GoFasta
§ PRIVACY POLICYLast updated · 22 April 2026

Your data, your call.

This policy explains what personal information we collect, why we collect it, and what we do — and do not do — with it. Written plainly, on purpose.

At a glance

  • We collect what we need to match rides, keep them safe, and bill correctly — no more.
  • We do not sell your personal data. Ever. Not in aggregate, not in pieces, not through "partners".
  • You can export or delete your data from inside the app at any time.
  • We store data inside Zimbabwe where possible, and only in jurisdictions with equivalent protections otherwise.

1. Who we are

SUPERDARKCODE LABS (Pvt) Ltd ("SUPERDARKCODE LABS", "we", "our") is a company registered in Zimbabwe (registration no. 2026/00357) that operates the GoFasta ride-hailing platform. Our registered address is 14 Nelson Mandela Avenue, Harare. You can read more about the company at superdarkcodelabs.co.zw. For privacy matters, contact our Data Protection Officer at privacy@gofasta.co.zw.

2. What we collect

2.1 Account information

Name, phone number, email address, profile picture (optional), government-issued ID (required for drivers, required for riders above a small threshold of trips per month, as permitted by local KYC rules).

2.2 Trip information

Pick-up and drop-off points, route taken, duration, agreed fare, payment method, driver-rider ratings and any written feedback.

2.3 Device and technical data

Device make and OS version, app version, IP address, approximate location (always) and precise location (only while the app is open and you've granted permission).

2.4 Payment data

Card details are collected and stored exclusively by our PCI-DSS certified payment processors. We store only the last four digits and expiry for display. Mobile money numbers are stored encrypted.

3. How we use your data

  • To provide the service — match you with a driver / rider, compute fare estimates, process payments, generate receipts.
  • To keep people safe — detect fraud, investigate reported incidents, share information with law enforcement when legally required.
  • To communicate with you — trip confirmations, receipts, security notices, and optional product updates you can unsubscribe from at any time.
  • To improve the app — aggregate and de-identified analytics only. Your individual trips are never used for public reporting.

4. Who we share it with

We share information only in the following limited cases:

  • The other party to your trip — your name, rating, photo and approximate pick-up location. Drivers see the destination after accepting.
  • Your trusted contacts — when you explicitly tap "Share trip".
  • Payment processors — limited to what is required to take or refund payment.
  • Law enforcement — when compelled by a valid Zimbabwean court order, or in a life-threatening emergency.
  • Tax authorities — anonymised earnings totals for drivers, as required by ZIMRA.

We do not sell, rent, or trade personal data to advertisers, brokers, or any third party for marketing purposes.

5. How long we keep it

  • Active account data — while your account is open.
  • After deletion — 30 days in cold storage for dispute-resolution, then permanently purged.
  • Safety incident records — up to 7 years, as required by Zimbabwean insurance and transport regulations.
  • Tax invoices — 6 years, as required by ZIMRA.

6. Cookies and similar technologies

Our website uses a minimal set of strictly necessary cookies (for session handling and CSRF protection) and aggregated, anonymised analytics. We do not run third-party advertising cookies and we do not carry any behavioural tracking pixels. You can disable non-essential cookies from our cookie banner on first visit.

7. Your rights

Under the Zimbabwe Cyber and Data Protection Act (2021) and equivalent laws where you may reside, you have the right to:

  1. Access a copy of the personal data we hold about you.
  2. Correct any information that is wrong.
  3. Delete your account and have your data erased (subject to legal retention rules above).
  4. Object to, or restrict, certain kinds of processing.
  5. Withdraw consent for optional processing at any time.
  6. Lodge a complaint with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ).

8. Security

All traffic between the app, our website and our servers is encrypted with TLS 1.3. Databases are encrypted at rest. Access to production systems is restricted to named engineers, authenticated with hardware security keys and logged. We run quarterly third-party penetration tests and publish a summary in our annual transparency report.

9. Children

GoFasta is not intended for use by anyone under 18. We do not knowingly collect data from under-18s. Parents may request deletion at the address below.

10. International transfers

Our primary infrastructure is hosted in Zimbabwean and South African data centres. Some administrative services (e.g. developer tools) are located in the EU. We only use providers that commit to equivalent protections under the Zimbabwe Cyber and Data Protection Act.

11. Changes to this policy

When we make a material change, we announce it at least 14 days before it takes effect: in-app, by email, and on this page. We keep an archive of every previous version at privacy@gofasta.co.zw on request.

12. Contact us

Data Protection Officer · SUPERDARKCODE LABS (Pvt) Ltd — operator of GoFasta
14 Nelson Mandela Avenue, Harare, Zimbabwe
superdarkcodelabs.co.zw · privacy@gofasta.co.zw