Mpega • Kaekapa Kae

Privacy Policy

This Privacy Policy explains how we collect, use, store, protect, and share personal information when you use the Mpega / Kaekapa Kae bus reservation application, web portal, ticketing tools, and related services.

Effective date 5 May 2026
Controller / developer Afriport (Pty) Ltd, trading as Kaekapa Kae / Mpega
Privacy contact privacy@kaekapakae.com

1Who this policy applies to

This policy applies to passengers, account holders, counter agents, conductors, bus operator administrators, finance users, support users, and any other person who uses or is recorded in the App or related web portal.

In this policy, “we”, “us”, and “our” refer to Afriport (Pty) Ltd, trading as Kaekapa Kae / Mpega, unless a specific bus operator is acting as an independent controller for its own passenger records, finance records, or legal obligations.

Important: This policy must match the actual data collected by the live App, the Android permissions declared in the app manifest, and the Google Play Data safety form. If a feature is added or removed, this policy and the Play Console declarations should be updated together.

2Information we collect

Depending on your role and the features you use, we may collect or process the following categories of data:

Account and contact data

Name, surname, username, email address, mobile number, sign-in identifiers, role, organization, bus operator, and account status.

Booking and travel data

Routes, schedules, origin, destination, stops, seats, ticket IDs, QR/barcode references, boarding status, cancellations, refunds, trip changes, fare class, and related passenger records.

Payment, wallet, and rewards data

Payment status, receipts, refunds, wallet balance, transaction history, trip credits, promotions, referrals, loyalty or reward activity, and related reconciliation records. We do not store full card numbers on our own servers.

Operational user data

For agents, conductors, administrators, and finance users: ticket issuing activity, ticket scanning activity, route activity, device/session logs, reconciliation actions, and audit records.

Support and communications

Messages, support requests, feedback, complaint details, attachments you choose to provide, and records of our responses.

Device, diagnostics, and analytics

Device type, operating system, app version, crash data, diagnostic logs, authentication events, approximate session activity, Firebase Cloud Messaging tokens, and analytics events.

Location data, where enabled

Approximate or precise location may be used for nearby stops, nearby operators, map features, fraud prevention, or operational support only when the feature is enabled and the user grants permission.

Local device storage

Limited information may be stored on your device, such as login state, app preferences, cached tickets, validation references, or temporary offline data.

We may collect information directly from you, automatically from your device and app usage, from authorized bus operators and their staff, from payment and communications providers, or from support interactions.

3App permissions and sensitive device access

The App may request access to device features only where needed for a clear app function:

  • Camera: used to scan ticket QR codes or barcodes. Camera input is used for scanning and is not stored as a photo by us unless a separate feature clearly asks you to capture or upload an image.
  • Location: used only where map, nearby stop, route, fraud prevention, or operational features require it and you grant permission. We do not use background location unless the App clearly discloses that feature and you allow it.
  • Notifications: used for booking confirmations, ticket updates, payment receipts, trip changes, security alerts, and service messages. You can manage push notifications in your device settings.
  • Photos/files: used only if you choose to upload a document, receipt, support attachment, or similar file through an available feature.

If an app permission is optional, declining it may limit the related feature but should not prevent unrelated app functions from working.

4How we use information

  • To create, authenticate, secure, and manage user accounts.
  • To search for routes, book trips, reserve seats, issue tickets, validate boarding, manage cancellations, process refunds, and support bus operator operations.
  • To process payments, wallet transactions, trip credits, promotions, loyalty rewards, and reconciliation records.
  • To send transactional messages such as ticket confirmations, payment receipts, trip reminders, delay notices, boarding alerts, support responses, and security alerts.
  • To provide customer support, investigate complaints, resolve disputes, prevent fraud, and enforce terms and conditions.
  • To monitor system reliability, diagnose crashes, improve performance, analyze usage, and develop safer and more useful services.
  • To comply with legal, tax, accounting, regulatory, audit, and lawful request obligations.

6When we share information

We share personal information only where necessary for the App and related services, including with:

  • Bus operators and authorized staff, such as agents, conductors, supervisors, administrators, and finance users who need booking or ticket information to operate the service.
  • Cloud, database, authentication, analytics, and notification providers, including Google Firebase services such as Authentication, Cloud Firestore, Cloud Functions, Firebase Cloud Messaging, and Firebase Analytics.
  • Payment processors and financial service providers, such as Stripe or other payment, mobile-money, card, settlement, refund, or reconciliation providers used by the App.
  • Communications providers, such as SMS, email, WhatsApp Business, or push notification gateways used for transactional messages and support.
  • Professional advisers, auditors, insurers, regulators, courts, law enforcement, or public authorities, where required by law or necessary to protect rights, safety, security, or legal interests.
  • Business transfer parties, if all or part of the service is reorganized, merged, sold, financed, or transferred, subject to appropriate confidentiality and legal safeguards.

We do not sell personal information as a commodity. We may use aggregated, anonymized, or de-identified statistics that do not reasonably identify an individual.

7Third-party services and links

The App may use or link to third-party services. Their handling of information is governed by their own terms and privacy policies. Important examples may include:

If additional providers are introduced, such as SMS aggregators, mobile-money providers, or loyalty partners, this policy should be updated where their processing affects users.

8International transfers

Our technology and payment providers may process or store information outside Botswana. Where required by applicable law, we use appropriate safeguards, such as contractual commitments, provider security controls, and other lawful transfer mechanisms.

9Retention

We keep personal information only for as long as reasonably needed for the purposes described in this policy, unless a longer period is required or allowed by law. Retention periods may differ by data type:

  • Account data is normally kept while the account is active and for a reasonable period after closure where needed for security, audit, dispute, or legal purposes.
  • Booking, ticket, payment, wallet, refund, and reconciliation records may be kept for legal, tax, accounting, audit, fraud prevention, chargeback, and transport operation requirements.
  • Support records are kept as long as needed to resolve the matter and maintain a record of the outcome.
  • Security, diagnostic, and analytics logs are kept for a limited period appropriate to security, reliability, fraud prevention, and service improvement.
  • Aggregated, anonymized, or de-identified information may be kept for longer where it no longer reasonably identifies a person.

10Account deletion and data deletion requests

If the App allows you to create an account, you may request deletion of your account and associated personal data. Deletion may be requested through the App where available, for example through account or profile settings, or outside the App using the contact options below.

External deletion request: email privacy@kaekapakae.com with the subject “Account Deletion Request”, or use the account deletion page when published at https://www.kaekapakae.com/account-deletion.

We may need to verify your identity before completing a deletion request. Some records may be retained where necessary for legal, tax, accounting, fraud prevention, dispute, chargeback, safety, or regulatory purposes. Where full deletion is not possible immediately, we may restrict, archive, anonymize, or de-identify data where appropriate.

11Your choices and privacy rights

Subject to applicable law and verification of your identity, you may request to:

  • access the personal information we hold about you;
  • correct inaccurate or incomplete information;
  • delete information where deletion is legally available;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • opt out of direct marketing messages; and
  • lodge a complaint with the relevant supervisory authority where available.

You can also manage some choices directly through the App or device settings, such as push notifications, camera permission, location permission, and saved preferences.

12Service messages and marketing

Transactional messages are necessary for the service and may include booking confirmations, ticket IDs, payment receipts, trip reminders, cancellation notices, delay alerts, boarding messages, and security notices.

Promotional or marketing messages, where offered, will be sent according to applicable law and your available preferences. You may opt out of marketing messages without affecting essential transactional messages.

13Children and minors

The App is not directed at children as a child-focused service. A parent, guardian, school, organization, or responsible adult may book travel for a minor where lawful and appropriate. If we learn that a child’s information has been collected improperly, we will take appropriate steps to delete or restrict the information.

14Security

We use technical and organizational safeguards designed to protect personal information, including access controls, role-based permissions, secure cloud services, encryption in transit where supported, authentication controls, monitoring, and operational procedures. No method of transmission or storage is completely secure, and users should protect their account credentials and devices.

If we become aware of a personal data breach requiring notification, we will take steps required by applicable law and by our operational procedures.

15Fraud prevention and automated checks

We may use automated or semi-automated checks to protect the App, detect suspicious activity, prevent fraud, validate bookings, protect wallet or payment activity, and support reconciliation. Where a decision significantly affects you, you may contact us to request review where required by applicable law.

16Cookies, local storage, and web portal data

Our web portal may use cookies, browser storage, or similar technologies for sign-in, session security, preferences, analytics, and service reliability. You can manage cookies through your browser settings, but disabling necessary cookies may affect sign-in or core web portal functions.

17Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be posted on this page with the updated effective date. Where changes are material, we may notify users through the App, email, SMS, or another appropriate channel.

18Contact us

For privacy questions, access requests, correction requests, account deletion requests, or complaints, contact:

Afriport (Pty) Ltd, trading as Kaekapa Kae / Mpega
Botswana
Email: privacy@kaekapakae.com
Website: https://www.kaekapakae.com

Use the same legal entity name here as the developer name shown in the Google Play store listing. If the Play Console listing uses a different legal name, update this section before publishing.