Legal
Privacy Policy
We believe in plain-language privacy. Here's exactly what we collect, why, and what we don't touch.
Last updated: 15 May 2026 · Governing law: Republic of Kenya
1. Who we are
Rada is a mobile application operated from Nairobi, Kenya. References to "Rada", "we", "us", or "our" in this policy refer to the Rada team. If you have questions, contact us at hello@solidcreatives.co.ke.
2. Data we collect
Account data
- Email address (used for account authentication and transactional emails)
- Display name (shown on your incident reports and comments)
- Optional profile avatar (a photo you choose from your device's gallery)
Usage data
- Saved route names and route polylines (the path you draw on the map)
- Incident reports you submit: category, text description, and the location pin you place
- Upvotes, downvotes, and comments you leave on other reports
Technical data
- Firebase Cloud Messaging (FCM) push token — used to deliver route alert notifications to your device
- In-app purchase receipt from Google Play (to verify and activate Premium status)
- M-Pesa subscription status from IntaSend — we record whether your subscription is active, expired, or cancelled. We do not store M-Pesa PINs or card numbers.
- App crash reports collected by Sentry (anonymised device and OS information)
- Anonymised analytics events via Firebase Analytics (e.g. screen views, feature usage counts — no personally identifiable information)
3. Data we do not collect
- Continuous GPS tracking. Your device location is accessed only when you open the map to place an incident pin. We do not track your movements in the background.
- Contacts. We do not access your phone's contact list.
- Microphone. We do not access your microphone.
- Camera. We do not access your camera. The only image data we handle is an avatar photo you explicitly choose from your gallery.
4. How we use your data
- To provide the Rada service — displaying routes, surfacing relevant incident reports, and sending push notifications when incidents occur on your saved routes.
- To process subscription payments via IntaSend (M-Pesa) or Google Play and maintain your Premium status.
- To send transactional emails (account verification, subscription receipts) via Resend.
- To diagnose and fix technical issues using anonymised crash and analytics data.
We do not use your data for advertising profiling, do not sell it to third parties, and do not use it for any purpose beyond operating the Rada service.
5. Third-party services
Rada uses the following third-party services to operate. Each service processes only the data necessary for its function:
- Supabase — database and authentication hosting. Account data, routes, incident reports, and votes are stored here.
- Firebase (Google) — push notifications (FCM) and anonymised analytics.
- IntaSend — M-Pesa payment processing. IntaSend handles the STK Push flow; we receive only a subscription status confirmation.
- Google Play — in-app purchase processing for Premium subscriptions.
- Resend — transactional email delivery (account and subscription emails).
- Sentry — crash reporting and error monitoring.
None of these providers receive permission to sell or further share your data.
6. Data retention
- Incident reports auto-expire and are permanently deleted after 2 hours.
- Account data (email, display name, routes, comments) is retained while your account is active and deleted within 30 days of an account deletion request.
- Subscription records are retained for 7 years as required for billing and tax compliance under Kenyan law.
- Crash and analytics data is retained by Sentry and Firebase in anonymised form per their respective data retention policies.
7. Your rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data (you can update your display name and avatar in the app at any time).
- Delete your account and associated data using our account deletion request form, by emailing hello@solidcreatives.co.ke, or through the in-app account deletion option.
We will respond to all requests within 30 days.
8. Security
All data is transmitted over HTTPS. Supabase enforces row-level security so users can only read and write their own data. We do not store passwords in plain text — authentication is handled by Supabase Auth using industry-standard hashing.
9. Children's privacy
Rada is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@solidcreatives.co.ke and we will delete it promptly.
10. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, notify you via email or an in-app notice. Continued use of Rada after changes are posted constitutes acceptance of the updated policy.
11. Governing law
This Privacy Policy is governed by the laws of the Republic of Kenya. Any disputes arising from this policy shall be subject to the jurisdiction of the Kenyan courts.
12. Contact
For any privacy-related questions or requests, contact us at hello@solidcreatives.co.ke.