Privacy Policy

Who We Are

Trekka is an African transportation infrastructure platform that connects passengers with licensed transport companies for intercity and intrastate travel. We operate as a technology intermediary — we do not own vehicles, employ drivers, or directly provide transport services at this stage of our operations.

For the purposes of data protection law, Trekka acts as a Data Controller — meaning we are the entity that determines why and how your personal data is collected and used. This places legal responsibility on Trekka to handle your data lawfully, fairly, and transparently, as required under the NDPA 2023 and Ghana DPA 2012.

Third-party services we use — such as payment processors and communication providers — act as Data Processors on our behalf. They are contractually bound to handle your data only as instructed by Trekka and in compliance with applicable law.

Information We Collect

We collect only the information we genuinely need to provide and improve our services. Below is a transparent breakdown of what we collect and why.

Information You Give Us Directly

• Your full name, email address, and phone number — required to create and manage your account
• Account credentials and profile details — required for authentication and account security
• Travel preferences, route selections, and booking history — required to process your trips
• Payment details and billing information — required to process transactions securely via our licensed payment partners
• Communications you send to our support team — retained to resolve your inquiries
• Identity documents — collected from drivers and transport company representatives only, for verification purposes

Information Collected Automatically

When you use the Trekka platform, our systems automatically collect certain technical information:

• Device information — IP address, browser type, operating system, and device identifiers
• Usage data — pages visited, features used, time spent, and interaction patterns
• Location data — only when you explicitly grant permission. We do not track your location continuously or without consent
• Cookies and similar tracking technologies — see our Cookie Policy for full details

Why We Use Your Information & Our Lawful Basis

Every use of your personal data by Trekka is supported by a specific lawful basis, as required by the NDPA 2023 and the Ghana DPA 2012. We do not process your data for reasons beyond what is described here.

To Deliver Our Services — Lawful Basis: Contract

• Processing your bookings and issuing boarding passes
• Sending trip confirmations, updates, and ticket information to your email
• Providing passenger manifests and booking details to the relevant transport company for your trip
• Processing payments and managing escrow releases upon trip completion
• Enabling driver management features for transport companies

To Keep the Platform Safe — Lawful Basis: Legitimate Interest

• Detecting and preventing fraudulent transactions and unauthorized account access
• Monitoring for suspicious activity and platform abuse
• Verifying the identity of drivers and transport operators before granting platform access
• Maintaining audit logs of sensitive data access by our internal team

To Meet Legal Obligations — Lawful Basis: Legal Obligation

• Retaining transaction records for tax, audit, and financial compliance purposes
• Responding to lawful requests from regulatory authorities
• Reporting data breaches to the relevant data protection regulator within required timeframes

To Improve Our Platform — Lawful Basis: Legitimate Interest

• Analysing usage patterns and booking trends to improve platform performance
• Conducting internal research to develop new features and services
• Generating anonymised, aggregated transport data for internal analytics and, where applicable, government planning partnerships

Marketing Communications — Lawful Basis: Consent

• Sending promotional messages, offers, or platform updates — only where you have given explicit consent
• You may withdraw this consent at any time by adjusting your preferences in your account settings or clicking "Unsubscribe" in any marketing email

How We Share Your Information

Trekka does not sell your personal data to third parties — ever. We share your information only in the specific circumstances described below, and only to the extent necessary for each purpose.

Transport Companies on the Trekka Platform

When you complete a booking, we share only the information that transport company needs to serve you — your name, contact details, seat assignment, and trip information. Transport companies do not receive your payment details, identity documents, or any data beyond what is necessary to complete your journey.

Payment Processors

We work with Paystack and Flutterwave for transactions within Nigeria and Ghana, and Stripe for applicable international transactions. These providers are independently licensed and regulated under the Central Bank of Nigeria and the Bank of Ghana respectively. They receive only the payment information necessary to process your transaction. All payment processing is PCI-DSS compliant.

Communication Service Providers

We use Africa's Talking to deliver SMS notifications — including trip alerts, OTP codes, and emergency communications. Your phone number is transmitted to this service encrypted and is used solely to deliver the relevant message. It is never stored in plain text in any log or system record.

Other Trusted Service Providers

We work with third-party providers for hosting, analytics, customer support tooling, and email delivery. Each provider is bound by a Data Processing Agreement requiring them to handle your data only as instructed by Trekka and in accordance with applicable data protection law.

Government and Regulatory Bodies

We may disclose personal information to government authorities or regulators where required by law — for example, in response to a lawful court order or regulatory investigation. Where Trekka provides data to government bodies for transport planning or revenue purposes, this data is anonymised and aggregated. No individual user can be identified from data shared in this context.

Legal and Safety Requirements

We may disclose your information where necessary to protect the rights, safety, or property of Trekka, our users, or the public — including in the investigation of fraud, security incidents, or potential criminal activity.

Business Transfers

In the event that Trekka undergoes a merger, acquisition, or sale of assets, your personal information may be transferred to the successor entity. You will be notified of any such transfer and your rights will be preserved under the terms of this Policy.

How We Protect Your Data

Trekka applies layered technical and organisational security measures to protect your personal information. Security is not a feature we added — it is built into how our platform is architected.

Encryption

All sensitive personal data — including phone numbers, email addresses, and identity document information — is encrypted at the application layer using AES-256 encryption before being stored in our database. Encryption keys are managed separately from the database through a dedicated Key Management System, ensuring that a database breach alone cannot expose your personal information. All data in transit is protected using TLS (Transport Layer Security).

Access Controls

Access to personal data within Trekka is strictly governed by role-based permissions. Different staff roles — support agents, operations, finance, and administration — can only access the specific categories of data their role requires. Sensitive fields such as identity documents and payment references are accessible only to authorised administrators, and every access event is logged with a timestamp and stated reason.

Audit Logging

Every instance of sensitive data access within Trekka's systems is recorded in a tamper-proof audit log. These logs capture who accessed what, when, from where, and why. Audit logs cannot be deleted or modified through any internal process.

Payment Security

Trekka does not store your card details on our servers. All payment processing is handled by PCI-DSS compliant payment partners — Paystack, Flutterwave, and Stripe. Your payment information is transmitted directly to these licensed processors and never passes through or rests on Trekka's own infrastructure.

Ongoing Security Practices

• Regular security assessments and vulnerability testing
• Staff training on data protection obligations and secure data handling
• Strict third-party vendor assessment before granting access to any user data
• Incident response procedures with defined escalation paths and regulator notification timelines

Your Rights Over Your Data

Under the NDPA 2023, the Ghana DPA 2012, and where applicable the GDPR, you have specific rights over your personal data. Trekka is committed to honouring these rights promptly and without unnecessary barriers.

To exercise any of these rights, contact us at privacy@trekkatravels.com. We will respond to all valid requests within 30 days. We do not charge a fee for exercising your rights.

If you are unsatisfied with how Trekka handles your request, you have the right to lodge a complaint with the relevant data protection authority:

• Nigeria: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
• Ghana: Data Protection Commission Ghana — dataprotection.org.gh
• EU residents: Your local EU supervisory authority under the GDPR

Data Retention

We do not keep your personal data indefinitely. Every category of data we hold has a defined retention period, after which it is securely deleted or anonymised. The following retention periods apply:

• Transaction and payment records — retained for a minimum of 7 years, in compliance with financial record-keeping obligations under Nigerian and Ghanaian law
• Booking and trip history — retained for 3 years from the date of the trip, then anonymised
• Account information — retained for the duration of your active account, plus 12 months after account closure
• Support communications — retained for 2 years from the date of resolution
• Identity verification documents — retained for the duration of the driver or operator's active relationship with Trekka, plus 12 months, in line with regulatory requirements
• Usage and behavioural data — retained for a maximum of 90 days, after which it is aggregated and anonymised
• Audit logs — retained for a minimum of 5 years and are never deleted through any application process

International Data Transfers

Trekka operates across Nigeria and Ghana. Some of the third-party services we use — including cloud infrastructure, analytics tools, and communication providers — may process your data in countries outside your country of residence, including countries outside Africa.

Where personal data is transferred outside your country, Trekka ensures that appropriate safeguards are in place to protect your information to the same standard required in Nigeria and Ghana. These safeguards include:

• Standard Contractual Clauses approved by the relevant data protection authority, where applicable under the GDPR
• Data Processing Agreements with all third-party processors that include binding data protection obligations
• Transfers only to service providers that maintain internationally recognised security certifications

By using the Trekka platform, you acknowledge that your data may be processed in jurisdictions outside your own. We take all reasonable steps to ensure your data remains protected wherever it is processed.

Cookies

Trekka uses cookies and similar tracking technologies to keep our platform functional, secure, and improving. Cookies help us remember your preferences, maintain your session, and understand how the platform is used.

You can manage your cookie preferences through your browser settings at any time. Disabling certain cookies may affect the functionality of some features on the Trekka platform.

For a complete breakdown of the cookies we use, what each one does, and how to manage them, please see our Cookie Policy.

Children's Privacy

Trekka's platform is intended for individuals aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18.

If we become aware that personal data has been collected from a minor without appropriate parental or guardian consent, we will take immediate steps to delete that data from our systems. If you believe a minor has created a Trekka account, please contact us at privacy@trekkatravels.com so we can investigate and act promptly.

Third-Party Links

The Trekka platform may contain links to external websites or services that are not operated by Trekka. These links are provided for your convenience and do not constitute an endorsement of those services.

Trekka is not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policy of any external site before submitting personal information to it.

Data Breach Response

In the event of a personal data breach, Trekka has established procedures to respond swiftly and responsibly. Our obligations under applicable law are:

• Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of a breach, where it is likely to result in risk to the rights and freedoms of affected individuals — as required under the NDPA 2023
• Notify the Ghana Data Protection Commission in accordance with requirements under the Ghana DPA 2012
• Notify affected users directly where a breach is likely to result in high risk to their personal rights or interests, without undue delay

If you believe your Trekka account or personal data has been compromised, contact us immediately at security@trekkatravels.com.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the law, or the way our platform operates. When we make material changes, we will notify you through a prominent notice on the platform or via email before the changes take effect.

The "Last Updated" date at the top of this page always reflects the most recent version. We encourage you to review this Policy periodically. Continued use of the Trekka platform after changes take effect constitutes your acknowledgment of the updated Policy.

Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or how Trekka handles your personal data, please reach out. We take every inquiry seriously and will respond within 30 days.