Privacy Policy

Last updated: 1 May 2025. This policy is effective as of 1 May 2025.

This Privacy Policy explains how CarHaki Limited collects, uses, stores, and protects your personal data. It is prepared in compliance with the Uganda Data Protection and Privacy Act 2019.

1. Introduction and Scope

CarHaki Limited ("CarHaki", "we", "us") operates the vehicle history verification platform at carhaki.ug. This policy applies to all users of the Platform, whether registered or unregistered, including individual buyers, dealers, and businesses.

By using the Platform, you consent to the collection and use of your personal data as described in this policy. If you do not agree, please do not use the Platform.

2. What Data We Collect

We collect the following categories of personal data:

Account and Identity Data

First name, last name, email address, phone number, account type (individual, dealer, etc.), country of residence, and password (stored in encrypted form only).

Vehicle Search Data

VIN numbers and chassis numbers you search for, the country of origin selected, and the date and time of each search. This data is linked to your account if you are logged in.

Payment Data

Transaction references, payment amounts, payment methods (MTN, Airtel, or card type), phone numbers used for mobile money, and transaction timestamps. We do not store full card numbers. Card processing is handled by Flutterwave.

Technical and Usage Data

IP address, browser type, device type, operating system, pages visited, time spent on pages, and referring website. Collected automatically via server logs and cookies.

Communications

Any messages you send us through the contact form, including name, email, phone, and message content.

3. How We Collect It

  • Directly from you when you register, purchase a report, or contact us
  • Automatically when you visit the Platform via cookies and server logs
  • From payment processors (Flutterwave) confirming successful transactions
  • From third-party vehicle data providers when processing your search

4. Why We Collect It

We use your personal data for the following purposes:

  • To create and manage your account
  • To process vehicle history report requests and deliver reports to you
  • To process payments and prevent fraud
  • To send you reports, receipts, and service communications by email
  • To respond to contact form enquiries and support requests
  • To improve the Platform and diagnose technical issues
  • To comply with legal obligations under Ugandan law

We do not use your personal data for advertising or marketing purposes without your explicit consent. We do not sell personal data to third parties.

5. How We Store and Protect It

All personal data is stored on servers located within or accessible to Uganda. We implement the following security measures:

  • All data transmitted between your browser and our servers is encrypted via HTTPS (TLS 1.2 or higher)
  • Passwords are stored using industry-standard one-way hashing algorithms
  • Access to production systems is restricted to authorised personnel only
  • Payment card data is processed entirely by Flutterwave and never stored on our servers
  • Vehicle query data sent to third-party APIs contains only the VIN or chassis number, never your personal details
  • PDF reports stored on our servers are private and accessible only to the account that generated them

6. Third Parties We Share Data With

We share data with the following third-party services in order to operate the Platform:

Provider Purpose Data Shared
Flutterwave Payment processing Name, email, phone, payment amount
VinAudit / OtoFacts Vehicle data lookup VIN or chassis number only
Anthropic AI report summary generation Anonymised vehicle report data (no personal data)
SendGrid Transactional email delivery Name, email address

We do not share your personal data with any other third parties unless required to do so by law or a valid court order from a Ugandan court.

7. Your Rights Under Ugandan Law

Under the Uganda Data Protection and Privacy Act 2019, you have the following rights:

  • Right of access: You may request a copy of the personal data we hold about you
  • Right to correction: You may request that inaccurate data be corrected
  • Right to deletion: You may request that your account and associated data be deleted, subject to any legal retention obligations
  • Right to object: You may object to the processing of your data for purposes other than providing the service you requested

To exercise any of these rights, email us at privacy@carhaki.ug. We will respond within 14 days.

8. Cookies

We use cookies to maintain your session (so you stay logged in), to remember your preferences, and to detect repeated failed login attempts for security.

We do not use advertising or tracking cookies. The cookies we use are strictly necessary for the Platform to function.

9. Children

The CarHaki Platform is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has submitted personal data through the Platform, contact us at privacy@carhaki.ug so we can delete it.

10. Data Retention

We retain account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (for example, payment transaction records for tax purposes, which are retained for 7 years under Ugandan tax law).

Vehicle search data is retained for 2 years to allow you to access past reports.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email when material changes are made. The date at the top of this page reflects when it was last updated.

12. Contact Us

CarHaki Limited - Data Controller

Plot 45, Kampala Road, Kampala, Uganda

Privacy enquiries: privacy@carhaki.ug

Phone: +256 700 123 456

12/05/2026 05:49:42