together with browsing, profile, and cookie-based data, to send marketing communications, show relevant advertisements, suppress irrelevant advertisements, or measure advertising effectiveness.

You may control these activities in several ways:

  • you may unsubscribe from marketing emails using the unsubscribe link contained in the message;
  • you may update communication preferences in your account where that feature is available;
  • you may object to certain direct marketing or legitimate-interest processing by contacting us;
  • you may adjust cookie-based preferences through the relevant cookie settings where available;
  • you may also manage advertising settings directly on certain social media platforms.

7. International transfers of your data

As a general principle, we seek to store and process personal data in locations with appropriate safeguards. However, some of our service providers or partners may be located outside Kenya or outside the country from which you access the Platform.

Where personal data is transferred across borders, we take reasonable contractual, technical, and organisational measures designed to ensure an appropriate level of protection, taking into account the applicable legal framework and the nature of the transfer.

You may contact us if you want more information about the safeguards used for such transfers where applicable.

8. Your rights in relation to your personal data

Subject to applicable law, you may have one or more of the following rights:

  • 2.1 Right of access: to request confirmation of whether we process your personal data and receive a copy of relevant data.
  • 2.2 Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time.
  • 2.3 Right to rectification: to request correction of inaccurate, incomplete, or outdated personal data.
  • 2.4 Right to erasure: to request deletion of your data in certain circumstances, subject to legal or legitimate retention grounds.
  • 2.5 Right to object: to object to direct marketing and, in some cases, to other processing based on legitimate interests.
  • 2.6 Right to restriction: to ask us to limit processing in particular circumstances.
  • 2.7 Right to portability: to receive certain data you provided to us in a structured, commonly used, machine-readable format and, where applicable, transmit it to another controller.
  • 2.8 Right to complain: to complain to a competent supervisory or regulatory authority or seek a legal remedy where you believe your rights have been infringed.
  • 2.9 Post-death instructions: where recognised by applicable law, to provide instructions regarding the handling of your personal data after your death.

We may ask you to verify your identity before acting on a request, particularly where needed to protect your data or the rights of others.

9. Cookies and similar technologies

We use cookies and similar technologies for login, authentication, security, analytics, remembering preferences, performance improvement, and, where applicable, advertising measurement. Please consult our Cookies Policy for further details.

10. Password confidentiality and account security

If you use a password or similar credential to access your account, you are responsible for keeping it confidential. You should not share your password with anyone. If you believe your account has been compromised, you should change your credentials promptly and contact us.

11. Links to third-party sites and services

The Platform may contain links to websites, apps, or services operated by third parties. Those third parties maintain their own privacy practices, and we are not responsible for their handling of personal data. We recommend reviewing their privacy notices before submitting personal information to them.

12. Changes to this Privacy Policy

We may revise this Privacy Policy from time to time in order to reflect changes in our practices, technology, legal requirements, operational needs, or service offerings.

Updated versions will be posted on this page. Where appropriate, we may also notify you of material changes or request your consent where required by law.

13. Contact

If you have any question about this Privacy Policy or if you wish to exercise your rights regarding your personal data, you may contact us using the details below:

Maraton Profii Limited / Mwenzako
Email: Vakha971@gmail.com
© 2026 Mwenzako. Travel together.
Home Search Create trip My trips Terms
Search Account