​UBUNYE ONLINE | Powered by Fleet Flex logo​UBUNYE ONLINE | Powered by Fleet FlexUbunye OnlineSign in

Privacy Policy

Last updated: 18 May 2026

Ubunye Online T/A Fleet Flex (Pty) Ltd is the responsible party (POPIA) and controller (GDPR) for personal information processed via ubunye.online. This policy explains what we collect, why, how we store it and your rights.

1. Information we collect

  • Account & KYC: name, email, phone, company name, registration number, VAT number, address, director ID, uploaded documents (CIPC, tax cert, proof of address, bank confirmation, operator/transport licences, GIT policy).
  • Operational: fleet, driver, fuel, km, route, customer, quotation, invoice, declaration and document data you enter.
  • Payment metadata: reference, amount, status and last-4 digits (we never store full card numbers — they remain with Paystack).
  • Technical: IP address, browser, device, log and usage events.

2. Why we use it

  • Provide and bill the service.
  • Verify accreditation and run enhanced due diligence on higher-risk accounts.
  • Submit declarations to clearing partners (Afriwallet) when you initiate them.
  • Detect fraud, AUP violations and protect the platform.
  • Comply with POPIA, FICA, tax, customs and regulator requests.

3. Sharing

We share information only with:

  • Sub-processors: hosting (Cloudflare, Supabase / Lovable Cloud), email (Resend), payments (Paystack), maps (Google), AI providers (when you use AI features).
  • Clearing partners (Afriwallet) only when you submit a cross-border declaration.
  • Regulators and law enforcement on lawful request.

We do not sell personal information.

4. Storage & security

Data is stored on managed infrastructure in the EU and South Africa, encrypted in transit (TLS) and at rest. Access is controlled by Row Level Security per carrier tenant. Document uploads go through a malware-scanned storage bucket.

5. Retention

We retain account, KYC and financial records for a minimum of 5 years after the account closes to comply with FICA and tax law. Operational data is retained while your account is active and deleted within 90 days of closure, except where law requires longer retention.

6. Your rights

Under POPIA / GDPR you may request access, correction, deletion or export of your personal information, or object to processing. Email privacy@ubunye.online. You may also complain to the Information Regulator (South Africa) or your local supervisory authority.

7. Cookies

We use first-party cookies and localStorage for session, theme and onboarding state. We do not use third-party advertising cookies.

8. Contact

Information Officer — privacy@ubunye.online.

Questions? Email support@ubunye.online.