Privacy policy
ScootHero (Pty) Ltd
Effective Date: 7 May 2026 | Version 1.0
Who we are
ScootHero (Pty) Ltd ("ScootHero", "we", "us") is a South African electric vehicle ride-hailing and last-mile delivery platform. We operate a fleet of e-scooters and electric motorcycles through a network of trained delivery drivers, swap station partners, and e-commerce marketplace integrations.
ScootHero is a Responsible Party as defined in the Protection of Personal Information Act 4 of 2013 ("POPIA").
Detail | Information |
|---|---|
Registered Name | ScootHero (Pty) Ltd |
Registration Number | 2021/715744/07 |
Registered Address | 70 Oakland Hills Road Parkland, Cape Town, South Africa |
Information Officer | Wahlied Cole |
Information Officer Email | info@scoothero.co.za |
General Enquiries | info@scoothero.co.za |
Website | www.scoothero.co.za |
Information Regulator | inforeg@justice.gov.za |
Scope of this policy
This Policy applies to the collection, processing, and sharing of personal information relating to:
-
Customers and passengers who use the ScootHero platform (app, website, or partner channels)
-
Driver-Partners who operate ScootHero vehicles or integrate with our delivery network
-
Visitors to the ScootHero website and digital properties
-
Suppliers, contractors, and business partners
-
Job applicants and prospective employees
Special categories of personal information (biometric data, criminal records, health data) are processed only where strictly necessary and on a lawful basis under s26 of POPIA.
Personal information we collect
Information you provide directly
Category | Examples |
|---|---|
Identity | Full name, ID/passport number, date of birth, gender |
Contact | Mobile number, email address, physical address |
Account Credentials | Username, password (hashed), security PIN |
Financial | Bank account details, card information (tokenised via payment gateway), billing address |
Driver-Specific | PDP licence number, motor vehicle licence, professional indemnity details, vehicle registration |
Criminal Record | Police clearance certificate (Driver-Partners only, with explicit consent) |
Employment | CV, employment history, references (job applicants and Driver-Partners) |
Location Data | GPS co-ordinates, trip origin and destination, swap station proximity |
Device & App | IP address, device ID, OS version, app version, browser type |
Telematics | Speed, braking, acceleration, distance, battery charge levels (Driver-Partners) |
Transaction | Booking history, delivery records, payment history, ratings and reviews |
Communications | In-app messages, support tickets, call recordings (where permitted) |
Behavioural | Click-stream data, feature usage, search queries within the platform |
Information generated through platform use
Category | Examples |
|---|---|
Location Data | GPS co-ordinates, trip origin and destination, swap station proximity |
Device & App | IP address, device ID, OS version, app version, browser type |
Telematics | Speed, braking, acceleration, distance, battery charge levels (Driver-Partners) |
Transaction | Booking history, delivery records, payment history, ratings and reviews |
Communications | In-app messages, support tickets, call recordings (where permitted) |
Behavioural | Click-stream data, feature usage, search queries within the platform |
Information from third parties
•Swap station partners (Sasol, Eqstra): vehicle status and swap transaction data
•E-commerce marketplaces (Takealot and others): order and delivery confirmation data
•Payment processors: tokenised transaction confirmation
•Background check providers: criminal record verification (Driver-Partners only)
•Social login providers (Google, Facebook): basic profile data where you use social sign-in
How we use your information
We process personal information only where we have a lawful basis under s11 of POPIA. The table below maps each key purpose to its lawful basis.
Purpose | Categories Used | Lawful Basis | Applies To |
|---|---|---|---|
Background and credential verification | Criminal Record, Identity | Explicit consent (s11(1)(a)) | Driver-Partners |
Account creation & management | Identity, Contact, Credentials | Contractual necessity | All users |
Booking and dispatch | Identity, Location, Transaction | Contractual necessity | Customers, Drivers |
Payment processing | Financial, Identity | Contractual necessity | Customers, Drivers |
Driver onboarding & compliance | Identity, PDP, Criminal Record | Legal obligation / Consent | Driver-Partners |
Safety & telematics monitoring | Location, Telematics | Legitimate interest | Driver-Partners |
Fraud prevention & security | Device, Behavioural, Financial | Legitimate interest | All users |
Customer support | Identity, Contact, Communications | Contractual / Legitimate interest | All users |
Regulatory & SARS obligations | Financial, Identity | Legal obligation | All users |
Direct marketing (opt-in) | Contact, Behavioural | Explicit consent | Opted-in customers |
Automated matching & dynamic pricing | Location, Transaction, Behavioural | Legitimate interest | All users |
Service improvement & analytics | Anonymised/aggregated data | Legitimate interest | All users |
Sharing your personal information
ScootHero does not sell personal information. We share data only as follows:
Recipient | Basis and Purpose |
|---|---|
Swap Station Partners (Sasol, Eqstra) | Operator agreement (POPIA s21); vehicle status and swap transaction processing |
E-commerce Partners (Takealot) | Operator agreement (POPIA s21); order confirmation and delivery status |
Payment Processors | Contractual necessity; tokenised payment processing only |
Background Check Providers | Explicit consent; Driver-Partner credential verification |
Cloud & Hosting Providers | Operator agreement; infrastructure services within POPIA s72-compliant jurisdictions |
Legal & Regulatory Authorities | Legal obligation; SARS, RTMC, SAPS where lawfully required |
Professional Advisors | Confidentiality agreements; legal, audit, and insurance purposes |
Cross-border transfers are made only where the recipient country or organisation provides adequate protection equivalent to POPIA, or where explicit consent has been obtained, in compliance with s72 of POPIA.
How long we keep your data
Data Category | Retention Period | Basis |
|---|---|---|
Customer transaction records | 5 years from last transaction | SARS / Tax Administration Act |
Driver-Partner employment records | 5 years post-termination | Basic Conditions of Employment Act |
Criminal record clearance | Duration of relationship + 1 year | POPIA s14 / RICA |
Telematics and trip data | 3 years (aggregated after 12 months) | Safety, insurance, dispute resolution |
Call recordings & communications | 12 months | Internal quality and dispute resolution |
Marketing opt-in consents | Until withdrawn + 5 years audit trail | POPIA s69 / ECT Act |
Website and device logs | 12 months | Security monitoring |
Financial and payment records | 7 years | Companies Act / SARS requirements |
Job applicant records (unsuccessful) | 12 months | Reasonable POPI compliance |
When data is no longer required, it is deleted or anonymised in accordance with our Data Destruction Policy.
Your rights under POPIA
You have the following rights in respect of your personal information. Requests may be submitted to info@scoothero.co.za. We will respond within 30 days.
Right | Description |
|---|---|
Access | Request confirmation that ScootHero holds your data and obtain a copy |
Correction | Request correction or deletion of inaccurate, irrelevant, or excessive data |
Objection | Object to processing based on legitimate interest, including direct marketing |
Withdraw Consent | Withdraw consent at any time without affecting prior lawful processing |
Deletion | Request deletion where purpose for processing has lapsed or consent withdrawn |
Portability | Request your data in a structured, machine-readable format |
Restriction | Request restriction of processing while a complaint or objection is pending |
Human Review | Request human review of significant decisions made solely by automated means |
Complain | Lodge a complaint with the Information Regulator at inforeg@justice.gov.za |
How we protect your data
Technical Safeguards
• TLS 1.3 encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Payment card data tokenised via PCI-DSS Level 1 certified processors — raw card data is never stored
• Multi-factor authentication for all administrative access
• Regular penetration testing and vulnerability assessments
Organisational Safeguards
• Role-based access control — staff access only data required for their function
• Annual POPIA and data security training for all staff
• Supplier due diligence and operator agreements for all third-party processors
• Incident response plan aligned to s22 of POPIA
Breach Notification
In the event of a data breach that poses a risk to data subjects, ScootHero will notify the Information Regulator and affected data subjects as soon as reasonably possible, in accordance with s22 of POPIA.
Cookies and tracking technologies
ScootHero uses cookies and similar technologies on its website and app. Consent is obtained via our cookie consent banner in line with POPIA and the Electronic Communications and Transactions Act (ECTA).
Cookie Type | Examples | Required |
|---|---|---|
Strictly Necessary | Login sessions, security, cart/booking state — session tokens, CSRF tokens | Yes — cannot be disabled |
Functional | Saved preferences, language settings, dark mode | Optional |
Analytics | Aggregate usage statistics, error tracking — Google Analytics (anonymised) | Optional |
Marketing | Personalised advertising, retargeting — Meta Pixel, Google Ads (opted-in users only) | Optional |
You may withdraw cookie consent at any time via the cookie settings link in the website footer. This will not affect the lawfulness of prior processing.
Driver partner data practices
Given the nature of ScootHero's operations, the following additional practices apply to Driver-Partners:
Telematics and Vehicle Data
ScootHero collects real-time telematics data (GPS location, speed, battery level, braking behaviour) from vehicles operated by Driver-Partners. This data is used for safety management, route optimisation, insurance compliance, and performance monitoring. Drivers are informed of this collection at onboarding and in their Driver-Partner Agreement.
Professional Credentials
We collect, verify, and store PDP licences, motor vehicle licences, and identity documents. Physical or digital copies are retained for the duration of the Driver-Partner relationship and one year thereafter, as required by the National Road Traffic Act and POPIA.
1Background Checks
Criminal record checks are conducted via accredited third-party providers with the explicit written consent of each Driver-Partner applicant. Results are used solely for onboarding suitability assessment. Unsuccessful applicants' records are deleted within 12 months.
Passenger Data Sharing
Driver-Partners receive only the minimum passenger information required to complete a booking (pickup point, destination, first name). Full contact details are not disclosed. Trip data is retained for safety and dispute resolution purposes.
Performance and Ratings
Driver performance metrics (completion rates, ratings, telematics scores) are used for platform quality management, incentive programmes, and, where applicable, contract review. Drivers may request access to their individual performance data at any time.
Direct marketing
ScootHero will only send you marketing communications where you have explicitly opted in (s69 of POPIA). Each communication includes a clear one-click unsubscribe option. We honour unsubscribe requests within 5 business days.
We do not share customer contact details with third-party marketers. If you are registered on the CPA preemptive block register, we will not contact you for direct marketing purposes.
To opt out of all marketing at any time, email info@scoothero.co.za or use the unsubscribe link in any communication.
Automated decision making and profiling
ScootHero uses automated systems to support platform operations. The following processes involve automated decision-making:
Process | How It Works and Your Rights |
|---|---|
Driver-Customer Matching | Automated dispatch based on proximity and availability. No significant legal effect; drivers may contact support for manual review. |
Dynamic Pricing | Fares adjusted automatically based on demand, distance, and traffic. Customers see the fare before confirming a booking. |
Fraud Detection | Account activity monitored for anomalous patterns. Accounts flagged for review are handled by our security team before action is taken. |
Driver Performance Scoring | Telematics and ratings data combined into a performance score used for incentive management. Drivers may request a review of their score at any time. |
You may withdraw cookie consent at any time via the cookie settings link in the website footer. This will not affect the lawfulness of prior processing.
Children's privacy
ScootHero's platform is not directed at persons under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has registered on our platform, we will delete the account and associated data immediately. Parents or guardians who believe their child has provided data to ScootHero should contact info@scoothero.co.za.
Third party websites and links
Our platform may contain links to third-party websites (including partner e-commerce platforms and payment portals). ScootHero is not responsible for the privacy practices of these sites. We encourage you to read the privacy policy of any third-party site you visit.
Changes to this policy
We may update this Policy from time to time to reflect changes in our operations, legal obligations, or regulatory guidance. Where changes are material, we will notify you via the platform or email at least 30 days before the changes take effect. Continued use of the platform after notification constitutes acceptance of the updated Policy.
The current version of this Policy is always available at www.scoothero.co.za/privacy-policy.
Contact & complaints
For any queries, access requests, or complaints relating to this Policy or the processing of your personal information, contact our Information Officer:
Contact | Detail |
|---|---|
ScootHero Information Officer | info@scoothero.co.za |
ScootHero Information Officer | FAO: Information Officer, ScootHero (Pty) Ltd, 70 Oakland Hills Road Parkland, Cape Town, South Africa |
ScootHero Information Officer | www.scoothero.co.za/privacy |
Information Regulator (POPIA) | inforeg@justice.gov.za |
Information Regulator (POPIA) | www.inforegulator.org.za |
Information Regulator (POPIA) | JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 |
This Privacy Policy is effective from 7 May 2026. ScootHero (Pty) Ltd is committed to protecting your personal information in accordance with POPIA and all applicable South African legislation.