1. Information We Collect

Account Information

• Phone number — your identity on Basa, used for OTP authentication only. No passwords are stored.
• Name and email — optional, for your profile and communications.
• Profile photo — displayed publicly to build trust with other users.

Provider Verification

• National ID number and document photo — collected to verify identity before allowing service provision. Stored securely and never shown to other users.
• Skills and service categories — shown on your public provider profile.
• Professional bio — shown on your profile.
• Portfolio photos — available to CORPORATE plan subscribers (max 5) to showcase past work.

Location Data

• City and province — stored to match clients with nearby providers.
• GPS coordinates — used on your device to show nearby requests. Precise GPS is not stored persistently on our servers.

Transaction and Activity Data

• Wallet balance, transaction history, platform fee records
• Service requests, bids, jobs, and ratings
• Ride offers created and bookings made
• Subscription tier and payment records

Technical Data

• Firebase FCM token — used only to deliver push notifications to your device.
• App version for compatibility tracking.

2. How We Use Your Information

• Authenticate your identity via phone OTP — no passwords are ever stored
• Match clients with nearby service providers
• Process wallet top-ups and platform fee payments through Paynow Zimbabwe
• Send push notifications about bids, jobs, ride bookings, and account alerts
• Verify provider identities to protect platform safety
• Calculate and collect platform commissions and subscription fees
• Resolve disputes and enforce community standards
• Improve platform reliability and features
• Comply with Zimbabwean law

3. Phone Number Sharing

When a client accepts a provider's bid, the client may choose to share their phone number with the provider. If shared, it is sent once in a notification message. It is never stored permanently, never repeatable, and never shared with any third party. The same applies for ride bookings.

4. What We Do NOT Collect

• Passwords (Basa uses OTP authentication only)
• Continuous GPS tracking or movement history
• Device contacts, calendar, or messages
• Financial account numbers or card details (handled entirely by Paynow Zimbabwe)
• Biometric data of any kind

5. Third-Party Services

We share data only with these trusted providers, strictly for operational purposes:

• Paynow Zimbabwe — payment processing. We share transaction amounts and reference numbers only.
• Firebase (Google) — push notification delivery via FCM. Only your device token is used.
• Supabase — secure cloud storage for profile photos, request photos, and portfolio images.
• Gikko Zimbabwe — SMS delivery for OTP codes. Only your phone number and OTP are transmitted.
• Railway.app — backend infrastructure. Data is stored in PostgreSQL with encrypted connections.

We do not sell, rent, or trade your personal data to any third party for marketing or advertising.

6. Data Security

• All API communications use HTTPS/TLS encryption
• Authentication tokens are stored in encrypted device storage; Android backup is disabled
• National ID documents are stored in access-controlled Supabase Storage
• Paynow webhook signatures are verified using SHA-512 to prevent tampering
• Rate limiting and input validation are applied to all API endpoints

7. Data Retention

We retain your data while your account is active. Transaction records may be retained up to 5 years for financial compliance under Zimbabwean law. On account deletion, all personal data is permanently purged within 7 business days, except where legally required.

8. Your Rights

• Access — request a copy of your data
• Correction — update your profile in the app at any time
• Deletion — request full account deletion via Help & Support in the app. All personal data deleted within 7 business days.
• Portability — request your data in a structured, machine-readable format
• Opt out of notifications — disable in your device settings at any time

9. Children's Privacy

Basa is not intended for users under 18. We do not knowingly collect data from minors. Contact us immediately if you believe a child has submitted data.

10. Legal Compliance

This policy complies with Zimbabwe's Cyber and Data Protection Act [Chapter 12:07]. We may disclose data to law enforcement when legally required.

11. Changes to This Policy

We will notify you of material changes through the Basa app. The "Last updated" date above reflects the current version. Continued use after changes constitutes acceptance.

12. Contact Us