Rada

Legal

Privacy Policy

Last updated: June 2025

Rada ("we", "us", or "our") is a nightlife discovery platform that helps users in Nairobi find clubs, redeem drink vouchers, RSVP to events, and connect with their crew. This Privacy Policy explains what personal information we collect, how we use it, and the choices you have.

1. Information We Collect

Account information. When you sign in with Google we receive your name, email address, and profile photo from Google. You may also provide a phone number, display name, and bio within the app.

Location data. With your permission, we collect your precise location to show you nearby venues, flash deals, and events. Background location is used to notify you when you pass a participating club. You can revoke this permission in your device settings at any time.

Payment and wallet data. If you top up your in-app wallet or pay for tickets via mobile money, we collect your M-Pesa phone number and transaction details, processed through Safaricom Daraja.

Identity verification (KYC) data. If you withdraw funds from your wallet, we collect your full name, national ID number, and date of birth to verify your identity as required for regulated transactions. We do not store photos of your ID — only the verification fields above are transmitted and your ID number is stored in hashed form.

Messages. If you use Rada's direct or group messaging features, we store the content of those messages and who sent them so the conversation can be delivered and displayed.

Photos and short-form video. Profile photos, and any short-form video ("Shorts") you post, are stored on our platform. Shorts are visible to other users and are automatically deleted 24 hours after posting.

Live streaming. If you broadcast or watch a live stream, we process the associated video stream and any in-stream gifting transactions. An optional on-device face-blur feature is available to broadcasters and does not involve facial recognition or biometric identification — it only applies a visual blur effect locally on your device.

Usage data. We collect information about how you use the app — venues you view, vouchers you redeem, events you RSVP to, and features you interact with. This helps us improve the product and personalise your experience.

Device information. We collect device identifiers, operating system version, and push notification tokens to deliver notifications and debug issues.

Communications. If you contact us via email we retain those messages to respond to your enquiry.

2. Cookies and Similar Technologies

We use a small number of strictly necessary cookies — for example, a session cookie that authenticates event staff using the in-app QR scanner. We do not use cookies for advertising, and we do not use any third-party analytics or tracking cookies (such as Google Analytics or Meta Pixel).

3. How We Use Your Information

We use your information to:

4. Sharing Your Information

We do not sell your personal information. We share data only in the following circumstances:

Vendors. When you redeem a voucher at a participating venue, that vendor receives confirmation of the redemption (not your full profile).

Payment processing. Mobile money payments (wallet top-ups, ticket purchases) are processed by Safaricom through the M-Pesa Daraja API. Safaricom receives your phone number and the transaction amount.

Service providers. We use Supabase for database and authentication, Vercel for hosting, Mapbox for venue mapping, LiveKit for live streaming, Resend for transactional email, and Sentry for crash reporting. These providers process data on our behalf under appropriate data protection agreements.

Legal requirements. We may disclose information if required by law, court order, or to protect the rights, property, or safety of Rada, our users, or the public.

5. Data Retention

We retain your account data for as long as your account is active. Voucher, ticket, and wallet transaction records are retained for a minimum of 7 years for accounting and audit purposes. Short-form video ("Shorts") is automatically deleted 24 hours after posting. You may request deletion of your account and associated data at any time by contacting us.

6. Your Rights

Depending on your location, you may have the right to:

To exercise any of these rights, email us at hello@radaapp.com.

7. Security

We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest (a default protection provided by our database infrastructure provider, Supabase — see Supabase's security documentation), database-level access controls that restrict each user to their own records, and role-based access controls for staff. No method of transmission or storage over the internet is 100% secure, but we continuously work to protect your data.

8. International Data Transfers

Your data is primarily stored with Supabase in the European Union (Frankfurt, Germany). Our web application is hosted by Vercel, which may process traffic through infrastructure located in the United States. Where your information is transferred outside Kenya, we rely on our processors' standard data protection safeguards.

9. Children

Rada is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we become aware that a minor has provided us with personal data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy in the app and updating the "last updated" date above. Continued use of Rada after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at hello@radaapp.com.

← Back to Rada