Privacy Policy

This policy ensures secure account registration, password management, and payment handling for both customers and drivers on the Bakkify platform. It safeguards personal and financial data in compliance with South African law and international security standards.

Scope

  • All Bakkify users (customers and drivers) who register and log into the app.
  • All payments and transactions processed through the Bakkify platform.
  • All administrators and technical staff managing user accounts and transactions.

Account Registration & Login

  • Customers and drivers must create an account using their full name, mobile number, and email address.
  • Drivers must provide certified ID, driver’s licence, vehicle details, and police clearance.
  • Login requires a unique username/email and password.
  • Email-based OTP verification is mandatory during registration.
  • Accounts with repeated suspicious login attempts will be temporarily suspended.

Password Security

  • Passwords must be at least 12 characters and include letters, numbers, and symbols.
  • Bakkify stores passwords hashed and encrypted; plain-text passwords are never stored.
  • Users are encouraged to update passwords regularly.
  • After 5 failed login attempts, accounts are locked and require admin unlock.
  • Forgotten passwords can only be reset through verified email OTP.

Payment & Card Security

  • Payments are processed via PCI-DSS compliant gateways (PayGate).
  • Bakkify does not store card details directly; tokenisation is used.
  • Driver banking details are stored as encrypted data for payments.
  • POPIA Section 19 ensures personal and payment data is secured.
  • CPA Section 65 ensures safe custody of consumer funds until transactions are completed.
  • Fraud monitoring is in place for unusual transactions.

Data Sensitivity & Classification

  • Personal Data: IDs, driver licenses, police clearances, addresses. Encrypted and accessible only to authorized personnel.
  • Financial Data: Payment cards, bank details, transaction history. Tokenized via PCI-DSS gateways.
  • Operational Data: Trip history, ratings, customer reviews. Retained while account is active.
  • Public Data: Driver ratings visible on the app for transparency.

Data Breach Response Flow

  • Detection – Incident is identified through systems.
  • Containment – Immediate suspension of affected systems/accounts.
  • Assessment – Investigate scope of breach.
  • Notification – Inform affected users per POPIA Section 22.
  • Recovery – Restore services, reset passwords, enhance security.
  • Review – Integrate lessons into Risk Management & Incident Response Policy.

Enforcement

  • Users who fail to comply may face suspension or permanent banning.
  • Drivers who misuse payment systems may be reported to law enforcement.
  • Any security breach is escalated to the Risk Management & Incident Response Policy.

Related Policies

  • Bakkify Driver Vetting & Onboarding Policy
  • Bakkify Refund & Cancellation Policy
  • Bakkify Risk Management & Incidents Response Policy

Standards & Legal References

  • POPIA Section 19 & 22: Securing personal data and notifying users in case of breach.
  • Consumer Protection Act Section 65: Secure processing and custody of consumer funds.
  • Electronic Communications and Transaction Act: Transparent booking, cancellation, and refund disclosure.
  • PCI-DSS: Tokenized payments, no storage of customer card data on servers.

Continuous Monitoring

  • Login attempts are logged and monitored for suspicious activity.
  • Payments are monitored by Peach payment system.
  • Policies are reviewed annually for legal and security compliance.
<
Contact Us

Lephalale, Limpopo, South Africa

014 101 1252

info@bakkify.co.za

Quick Link
About Us Contact Us Privacy Policy Terms & Conditions Refund Policy
Popular Link
About Us Contact Us Privacy Policy Terms & Conditions Refund Policy

© Bakkify, All Right Reserved. Designed By ManziTech Solution
Home Cookies Help FQAs