Privacy Policy

Privacy Policy

How Tunga collects, uses, stores, and protects your information.

Tunga Privacy Policy

Effective date: June 25, 2026
Last reviewed: June 25, 2026
Applies to: Tunga, Tunga Provider, Tunga admin tools, and related web services
Privacy URL: https://www.tunga.ke/privacy-policy
Terms URL: https://www.tunga.ke/terms-and-conditions

This Privacy Policy explains how Vaughn Price Limited collects, uses, shares, stores, and protects personal data when you use:

  • Tunga, the customer app for finding, booking, paying, messaging, and reviewing local service providers
  • Tunga Provider, the provider app for receiving bookings, managing availability, communicating with customers, completing verification, and receiving payments
  • Tunga support, admin, verification, payment, and dispute tools

The two apps are separate App Store products, but they operate on the same Tunga marketplace platform. This policy describes the data practices for both apps and clearly identifies customer-specific and provider-specific data where they differ.


1. Who We Are

Tunga is operated by:

Vaughn Price Limited
Registration number: PVT-271JDA8L
Chania Suites 1A, Chania Street, Kilimani, Westlands, Nairobi, Kenya
P.O. Box 00100-00100, G.P.O. Nairobi
Telephone: +254 793 022 425
Email: info@tunga.ke

For privacy questions, data access requests, deletion requests, or complaints, contact us at:

info@tunga.ke

We are registered as a data controller with Kenya's Office of the Data Protection Commissioner (ODPC).


2. Summary of What We Collect

Tunga collects data needed to create accounts, verify users, match customers with providers, process bookings and payments, deliver notifications, enable chat, prevent fraud, resolve disputes, and comply with law.

We do not sell personal data.
We do not use third-party advertising tracking.
We do not store raw card numbers, CVV codes, mobile money PINs, or Apple payment credentials.
We do not allow service providers to freely browse private customer data outside the booking workflow.

Some features require device permissions, including location, photos, camera or media access where available, and push notifications. You can manage device permissions in your device settings.


3. Data We Collect From All Users

3.1 Account and Authentication Data

We may collect:

  • name
  • phone number
  • email address
  • passwordless or OTP login information
  • OTP verification channel and verification status
  • account role, such as customer, provider, or admin
  • Supabase authentication user ID
  • account status, such as active, suspended, deleted, or pending review
  • account creation, update, login, and deletion timestamps

We use this data to create accounts, authenticate users, protect accounts, route users to the correct app experience, and prevent unauthorized access.

3.2 Device and App Data

We may collect:

  • app target, such as Tunga or Tunga Provider
  • app version
  • device type and operating system
  • push notification token
  • notification delivery and read status
  • basic diagnostic data, such as error messages, failed requests, and app workflow state

We use this data to operate the apps, send relevant notifications, troubleshoot errors, and maintain security.

3.3 Communications

We may collect:

  • in-app chat messages between customers and providers
  • support messages
  • dispute messages
  • admin notes related to bookings, payments, safety, verification, or account issues
  • notification content and delivery status

In-app chat access is controlled by booking status and platform rules. We may review communications where necessary for support, safety, fraud prevention, dispute resolution, legal compliance, or enforcement of our Terms.


4. Data Collected in the Tunga Customer App

When you use Tunga as a customer, we may collect:

  • customer profile details, such as name, phone number, email address, and profile photo if uploaded
  • saved addresses, service address, selected booking location, and coordinates where provided
  • booking requests, order history, service category, service notes, timing, booking status, cancellation status, and completion status
  • provider selection, provider interactions, chat messages, ratings, reviews, disputes, refunds, and support requests
  • payment status, transaction references, order IDs, booking IDs, amount, currency, provider, and timestamps
  • location permission status and one-time or session-based location information used to find nearby providers and estimate distance or arrival information

The customer app uses location to help you set a service location, find nearby providers, calculate distance, and support the booking workflow. If you deny location permission, you may still be able to enter or select an address manually where supported.

Customers may see limited provider information needed to evaluate and manage a booking, including provider name or business name, profession, service category, profile photo, description, ratings, reviews, distance estimates, availability status, verification status, and approved credential badges.


5. Data Collected in the Tunga Provider App

When you use Tunga Provider, we may collect:

  • provider profile details, such as name, business name, phone number, email address, profile photo, business description, profession, service category, service list, years of experience, and base location
  • provider account status, approval status, verification status, credential status, badge status, online/offline availability, and account restrictions
  • booking requests received, accepted, declined, completed, cancelled, disputed, or refunded
  • response time, booking response history, completed job count, rating, review, and provider fee status
  • customer-facing service information, such as services offered, service area, availability, and approved credential badges
  • provider location data while the provider is actively using availability or job-matching features and has granted location permission
  • payment, payout, provider fee, and transaction reference information needed to manage bookings and provider obligations

The provider app uses location to support availability, distance estimation, route calculation, and job matching. Provider live location is used only for platform operations and booking-related workflows. Customers are shown only the limited provider information needed for marketplace matching and booking, not unrestricted live tracking.

If a provider turns off location permission, location-based matching, distance estimates, and active availability features may not work properly.


6. Photos, Files, and User Content

Depending on how you use the apps, we may collect:

  • profile photos
  • chat images or attachments where supported
  • provider credential files, such as certificates, degrees, licences, diplomas, trade qualifications, or professional memberships
  • temporary identity verification images or document images in manual review flows
  • support or dispute evidence submitted by a user

Photos and files are used only for the purpose for which they are submitted, such as profile display, chat, verification, credential review, support, safety, or dispute resolution.

Credential documents are private and visible only to the provider who uploaded them and authorized Tunga admins. Approved credential badge labels may be displayed publicly on provider profiles.


7. Provider Identity Verification

Tunga may require service providers to complete identity verification before they can go live, receive bookings, or continue offering services.

Depending on the verification flow, a provider may submit identity information directly to Tunga or complete verification through an identity verification partner such as Smile ID. Verification may include document checks, identity checks, and liveness checks where required.

Tunga may store verification metadata, including:

  • verification status
  • verification method and provider
  • verification type
  • verification reference or job ID
  • submission, review, approval, rejection, and expiration timestamps
  • admin reviewer ID or automated provider reference
  • result reason, rejection reason, or admin notes where applicable

Tunga does not permanently store government ID numbers or identity document images. In manual review flows, submitted identity document images are stored in private storage and deleted after review is completed, or within 30 days of review completion at the latest, unless we are legally required to retain a record.

If a verification partner performs biometric or liveness checks, that processing is handled under the partner's own data practices. We obtain provider consent before initiating any biometric check where consent is required.

If an automated verification result affects your ability to provide services on Tunga, you may request human review by contacting info@tunga.ke.


8. Optional Provider Credentials

Providers may optionally upload professional credentials, such as certificates, degrees, licences, diplomas, trade qualifications, professional memberships, or similar documents.

Credential review is optional unless a particular service category legally requires proof of qualification or Tunga later makes a credential mandatory for safety or compliance reasons.

For credential review, we may collect:

  • credential title and type
  • issuing organization
  • profession and category
  • issue date and expiry date, if provided
  • credential file, such as a PDF or image
  • review status and admin notes
  • badge label
  • submission, review, and reviewer metadata

Approved credential badge labels may be displayed publicly. The underlying credential file remains private unless disclosure is required by law, needed for dispute resolution, or authorized by the provider.


9. Location Data

9.1 Customer Location

The Tunga customer app may collect a customer's selected booking location, saved address, typed address, coordinates, or approximate location. We use this data to:

  • find nearby providers
  • calculate distance or arrival estimates
  • create and manage bookings
  • help providers locate the service address after booking conditions are met
  • resolve disputes, support issues, safety issues, or payment issues

9.2 Provider Location

The Tunga Provider app may collect provider location while the provider is actively using provider features, online availability, route, or job-matching features and has granted location permission. We use this data to:

  • show provider availability
  • calculate distance to customers
  • match providers with nearby booking requests
  • support route and arrival workflows
  • assist with safety, fraud prevention, support, or dispute review

Provider live availability coordinates are not used for third-party advertising or tracking. Provider location is shared only as needed for booking and marketplace operations.

9.3 Device Control

The apps request location permission through the device permission prompt before accessing device location. You can disable location access in your device settings, but some location-based features may stop working.


10. Payments and Transactions

Tunga may collect payment and transaction records for bookings, refunds, disputes, provider fees, and compliance.

We may store:

  • payment provider name
  • transaction reference
  • checkout request ID or payment reference
  • amount, currency, status, and timestamps
  • order ID and booking ID
  • customer ID and provider ID
  • refund, cancellation, dispute, and provider fee status
  • saved card authorization reference where a user chooses a supported card payment feature

Payment processing may be handled by M-Pesa, Paystack, Apple, banks, card networks, or other payment providers depending on the payment method and platform rules.

Tunga does not store raw card numbers, CVV codes, mobile money PINs, or Apple payment credentials. Payment providers may process payment data under their own terms and privacy policies.


11. Why We Use Personal Data

We use personal data to:

  • create, authenticate, secure, and manage user accounts
  • send and verify OTP codes
  • route users to the correct customer or provider app experience
  • connect customers with providers
  • process bookings, cancellations, refunds, disputes, provider fees, and payments
  • show provider profiles, services, availability, ratings, distance estimates, verification status, and credential badges
  • enable chat and notifications
  • verify provider identity
  • review optional provider credentials
  • prevent fraud, abuse, impersonation, unsafe conduct, and payment misuse
  • provide support and admin review
  • comply with tax, accounting, legal, safety, and law enforcement obligations
  • improve reliability, debug errors, and maintain platform security

We do not use personal data for third-party advertising tracking.


12. Legal Basis for Processing

Where Kenya's Data Protection Act, 2019 applies, we process personal data on the following bases:

| Processing activity | Legal basis | |---|---| | Account creation, login, OTP verification, and role routing | Contractual necessity | | Customer booking, order, address, and payment workflows | Contractual necessity | | Provider booking, availability, location, and job-matching workflows | Contractual necessity | | Customer booking location | Contractual necessity | | Provider live availability location | Contractual necessity and legitimate interests in marketplace operations | | Provider identity verification | Contractual necessity and legitimate interests in marketplace safety | | Biometric or liveness verification checks, where used | Explicit consent, where required | | Optional provider credential uploads | Consent | | In-app chat and notifications | Contractual necessity and, for push notifications, device permission/consent | | Fraud prevention, safety, abuse prevention, and dispute review | Legitimate interests | | Troubleshooting, diagnostics, and security monitoring | Legitimate interests | | Tax, accounting, recordkeeping, and lawful requests | Legal obligation |

Where we rely on consent, you may withdraw consent at any time. Withdrawal does not affect processing that took place before consent was withdrawn.

Where we rely on legitimate interests, you may contact us to request more information or object to processing.


13. Who We Share Data With

We share personal data only where needed to operate Tunga, provide services, protect users, process payments, comply with law, or enforce our Terms.

13.1 Other Tunga Users

Customers and providers may see limited information needed for bookings and marketplace trust.

Customers may see provider profile details, services, ratings, reviews, approximate distance, verification status, availability, and approved credential badges.

Providers may see customer booking details, customer name, service location, service notes, booking status, and chat messages where needed to respond to or complete a booking.

Contact details and chat access may be restricted until booking and payment conditions are met.

13.2 Service Providers and Processors

We may use the following service providers:

| Provider | Role | |---|---| | Supabase | Authentication, database, storage, realtime features, Edge Functions, and backend infrastructure | | M-Pesa / Safaricom | Mobile money payment processing | | Paystack | Card and alternative payment processing | | Smile ID or similar verification provider | Provider identity verification and liveness checks where used | | Expo, Apple, and Google | Push notification delivery and mobile platform services | | Geocoding, map, or location services | Address lookup, distance estimation, and routing support | | Hosting, logging, security, and support tools | App operation, support, diagnostics, and incident response |

These providers may process data in Kenya or other countries depending on their infrastructure and service delivery. They are permitted to process Tunga data only for authorized purposes, unless they act as independent controllers for their own payment, platform, or verification services.

13.3 Admins and Internal Access

Authorized Tunga admins may access account, booking, payment, dispute, verification, credential, notification, location, and chat records where necessary for operations, support, safety, compliance, fraud prevention, or incident response.

Admin access is limited based on role and operational need.

13.4 Legal, Safety, and Compliance Requests

We may disclose relevant data if required by law, court order, valid regulatory or law enforcement request, emergency safety need, or to protect users, Tunga, or others from fraud, abuse, or harm.

Where legally required, we may disclose account data, booking records, payment references, chat records, location records, verification metadata, credential records, dispute records, and admin notes.


14. International Data Transfers

Some service providers may process or store data outside Kenya. Where we transfer personal data outside Kenya, we use lawful transfer mechanisms and safeguards required by applicable law, including data processing agreements, contractual protections, or equivalent safeguards.

You may contact info@tunga.ke to request information about safeguards for a specific transfer.


15. Data Retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required by law, tax, accounting, fraud prevention, safety, dispute, or legal obligations.

| Data type | Retention period | |---|---| | Account profile data | While the account is active, then deleted or anonymized after a verified deletion request unless retention is legally required | | Booking, payment, refund, provider fee, and transaction records | Up to 7 years from the transaction date, or longer if required by law or dispute resolution | | Dispute, safety, fraud, and support records | Up to 7 years, or until the issue is fully resolved plus any legally required period | | Chat messages | Up to 12 months after the related booking is completed, or longer if needed for disputes, safety, fraud prevention, or legal compliance | | Identity verification metadata | While the provider account exists and for up to 3 years after closure, unless a longer period is legally required | | Temporary identity document images | Deleted after review completion, or within 30 days of review completion at the latest, unless legally required | | Optional provider credential documents | While review is pending or the approved badge is active; deleted on provider request unless legal retention applies | | Push notification tokens | Deleted or replaced when no longer valid, and deleted within 30 days of account deactivation where practical | | Provider live availability coordinates | Kept only as needed for active session, booking, support, safety, fraud prevention, or dispute purposes | | Deletion request records | Retained as needed to document compliance |

Where we cannot delete a record because of legal, payment, safety, fraud, or tax obligations, we may restrict access, minimize the data, or anonymize it where appropriate.


16. Security

We use technical and organizational safeguards designed to protect personal data, including:

  • encrypted network connections
  • Supabase-managed authentication, database, storage, and access controls
  • private storage for sensitive verification and credential files
  • role-based admin access
  • row-level security policies
  • separation between public provider profile data and private verification or credential files
  • deletion or minimization of temporary identity documents after review
  • operational review of suspicious activity, disputes, and abuse reports

No system is completely secure. If we become aware of a personal data breach that creates a risk to your rights or freedoms, we will notify the ODPC and affected users where required by law.


17. Your Privacy Rights

Under Kenya's Data Protection Act, 2019, you may have the right to:

  • access personal data we hold about you
  • request correction of inaccurate or incomplete data
  • request deletion of your account or specific personal data
  • object to processing based on legitimate interests
  • withdraw consent where processing is based on consent
  • request portability of your data in a structured, machine-readable format
  • request human review of automated decisions that significantly affect you
  • lodge a complaint with the ODPC

To exercise your rights, contact:

info@tunga.ke

We will respond within 30 days, unless a longer period is permitted by law for complex requests. We may need to verify your identity before fulfilling a request.

If you are not satisfied with our response, you may contact Kenya's Office of the Data Protection Commissioner at:

https://www.odpc.go.ke


18. Account Deletion

Tunga provides an account deletion option inside the app where available. You may also request deletion by contacting info@tunga.ke.

When a deletion request is processed:

  • the account may be deactivated or hidden
  • new bookings may be blocked
  • public profile data may be removed or anonymized
  • verification and credential files may be deleted or minimized unless legal retention applies
  • push notification tokens may be deleted or disabled
  • booking, payment, tax, dispute, safety, fraud, support, and legal records may be retained where required

Deleting your account does not automatically delete records we must keep for legal, tax, accounting, payment, safety, fraud prevention, dispute, or regulatory reasons.


19. Children's Privacy

Tunga and Tunga Provider are not intended for users under 18. You must be at least 18 years old to create an account, book services, or provide services.

We do not knowingly collect personal data from children under 18. If we learn that a child has created an account, we may suspend the account and delete the data unless retention is legally required.


20. Changes to This Policy

We may update this Privacy Policy when our apps, services, providers, data practices, legal obligations, or App Store requirements change.

The latest version will be posted at:

https://www.tunga.ke/privacy-policy

If we make material changes, we may notify users in-app, by email, by SMS, or through another reasonable method.


21. Contact

For privacy questions, data requests, account deletion, complaints, or legal notices:

Vaughn Price Limited
Chania Suites 1A, Chania Street, Kilimani, Westlands, Nairobi, Kenya
P.O. Box 00100-00100, G.P.O. Nairobi
Telephone: +254 793 022 425
Email: info@tunga.ke


22. App Store Privacy Disclosure Reference

This section is included to help users and app reviewers understand the data categories that may appear in App Store privacy disclosures. The exact App Store Connect selections should match the current build and enabled features of each app.

22.1 Tunga Customer App

Data that may be collected and linked to the user:

  • Contact Info: name, phone number, email address, service address
  • Location: selected booking location, saved address coordinates, approximate/current location when permission is granted
  • User Content: profile photo, chat messages, support messages, dispute evidence, reviews, ratings
  • Identifiers: Supabase user ID, booking ID, order ID, payment reference, push notification token
  • Purchases / Financial Info: booking amount, payment status, payment provider, payment references, refund status
  • Usage Data: booking activity, provider interactions, notification status, account status
  • Diagnostics: crash, error, troubleshooting, and app reliability data where collected

Purposes:

  • app functionality
  • account management
  • booking and payment processing
  • customer support
  • notifications
  • safety, security, fraud prevention, and dispute resolution
  • analytics and diagnostics related to app reliability and operations

Tracking:

  • Tunga does not use third-party advertising tracking.

22.2 Tunga Provider App

Data that may be collected and linked to the user:

  • Contact Info: name, phone number, email address, provider business/contact profile information
  • Location: provider base location and live availability/location data while provider features are active and permission is granted
  • User Content: profile photo, service descriptions, chat messages, support messages, dispute evidence, identity verification submissions, credential files
  • Identifiers: Supabase user ID, booking ID, order ID, payment reference, verification reference, credential reference, push notification token
  • Purchases / Financial Info: provider fee records, payment status, payment references, refund/dispute status, payout-related references where applicable
  • Usage Data: availability status, booking response history, completed job history, provider status, notification status
  • Sensitive Info: identity verification data and liveness/biometric data only where a verification provider uses it and the provider has consented where required
  • Diagnostics: crash, error, troubleshooting, and app reliability data where collected

Purposes:

  • app functionality
  • provider account management
  • booking and payment processing
  • identity verification
  • optional credential review
  • customer support
  • notifications
  • safety, security, fraud prevention, and dispute resolution
  • analytics and diagnostics related to app reliability and operations

Tracking:

  • Tunga Provider does not use third-party advertising tracking.
Download the app

Download Tunga on the App Store

Tunga is now available for iPhone. Download the app to find trusted service providers and manage home tasks.

Download on the App Store