Smart. Safe. Seamless.
This Data Policy outlines how Safiri by Citrus ("the Platform") collects, uses, stores, and protects the personal and other data of Parent/Student account users. The purpose of this Policy is to ensure transparency and compliance with Kenyan Data Protection laws, including the Data Protection Act (2025), and any other applicable regulations. This Policy applies solely to users of the Parent/Student account who utilize the Platform to gain real-time visibility and control over school transport services.
We are committed to transparency in our data practices and to complying with all relevant data protection laws in Kenya, ensuring that your data is handled responsibly and lawfully.
Our platform provides parents and students with real-time visibility and control over school transport, including bus tracking, schedules, and communication with administrators and drivers.
For clarity and consistency throughout this Policy, the following terms are defined:
Any information relating to an identified or identifiable natural person, including names, contact details, and other identifiers.
Any operation or set of operations performed on personal data, whether automated or manual, such as collection, recording, storage, alteration, retrieval, consultation, use, disclosure, or deletion.
Any Parent/Student account user whose personal data is processed by the Platform.
Citrus Labs Limited, which determines the purposes and means of processing personal data.
Any third party engaged by Citrus Labs Limited to process personal data on its behalf.
Personal data that requires special protection under Kenyan law, such as biometric data or other information classified as sensitive.
The Platform collects the following data from Parent/Student account users:
Name, contact details (email, phone number), and any other identifiers provided during registration.
Information on how users interact with the Platform, including login timestamps, session durations, and feature usage.
Data related to the device used to access the Platform (e.g., IP address, device type, operating system, and browser).
Data collected through cookies and similar technologies to enhance user experience and improve service functionality.
If applicable, any sensitive information (e.g., biometric data for secure access) is handled with additional security measures as required by law.
The legal grounds for processing data under this Policy include:
Parent/Student account users provide explicit consent during account registration and through clear consent mechanisms for specific types of processing.
Processing is necessary for the performance of the service and to facilitate the functionalities offered by the Platform.
Processing is carried out in compliance with applicable Kenyan laws and regulatory requirements.
Citrus Labs Limited processes data to ensure the efficient and secure operation of the Platform, provided that such processing does not override the rights and freedoms of the data subjects.
Data collected from Parent/Student account users is processed for the following purposes:
To provide real-time bus tracking, transport schedule notifications, and secure communication with school administrators and drivers.
To respond to inquiries, resolve issues, and provide technical assistance.
To send information about updates, new features, and promotional content, provided users have consented to such communications.
To safeguard the Platform and its users through monitoring, fraud prevention, and incident response.
To analyze usage data and feedback for continuous enhancement of the Platform's functionalities and user experience.
Personal data is stored on secure, cloud-based servers operated by reputable third-party providers compliant with industry standards. Data retention periods are defined based on legal requirements and the operational needs of the Platform.
The Platform employs robust security measures, including:
Data is encrypted in transit and at rest using industry-standard encryption protocols to ensure confidentiality.
Strict access controls and multi-factor authentication to restrict data access to authorized personnel only.
Regular security audits, vulnerability assessments, and monitoring to detect and mitigate potential threats.
Robust data backup and recovery procedures to prevent data loss and ensure business continuity.
Parent/Student account users have the following rights:
The right to request and obtain a copy of personal data held by Citrus Labs Limited.
The right to request corrections to any inaccurate or incomplete data.
The right to request deletion of personal data, subject to legal and contractual obligations.
The right to request that processing of personal data be limited under certain circumstances.
The right to receive personal data in a structured, commonly used, and machine-readable format.
The right to object to processing based on legitimate interests or direct marketing.
Users can exercise these rights by contacting us using the contact information provided in Section 13.
Personal data is retained for the duration necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods will be defined based on data type and regulatory requirements.
When personal data is no longer needed, it will be securely deleted or anonymized in accordance with Citrus Labs Limited's data retention and deletion policies.
Identification of data that has reached the end of its retention period
Review of legal and operational requirements for retention
Secure deletion or anonymization using industry-standard methods
Verification of complete data removal from all systems
In the event of a data breach, Citrus Labs Limited will promptly investigate the incident and take appropriate remedial action.
Users will be notified of a data breach involving their personal data within a reasonable timeframe, in compliance with Kenyan law, and relevant regulatory authorities will be informed as required.
A comprehensive data breach response plan is in place to mitigate potential harm, including immediate remediation measures and continuous monitoring.
Citrus Labs Limited reserves the right to update this Data Policy periodically. Any material changes will be communicated to users via email or through a notice on the Platform.
Continued use of the Platform after such updates constitutes acceptance of the amended Policy. We encourage users to review this Data Policy regularly to stay informed about how we protect their information.
For any questions, clarifications, or complaints regarding this Data Policy, please contact us using the following details:
legal@citruslabs.co.ke
P.O. Box 23983 - 00100
+254 112 400 000
If you are not satisfied with our response, you may escalate your complaint to the relevant data protection authority in Kenya.
Personal and account information is collected when you register for the platform
Your data is processed to provide you with real-time tracking and notifications
All your data is securely stored with encryption and access controls
When necessary, data is shared with trusted third parties to provide services
Your data is securely deleted when it's no longer required for service delivery
By using the Safiri by Citrus Parent/Student account, you acknowledge that you have read, understood, and consent to the collection, processing, and use of your personal data as described in this Data Policy.
With Safiri by Citrus, every detail is engineered to deliver a smart, safe, and seamless school transport experience. Join us today and stay connected with your child's journey every step of the way.