Zuma is live in:
🇰🇪 Kenya 🇺🇬 Uganda 🇹🇿 Tanzania
Home Privacy Policy

Privacy Policy

How we collect, use, and protect your data.

Last updated: June 2025  ·  Applies to: Zuma Super App (Kenya, Uganda, Tanzania)

1. Who We Are

Zuma Technologies Ltd ("Zuma", "we", "us", "our") operates the Zuma Super App and all related services. Our registered office is at Zuma House, Westlands, Nairobi, Kenya. We are subject to Kenya's Data Protection Act 2019, Uganda's Data Protection and Privacy Act 2019, and Tanzania's Personal Data Protection Act 2022.

2. Data We Collect

  • Account data: name, phone number, email address, date of birth, national ID or passport number (for KYC verification).
  • Location data: real-time GPS for rides, food delivery, pharmacy delivery, and courier services. Location is collected only when the app is in active use for a location-based service.
  • Transaction data: payment amounts, methods, merchant names, dates, and references.
  • Device data: device type, operating system version, app version, IP address, device fingerprint (for fraud prevention).
  • Usage data: services used, session duration, in-app behaviour, search queries.
  • Communications: support tickets, in-app messages, and call recordings with our support team (with notice).

3. How We Use Your Data

  • To provide and improve our 15 services
  • To process payments and prevent fraud
  • To verify your identity (KYC) as required by financial regulators
  • To send service notifications (order updates, payment confirmations, security alerts)
  • To personalise service recommendations using our AI engine
  • To compute your Zuma Credit Score
  • To comply with legal obligations under East African law

4. Data Sharing

We share data with:

  • Service partners you transact with (drivers, restaurants, pharmacies, vendors) — only what is necessary to fulfil your order.
  • Payment processors (M-Pesa, MTN MoMo, Airtel, Tigo, HaloPesa, Stripe) — for transaction processing.
  • Fraud prevention services — anonymised device and behavioural signals.
  • Law enforcement — when legally required by a valid court order.

We never sell your personal data to advertisers or third-party marketers.

5. Data Retention

  • Transaction records: retained for 7 years for regulatory compliance.
  • Location history: anonymised after 90 days for completed orders.
  • Account data: deleted within 30 days of account closure request (subject to legal retention obligations).
  • KYC documents: retained for the duration of your account plus 5 years per AML regulations.

6. Your Rights

You have the right to: access your data, correct inaccuracies, request deletion (subject to legal retention requirements), port your data, object to processing, and withdraw consent for optional data processing. Contact our Data Protection Officer at privacy@zuma.app.

7. Security

We use AES-256 encryption for data at rest, TLS 1.3 for data in transit, two-factor authentication for all admin access, and conduct annual third-party security audits. We are PCI DSS compliant for payment card data.

8. Contact

Data Protection Officer: privacy@zuma.app | +254 700 000 000 | Zuma House, Westlands, Nairobi, Kenya.