Privacy Policy

Welcome to Onevia Booking ("Onevia", "we", "our", or "us").

Onevia is a digital hospitality and travel booking platform developed and operated by Onestore Technologies Limited, a company based in Dar es Salaam, Tanzania. Our platform enables users to book accommodation (including hotels, lodges, guest houses, and apartments), reserve conference and event spaces, and purchase travel tickets (bus, train, boat, and flights) both nationally and internationally.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use:

• The Onevia mobile application (the "App")
• Our website: www.onevia.co.tz
• Any related services (collectively referred to as the "Services")

By accessing, downloading, installing, or using Onevia, you confirm that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of our Services.

We are committed to protecting your privacy and ensuring transparency in how your data is handled.

We collect only the information necessary to provide, operate, improve, and secure our Services.

2.1 Information You Provide Directly

• Account Information: Full name, profile details, email address, and phone number used for registration, verification, and communication
• Authentication Data: Passwords are securely stored in encrypted form — we never store plain-text passwords
• Payment Information: Mobile money details (M-Pesa, Airtel Money) and card information (Visa, Mastercard), processed securely through certified third-party payment gateways
• Booking Information: Reservation details including check-in/check-out dates, number of guests, room preferences, travel routes, ticket selections, and any special requests
• User Content: Reviews, ratings, feedback, and other content you submit through the App
• Customer Support Communications: Messages, inquiries, or requests sent to our support team
• Identity Verification Data (KYC): Identification documents (National ID, Passport, or TIN) when required by law, payment providers, or service partners

2.2 Information Collected Automatically

• Device Information: Device ID, operating system version, device model, and manufacturer
• Usage Data: Features accessed, screens viewed, time spent, interactions, and crash reports
• Network Information: IP address, mobile network, Wi-Fi details, and carrier name
• Log Data: Access times, pages visited, navigation paths, and system activity
• Location Data: Approximate or precise location (only where you have granted permission) to provide location-based services such as nearby accommodations and travel options
• Cookies & Tracking Technologies: Session cookies, preference cookies, and analytics identifiers used to enhance functionality and user experience

2.3 Information from Third Parties

• Social Login Providers: Basic profile information from platforms such as Google or Facebook when you choose to sign in using these services
• Service Partners: Booking confirmations, availability data, and service-related updates from hotels, transport operators, and event venues
• Payment Providers: Transaction confirmations and verification data from mobile money services and card payment processors

We ensure that all data collected is relevant, limited to what is necessary, and handled in accordance with applicable data protection laws and industry best practices.

We use your personal information for specific, legitimate purposes related to the operation, security, and improvement of our Services.

3.1 To Provide and Manage Our Services

• Creating and managing your user account
• Processing bookings for hotels, lodges, guest houses, apartments, conference halls, and travel tickets (bus, train, boat, and flights)
• Facilitating secure payments and issuing receipts, invoices, and booking confirmations
• Communicating booking status, check-in instructions, and travel itineraries
• Sharing necessary booking details with property owners, transport operators, and service partners to fulfill your reservations

3.2 To Improve and Personalize Your Experience

• Analyze user behavior, trends, and usage patterns to enhance performance and functionality
• Personalize recommendations for accommodations, travel options, and offers based on your preferences, search history, and location
• Conduct testing (including A/B testing and feature experiments) to improve usability, design, and service quality

3.3 For Safety, Security, and Legal Compliance

• Detecting, preventing, and investigating fraud, suspicious transactions, and unauthorized access
• Verifying user identity and the legitimacy of bookings (including KYC where required)
• Enforcing our Terms of Service and internal policies
• Complying with applicable laws in Tanzania, including the Cybercrimes Act, 2015 and the Electronic and Postal Communications Act, 2010

3.4 For Communications and Customer Support

• Send transactional communications such as booking confirmations, payment receipts, cancellations, and reminders
• Provide important service announcements, updates, and policy changes
• Respond to your inquiries, requests, and feedback through customer support channels

3.5 For Marketing and Promotions

• Send promotional messages, special offers, and personalized deals via email, SMS, or in-app notifications
• Recommend services, destinations, or properties based on your activity and interests

You may opt out of marketing communications at any time by following the unsubscribe instructions or adjusting your account settings.

We ensure that all uses of your data are limited to what is necessary, relevant, and proportionate to the purposes described above.

We process your personal data only where we have a valid legal basis to do so, in accordance with applicable Tanzanian laws and internationally recognized data protection standards.

4.1 Contractual Necessity

We process your personal data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes processing and managing your bookings, facilitating payments, and providing customer support.

4.2 Legitimate Interests

We may process your personal data where it is necessary for our legitimate business interests, including preventing fraud, ensuring platform security, improving our Services, and conducting analytics. We carefully balance these interests against your privacy rights.

4.3 Consent

We rely on your consent where required by law, including for sending marketing communications, accessing precise location data, and using certain cookies. You have the right to withdraw your consent at any time.

4.4 Legal Obligations

We may process your personal data where necessary to comply with legal and regulatory obligations under Tanzanian law and other applicable jurisdictions, including the Cybercrimes Act, 2015 and the Electronic and Postal Communications Act, 2010.

We ensure that all processing activities are lawful, fair, transparent, and limited to what is necessary for the purposes described in this Privacy Policy.

5.1 Sharing with Service Partners

When you make a booking through Onevia, we share relevant personal information with the service provider responsible for fulfilling your reservation, including hotels, transport operators, and event venues. The information shared may include your name, contact details, booking details, and payment reference. All partners are contractually required to use your data only for booking fulfillment and maintain appropriate security measures.

5.2 Payment Processors

We share necessary payment-related information with certified and secure payment providers, including mobile money services (M-Pesa, Airtel Money) and card networks (Visa, Mastercard). These providers are compliant with recognized security standards such as PCI-DSS. Onevia does not store full card details on its servers.

5.3 Technology and Service Providers

We engage trusted third-party service providers to support our platform operations, including cloud hosting, analytics, and communication tools. These providers process data on our behalf under strict contractual obligations and may not use your information for their own purposes.

5.4 Legal and Regulatory Disclosure

We may disclose your personal data when required to comply with applicable laws and regulations, respond to lawful requests, protect the rights and safety of Onevia or our users, or prevent fraud and illegal activities.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity. We will ensure continued protection of your data and notify users before any significant changes.

5.6 Sharing with Your Consent

We may share your information with third parties where you have provided explicit consent.

We implement appropriate technical and organizational security measures, including:

• Encryption of data in transit using TLS 1.2/1.3 (HTTPS) for all communications
• Encryption of sensitive data at rest, including passwords (hashed with bcrypt) and payment references
• Access controls: only authorized personnel with legitimate need access personal data
• Regular security audits, vulnerability assessments, and penetration testing
• Secure coding practices to prevent common vulnerabilities (OWASP Top 10)
• Incident response procedures with timely notification in the event of a data breach
• PCI-DSS compliant payment processing through certified third-party gateways

We retain your data only as long as necessary to fulfill the purposes described in this policy or as required by law:

The Onevia App requests the following device permissions. You can manage all optional permissions in your device Settings at any time:

The Onevia App and Services are not directed at children under the age of 13 (or 16 in jurisdictions where a higher age threshold applies). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe a child has provided us with personal information, please contact us immediately. Upon verification, we will promptly delete such information.

Users between 13 and 18 may use the App only with verifiable parental or guardian consent. By using the App, users represent that they are 18 years of age or older, or that they have obtained appropriate parental consent.

Depending on your location, you have the following rights. To exercise any of them, contact us at support@onevia.co.tz:

We use cookies, web beacons, and similar tracking technologies on our website and mobile applications.

11.1 Types of Cookies and Technologies We Use

• Strictly Necessary: Essential for operation — user authentication, session management, fraud prevention. Cannot be disabled.
• Functional: Remember your preferences including language, currency, and display settings.
• Analytics: Collect aggregated data to understand user interaction (Google Analytics, Firebase Analytics).
• Marketing: Deliver relevant advertisements and personalized offers (with your consent).

11.2 Consent and Control

Where required by law, we obtain your consent before using non-essential tracking technologies. You can manage preferences through browser settings (web) or device settings (mobile). Disabling certain technologies may affect feature availability.

Onevia operates primarily in Tanzania, East Africa. However, due to the global nature of our Services, your personal data may be processed or stored in countries outside Tanzania, including European countries, the United States, and other regions where our infrastructure or partners operate.

When transferring personal data across borders, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs): Approved contractual frameworks ensuring data protection obligations
• Adequacy Decisions: Transfers to countries recognized as providing adequate data protection
• Data Processing Agreements: Binding agreements requiring confidentiality and security

Regardless of where your data is processed, we ensure it is handled securely and in compliance with Tanzanian regulations and international standards.

The Onevia App may contain links to third-party websites, services, or platforms. This Privacy Policy does not apply to those third-party services.

We encourage you to review the privacy policies of any third-party services you access through Onevia. We are not responsible for their privacy practices or content.

Third-party SDKs integrated into the App (such as Firebase, Google Analytics) may collect certain data independently in accordance with their own privacy policies.

Some browsers transmit "Do Not Track" (DNT) signals. Currently there is no universally accepted standard for how applications should respond to such signals. Onevia does not currently alter data collection practices in response to DNT signals.

However, you can manage your privacy preferences directly through our App settings or by contacting us at support@onevia.co.tz.

You may request deletion of your Onevia account and associated personal data at any time through the following methods:

1. In-App: Go to Account Settings → Privacy → Delete My Account
2. Email: Send a deletion request to support@onevia.co.tz with your registered email address
3. Online Form: Submit a request via our Data Deletion Form

Upon receiving a verified request, we will:

• Delete or anonymize your personal profile and account data within 30 days
• Retain booking records and transaction data for up to 7 years as required by Tanzanian tax and financial regulations
• Retain data necessary to comply with legal obligations, resolve disputes, or enforce agreements
• Send you a confirmation email once the deletion process is complete

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Post the updated policy on our website and within the App
• Update the "Last Updated" date at the top of this policy
• Notify you via email or in-app notification for significant changes
• Where required by law, obtain your renewed consent

Your continued use of the Onevia App after the effective date of any changes constitutes acceptance of the updated policy.

For any questions, concerns, or data requests regarding this Privacy Policy, please reach out:

We are committed to working with you to resolve any privacy-related concerns. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.