Global Privacy Policy
This comprehensive document details NearLink's protocols for data processing, algorithmic decision-making, and compliance with international regulations including GDPR, CCPA, and the Kenya Data Protection Act.
Table of Contents
Definitions & Scope
NearLink Inc. ("NearLink", "we", "us", or "our") provides a multi-sided digital platform. This Privacy Policy applies to all users of our ecosystem, including Guests, Hosts, Drivers, and Experience Providers.
Data Controller
NearLink Inc. is the Data Controller for data collected directly from you (e.g., account creation, booking requests).
Data Processor
For certain corporate services, NearLink acts as a Data Processor on behalf of enterprise clients.
Data Collection Protocols
Biometric & Identity Data
To comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations, we collect:
- Government ID: Images of National ID, Passport, or Driver's License.
- Facial Recognition: "Selfie" imagery used solely for liveness checks and matching against Government ID.
- Background Check Data: Criminal history and credit reports (where permitted by law) for Hosts and Drivers.
Telematics & Mobility Data
For our Transport and Mobility services, we collect granular sensor data:
- Precise Geo-location: GPS data collected in foreground and background (for Drivers).
- Driving Behavior: Accelerometer and gyroscope data to detect speed, braking, and collision events.
- Device Status: Battery level, signal strength, and app version to optimize dispatch algorithms.
AI & Algorithmic Decision Making
NearLink utilizes proprietary machine learning models to automate decisions. You have the right to request human review of significant decisions.
Dynamic Pricing
Algorithms analyze supply, demand, weather, and traffic to set real-time pricing for Stays and Rides.
Fraud Detection
AI models analyze payment patterns to block suspicious transactions and prevent account takeovers.
Search Ranking
Listings are ranked based on user preferences, booking history, and host performance metrics.
Data Sharing Matrix
| Recipient Category | Data Types Shared | Purpose |
|---|---|---|
| Payment Processors | Card hash, Transaction ID, Amount | PCI-DSS compliant processing. |
| Identity Vendors | Biometric hash, ID Document | KYC/AML Verification. |
| Law Enforcement | Metadata, Location History, PII | Response to valid subpoenas/warrants. |
Cross-Border Data Transfers
NearLink operates globally. Your data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Transfer Mechanisms
We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and relevant Data Protection Authorities to ensure your data remains protected when transferred internationally (e.g., to AWS servers in the US or EU).
Security Infrastructure
Encryption at Rest
All sensitive database fields are encrypted using AES-256 standards.
Encryption in Transit
All data transmission occurs over TLS 1.3 encrypted channels.
PCI-DSS Level 1
We maintain full compliance for handling payment card data.
Access Controls
Strict Principle of Least Privilege (PoLP) for internal employee access.
Cookie Schedule
We use the following categories of cookies:
- Strictly NecessaryEssential for authentication and security (e.g., Session tokens). Cannot be disabled.
- PerformanceGoogle Analytics and Mixpanel to understand user behavior and load times.
- AdvertisingMeta Pixel and Google Ads to serve relevant advertising based on your interests.
Legal Contact
Data Protection Officer (DPO)
For specific inquiries regarding your data rights, deletion requests, or regulatory compliance.
dpo@nearlink.comMailing Address
NearLink Inc. Legal Dept.
West Park Towers, 6th Floor
Westlands, Nairobi, Kenya