1 Overview
This Data Protection Policy explains how Logistics & Beyond ("we", "our", "us") collects, processes, stores, and protects personal data in connection with the Logistics & Beyond platform, including our website at logisticsandbeyond.co.ke, our web application, and all associated services.
This Policy is governed by and compliant with Kenya's Data Protection Act 2019 (Act No. 24 of 2019) and the associated Data Protection (General) Regulations 2021. Where we operate in other East African jurisdictions, we also comply with applicable local data protection legislation including Tanzania's Electronic and Postal Communications Act, Uganda's Data Protection and Privacy Act 2019, and Rwanda's Law No. 058/2021 on Personal Data Protection.
2 Data Controller
The data controller responsible for your personal data is:
Logistics & Beyond
Nairobi, Kenya
π§ privacy@logisticsandbeyond.co.ke
π logisticsandbeyond.co.ke
We are registered with the Office of the Data Protection Commissioner (ODPC) of Kenya as required under the Data Protection Act 2019.
3 Data We Collect
We collect different categories of personal data depending on your role on the platform and how you interact with us.
| Data category | Examples | Source |
|---|---|---|
| Identity data | Full name, company name, job title, profile photo | Provided by you at registration |
| Contact data | Email address, phone number, WhatsApp number, physical address | Provided by you at registration or in profile |
| Account data | Username, password (hashed), account role, subscription tier, billing information | Provided by you; generated by the platform |
| Transaction data | Orders created, bids submitted and accepted, transport assignments, warehouse receipts, proof of delivery records | Generated through your use of the platform |
| Document data | Waybills, shipping instructions, delivery orders, packing lists, and other generated shipping documents | Generated through your use of the platform |
| Vehicle & fleet data | Vehicle registration numbers, fleet size, route information (for Transporters) | Provided by you in your Transporter profile |
| Warehouse data | Warehouse location, capacity, storage types, inventory records (for Warehouse Managers) | Provided by you in your Warehouse Manager profile |
| Communication data | Messages sent through the platform's messaging system, support tickets, demo booking requests | Generated through your use of the platform |
| Technical data | IP address, browser type and version, device type, operating system, page visit data, time on platform | Collected automatically via cookies and server logs |
| Marketing data | Email open rates, click-through data, campaign attribution (for newsletter subscribers) | Collected automatically via email marketing platform |
We do not collect any special categories of personal data (also known as sensitive personal data) as defined under the Kenya Data Protection Act 2019.
4 Legal Basis for Processing
We process your personal data on the following legal bases under the Kenya Data Protection Act 2019:
- Contract performance β processing necessary to provide the Logistics & Beyond platform services you have subscribed to, including order management, bidding, document generation, and tracking.
- Legitimate interests β processing necessary for our legitimate business interests, including platform security, fraud prevention, product improvement, and marketing to existing users, where these interests are not overridden by your rights and interests.
- Consent β processing based on your explicit consent, including marketing emails to non-subscribers and the use of non-essential cookies. You may withdraw consent at any time.
- Legal obligation β processing necessary to comply with our obligations under Kenyan law, including tax, anti-money laundering, and customs documentation requirements.
5 How We Use Your Data
We use your personal data for the following purposes:
- Creating and managing your account and platform subscription
- Enabling the core platform workflows β order creation, bidding, transport assignment, tracking, and document generation
- Processing payments for subscriptions and platform services
- Sending transactional notifications β bid updates, order status, delivery confirmations, and payment receipts
- Providing customer support and responding to enquiries
- Sending marketing communications where you have consented or where we have a legitimate interest as an existing customer
- Improving the platform through analysis of usage patterns and user feedback
- Preventing fraud, abuse, and violations of our Terms of Service and Acceptable Use Policy
- Complying with legal, regulatory, and tax obligations
- Producing anonymised, aggregated industry insights β such as the East Africa Logistics Report β where no individual is identifiable
6 Data Sharing
We share personal data with third parties only in the following circumstances:
- Other platform users β shipment data, bid information, and relevant contact details are shared between parties to a transaction (e.g. a shipper and the freight forwarder they engage). Only data necessary to facilitate the transaction is shared.
- Payment processors β payment card and M-Pesa transaction data is processed by our PCI-DSS compliant payment partners. We do not store full card numbers.
- Cloud infrastructure providers β our platform is hosted on cloud infrastructure providers that process data on our behalf under data processing agreements.
- Email service providers β transactional and marketing emails are sent via third-party email platforms under data processing agreements.
- Analytics providers β anonymised usage data is processed by analytics platforms (such as Google Analytics 4) to help us understand platform performance.
- Legal and regulatory authorities β we may disclose personal data when required by law, court order, or to protect the rights, property, or safety of Logistics & Beyond, our users, or the public.
All third-party processors are bound by data processing agreements that require them to protect your data in accordance with applicable law and to use it only for the purposes we specify.
7 Data Retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, and in accordance with our legal obligations.
| Data type | Retention period | Reason |
|---|---|---|
| Active account data | Duration of account + 30 days after closure | Service delivery; allow account reactivation |
| Transaction & shipment records | 7 years from transaction date | Kenya tax and commercial law requirements |
| Shipping documents (Waybills, PODs) | 7 years from document date | Kenya Customs and customs audit requirements |
| Payment records | 7 years from transaction date | Financial records and tax compliance |
| Support communications | 3 years from last interaction | Quality assurance and dispute resolution |
| Marketing consent records | 3 years from consent or last engagement | ODPC consent compliance evidence |
| Technical / server log data | 12 months | Security monitoring and fraud prevention |
When data is no longer required, it is securely deleted or anonymised in accordance with our data deletion procedures.
8 Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:
- Encryption in transit β all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS). HSTS is enforced.
- Encryption at rest β sensitive personal data is encrypted at rest in our database infrastructure.
- Password security β passwords are hashed using bcrypt. We never store plaintext passwords.
- Access controls β access to personal data is restricted to authorised personnel on a need-to-know basis. All administrative access is logged.
- Two-factor authentication β 2FA is available and recommended for all platform accounts.
- Regular security reviews β our codebase and infrastructure undergo regular security assessments.
- Data breach response β we maintain a data breach response plan. In the event of a breach affecting your personal data, we will notify the ODPC within 72 hours and affected users without undue delay, as required by the Data Protection Act 2019.
No data transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.
9 Your Rights
Under the Kenya Data Protection Act 2019, you have the following rights in relation to your personal data:
To exercise any of these rights, please contact us at privacy@logisticsandbeyond.co.ke. We will respond within 21 days as required by the Data Protection Act 2019. We may ask you to verify your identity before processing a request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.
10 International Data Transfers
Our primary servers are located within Africa. Where personal data is transferred outside Kenya β for example, to cloud infrastructure or software services headquartered internationally β we ensure appropriate safeguards are in place, including:
- Data processing agreements incorporating standard contractual clauses approved by the ODPC
- Transfers only to countries or organisations with adequate data protection standards as recognised under the Data Protection Act 2019
- Technical measures to protect data in transit, including TLS encryption for all cross-border data flows
11 Cookies & Tracking
We use cookies and similar tracking technologies on our website and platform. You can manage your cookie preferences at any time.
| Cookie type | Purpose | Can be disabled? |
|---|---|---|
| Strictly necessary | Session management, authentication, security (CSRF protection, login state) | No β required for the platform to function |
| Functional | Remembering your language, dashboard preferences, and notification settings | Yes β with reduced functionality |
| Analytics | Understanding how users navigate the platform to improve the experience (Google Analytics 4, anonymised) | Yes |
| Marketing | Tracking which marketing campaigns led you to the platform (LinkedIn Insight Tag, Google Ads conversion tracking) | Yes |
A cookie consent banner is displayed on your first visit. You can update your preferences at any time via the cookie settings link in the footer.
12 Children's Data
The Logistics & Beyond platform is a professional business tool and is not intended for use by persons under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@logisticsandbeyond.co.ke and we will delete such data without delay.
13 Contact Us
For any questions, concerns, or requests relating to this Data Protection Policy or the processing of your personal data, please contact our Data Protection Officer:
Data Protection Officer β Logistics & Beyond
We aim to acknowledge all data protection enquiries within 3 business days and respond fully within 21 days as required by law.
π§ privacy@logisticsandbeyond.co.ke
π§ hello@logisticsandbeyond.co.ke
π logisticsandbeyond.co.ke
ποΈ Office of the Data Protection Commissioner: odpc.go.ke
π Nairobi, Kenya | MonβFri, 8amβ6pm EAT
Refrigerated Delivery
A Nairobi supermarket received a cold-chain dairy consignment from Eldoret β temperature maintained throughout.
2 minutes ago