Privacy Policy - Koloi Tracker

Effective date: 18 March 2026 Version: 1.0

1. Who we are (Controller)

Koloi Tracker (Pty) Ltd ("we", "our") provides a vehicle tracking and logbook service.

  • Privacy contact email: support@mykoloi.co.za

2. Scope of this policy

This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use Koloi Tracker (web/mobile/app) and related services.

This policy covers:

  • End users who sign up and access trip/location features
  • Organization managers/admins who configure certain settings
  • Drivers/individuals whose vehicle data may be involved (where applicable)

3. What personal information we collect

Depending on how you use the service, we may collect:

3.1 Location and trip data

  • GPS location data used to detect and record trips/logbook information
  • Derived trip history (e.g., trip timing/distance)

3.2 Vehicle telemetry used for trip detection and alerts

  • Speed, heading, and timestamps to detect trips and provide safety alerts

3.3 Device and account data

  • Device information (e.g., device identifiers and device status, depending on how your device reports)
  • Account details (e.g., email, name, phone if provided)
  • Role and organization membership for access control

3.4 Consent and authorization records (audit trail)

We record electronic consent/authorization in connection with POPIA/ECT-style consent requirements. Audit data recorded includes:

  • Consent timestamp
  • Client IP address
  • Consent version

3.5 Geofence alert configuration and events

If your organization enables geofence-related functionality, we may process location data to determine whether geofence entry/exit events should be created/allowed according to that configuration.

4. How we use your information (purposes)

We process personal information for these purposes:

  1. Provide trip tracking and logbook records
  • Trip detection, distance calculations, and historical viewing.
  1. Provide safety and alerting features
  • Notifications related to speed/telemetry and configured alarms.
  1. Geofence enforcement according to privacy windows (where enabled)
  • Geofence entry/exit alarms may be blocked unless the organization configuration allows them (see Section 10).
  1. Manage access control and administration
  • Ensure only authorized roles can view/update relevant organization settings.
  1. Compliance, security, and dispute handling
  • Maintain audit trails for consent/changes and support legal compliance.
  1. Data export and account deletion
  • Support rights to export data and delete your account/data where applicable.

5. Legal bases for processing (South Africa POPIA + GDPR)

Because this app may be used by people in different regions, we handle legal bases as follows:

5.1 South Africa (POPIA)

We process personal information in order to:

  • Obtain and record consent for GPS tracking/trip access before users can access trip data.
  • Comply with legal obligations and maintain required records.
  • Protect legitimate interests (e.g., security measures and operational integrity).

5.2 EU GDPR (if applicable)

We generally rely on:

  • Consent for GPS/tracking processing where required
  • Compliance with legal obligations
  • Legitimate interests for security/audit and service integrity (subject to applicable assessment)

6. Consent and withdrawal

6.1 Consent

Consent is required before users can access trip data in this system. Electronic consent is recorded with a timestamp, client IP address, and a consent version.

6.2 Withdrawal

Users can withdraw consent in the app via Settings -> Privacy.

Upon withdrawal, we will take reasonable steps to stop processing for the purposes that depend on consent, to the extent allowed by law. Certain data may be retained where we have a separate legal obligation or legitimate reason to do so (e.g., audit records for regulatory compliance).

7. Data sharing and recipients

We do not sell your personal data.

We may share personal information with:

  • Service providers/sub-processors that help us operate the service (e.g., cloud hosting infrastructure, email delivery, push notification services)
  • Organizations/roles within your organization as needed to provide administrative access
  • Law enforcement or regulators if required by law or lawful request

8. International transfers

Your information may be processed in countries outside your country of residence.

If transfers occur outside South Africa/EU (as applicable), we will take steps designed to provide appropriate safeguards. Our data is hosted on cloud infrastructure in regions necessary for reliable service delivery, and we select providers that offer adequate data protection commitments.

9. Data retention

9.1 Trip data retention

Trip data is retained for up to 24 months by default unless deleted earlier. Your organization administrator may configure a different retention period within the allowed range.

9.2 Consent/authorization record retention

Consent and authorization records are retained for 5 years for legal compliance purposes.

9.3 Account deletion

If you request account deletion, the system performs a permanent deletion process. Some records may be retained to the extent required for legal compliance and safety/security needs. Backups containing deleted data are purged on a rolling basis.

10. Geofence privacy policy windows (how it affects processing)

If geofence privacy gating is enabled for your organization, geofence entry/exit alarms may be blocked unless permitted by the organization geofence privacy policy.

Default geofence privacy policy (organization settings):

  • Enabled by default
  • Allowed days: Monday to Friday
  • Allowed hours: 06:00 to 20:00 (UTC)

Geofence alarms are blocked when:

  • Policy is disabled, or
  • Event timestamp falls on a day not allowed, or
  • Event time is outside the configured time window.

11. Your rights

Depending on your location, you may have rights such as:

11.1 Access and portability

Request a copy/export of your data. The system provides a data export feature that produces a downloadable archive of your information.

11.2 Deletion / right to be forgotten

Request deletion of your account and data. You can initiate this through the app or by contacting us at support@mykoloi.co.za.

11.3 Withdraw consent

You can withdraw consent in the app via Settings -> Privacy.

To exercise any of these rights, contact us at support@mykoloi.co.za or use the relevant feature within the app.

12. Security

We use reasonable technical and organizational measures to protect personal information, including:

  • Encryption in transit and at rest
  • Access controls
  • Audit trails for consent and administrative changes

13. Contact and complaints

For questions about this Privacy Policy:

  • Email: support@mykoloi.co.za

For POPIA-related complaints (South Africa):

14. Changes to this policy

We may update this policy from time to time. We will reflect changes by updating the effective date and/or version. We will notify you of material changes via email or an in-app notice.