Privacy Policy

1. Who we are

Mamastops is a B2B cashless logistics platform for cross-border trucking across Southern and East Africa. We help transporters and their drivers plan trips, pay for fuel, parking, tolls, and border clearance at our partner stations, and stay connected with dispatch throughout the route — without carrying cash.

This platform / application is operated by multiple affiliated entities located in different countries. Depending on your country of residence or the services you use, your personal data may be collected, processed, and managed by the relevant local entity responsible for providing services in your jurisdiction.

Our operating entities are:

• Zambia — MAMASTOP LOGISTICS SOLUTIONS LIMITED
• Tanzania — Mamastops Logistics Solutions Tanzania Ltd
• Rwanda — Mamastop Logistics Solutions Ltd
• South Africa — Mamastops Logistics Solutions South Africa (Pty) Ltd
• Mozambique — Mamastop Logistics Solutions LDA

• General contact: support@mamastops.com.
• Privacy / data-protection contact: support@mamastops.com (please use the subject line "Privacy"). If you are in Zambia and we cannot resolve your complaint, you may contact the Office of the Data Protection Commissioner under the Zambia Data Protection Act, 2021. Drivers in Tanzania, Rwanda, South Africa, or Mozambique should write to the same address and we will route the request to the relevant local entity.

2. Scope

This policy applies to:

• the Mamastops Driver Android app distributed on Google Play under package com.mamastop.app;
• the Mamastops web platform at mamastops.com and the APIs that the Driver app talks to.

This policy does not apply to the websites or services of any partner station, shipper, or other third party we link to.

The Driver app is built for licensed commercial drivers. It is not directed to children and we do not knowingly collect data from anyone under the age of 18.

3. What we collect

3.1 Information you give us

• Account & contact: name, mobile country code and number — used to deliver one-time passwords (OTPs) and service messages over WhatsApp, with SMS as a fallback — and email address.
• Profile: profile photo (stored on our servers).
• Government IDs: driver's licence number and passport number. We need these to confirm you are legally allowed to drive cross-border consignments. They are stored on our servers and are not shared with advertising or analytics providers.
• Support correspondence: if you write to us through "Report a Problem" or by email, we keep the subject, body, and the reply trail.

3.2 Information we collect automatically while you use the app

• Precise location (latitude, longitude, accuracy), collected via Android FusedLocationProvider while the app is in the foreground. The current GPS fix is attached to authenticated requests to our API as an x-location-data header so dispatch and partner stations can confirm your truck's position relative to the planned route and verify QR-redeemed services. We do not request the Android ACCESS_BACKGROUND_LOCATION permission, so the app cannot track you when it is not open.
• Device & connection info (x-connection-data header on each request): device model, Android version, app version, language, timezone, platform. Server-side we also see the IP address your request came from. We use this for support ("which build is the driver on?"), troubleshooting, and abuse / fraud detection.
• App activity & performance: screens viewed, in-app events (such as "trip started" or "QR scanned"), and crash diagnostics. Collected via Google Firebase Analytics and Firebase Crashlytics — see Section 5.
• Advertising identifier (Google Advertising ID): collected by Firebase Analytics. We do not use it to show you ads or build an ad-targeting profile — we use it only for de-duplicating analytics events. You can reset or limit this ID at any time from your Android settings (Settings → Privacy → Ads).
• Push notification token: Firebase Cloud Messaging issues an opaque token for your install so we can deliver trip assignments and alerts. The token is deleted from your device on logout and from our servers when you delete your account.

3.3 Camera

The app uses your camera only locally, on your device, to scan QR codes at partner stations (fuel, parking, tolls). Camera frames are processed on-device by Google ML Kit and are not uploaded to our servers.

3.4 What we do not collect

• Contacts, SMS messages, or calendar entries.
• Microphone audio.
• Background location (we do not request the Android permission).
• Biometric data.
• We do not sell, rent, or trade any personal data, and we do not use it for third-party advertising.

4. How we use your information

We use the data above to:

• Operate the platform / application. Authenticate you, assign trips and consignments, track the planned route, redeem services at partner stations via QR codes, store your documents, and let you contact support.
• Comply with logistics regulations. Verify driver licensing and cross-border paperwork.
• Keep the platform / application safe. Detect fraudulent redemptions, account takeover, and abuse.
• Fix bugs and improve the platform / application. Crash reports and basic in-app event analytics.
• Communicate with you. Send one-time passwords (OTPs) for sign-in over WhatsApp (SMS fallback), push notifications about trips, service announcements over WhatsApp / email, and replies to your support requests.

We do not use your data for advertising and we do not sell, rent, or trade it.

5. Who we share it with

We share data only with the service providers we need to run Mamastops, including:

• analytics, crash-reporting, and push-notification providers;
• cloud hosting and database providers;
• WhatsApp Business, SMS, and OTP gateway providers — used to deliver one-time passwords for sign-in and operational messages to the mobile number on your account;
• payment and settlement providers (when applicable).

These providers process only the data needed for their service and under appropriate confidentiality and data-protection terms. Details of a specific provider are available on request.

We may also share data when we are legally required to (a court order or a lawful request from a regulator, or to defend our legal rights), and with a successor entity in the event of a merger or acquisition (we will tell you before that happens).

6. International transfers

Mamastops operates across multiple African jurisdictions through the entities listed in Section 1. Some of our processors — notably Google (Firebase) and WhatsApp Business — operate data centres outside the country where your data is collected. When we send your data to them, we rely on the processor's contractual safeguards and on the lawful-transfer mechanisms permitted by the data-protection law of your local operating entity (for example, the Zambia Data Protection Act, 2021, or the South African Protection of Personal Information Act (POPIA)). If you are in a jurisdiction with stricter transfer rules (e.g. the EU/EEA under the GDPR), the same contractual safeguards apply and you keep the rights described in Section 8.

7. Lawful basis

We process your data on the following bases:

• Contract — to perform the driver–platform relationship: assigning trips, redeeming services, paying you (or your employer).
• Legal obligation — to comply with logistics, transport, and cross-border regulations and to retain records as required by tax and accounting law.
• Legitimate interest — fraud prevention, platform / application security, and product improvement, balanced against your privacy.
• Consent — for anything optional we may introduce in the future (for example, marketing messages). You can withdraw consent at any time without affecting the service we deliver.

8. Your rights

You have the right to:

• Access the personal data we hold about you and obtain a copy of it;
• Correct data that is wrong or incomplete (you can edit most profile fields yourself in the app);
• Delete your account and the personal data tied to it (see Section 9);

To exercise any of these rights, email support@mamastops.com with the subject line "Privacy". We will respond within 30 days of receiving your request.

9. How to delete your account

You can delete your account in two ways:

• In the app: open the Driver app → Profile → Requests → Delete Account. Confirm the reason, and we will close the account.
• By email: write to support@mamastops.com from the email tied to your account, with the subject "Delete my account".

When you delete your account we:

• log you out and clear your authentication tokens from the device;
• unregister your push notification token from our servers;
• delete or anonymise your profile, contact details, and document references;
• retain a minimum amount of trip and transaction data only for as long as we are required to under logistics, tax, and accounting regulations (see Section 10).

10. How long we keep your data

We keep your data only for as long as we need it for the purposes described in this policy.

• Account data (profile, contact details, documents) is kept while your account is active and removed after closure, subject to any legal hold.
• Authentication tokens on your device are kept until you log out or delete the account.
• Trip and transaction records are kept for as long as required for commercial-logistics, tax, and accounting record-keeping under applicable law.
• Support correspondence is kept for a reasonable period after our last reply.
• Analytics and crash data held by our service providers are kept according to their standard retention periods.

If a category is not listed above, we keep it only as long as needed for the purposes described in Section 4.

11. How we protect your data

• All traffic between the platform / application and our servers is over HTTPS / TLS.
• On the device, your authentication tokens are stored in Android EncryptedSharedPreferences (AES-256-GCM).
• On our servers, data is encrypted at rest and access is restricted to the engineering and operations staff who need it for their job.
• We review our security posture regularly and require the same of our processors.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you and the relevant authorities as required by law.

12. Children

The Mamastops Driver app is for licensed commercial drivers and is not directed to anyone under 18. We do not knowingly collect personal information from a child. If you believe a child has used the app, please contact support@mamastops.com and we will delete the account.

13. Changes to this policy

We will update this page when our practices change. Material changes will also be announced inside the Driver app the next time you log in. The Last updated date at the top of this page tells you when the current version took effect.

14. Contact