Privacy Policy

Who we are

Obsidian Concierge is a premium transport service operating in Nairobi, Kenya. We provide airport transfers, city rides, and hourly bookings. This privacy policy explains how we collect, use, and protect your personal data when you use our website at obsidianconcierge.co.ke and our services.

What data we collect

When you submit a booking through our website, we collect:

• Contact information: full name, email address, phone number
• Booking details: service type, pickup/drop-off zones, date, time, number of passengers, flight number, terminal, child seat request, and any notes you provide
• Technical data: IP address, browser type, and device information (collected automatically for security and analytics)

We also use Microsoft Clarity to understand how visitors interact with our website. Clarity collects anonymised usage data including page views, scroll depth, clicks, and session recordings. No keystrokes in form fields are recorded.

Why we collect it

• To fulfil your booking: we need your contact details and trip information to confirm, schedule, and complete your ride.
• To communicate with you: booking confirmations, pre-ride messages, and post-ride follow-ups are sent to the email and/or phone number you provide.
• To protect our service: IP-based rate limiting and honeypot fields prevent spam and abuse.
• To improve the website: anonymised analytics help us understand which pages and features are most useful.

Who we share it with

We share your data only with the service providers necessary to operate:

• Supabase (database hosting) — stores your booking records securely with row-level security. Servers in AWS regions.
• Resend (email delivery) — sends booking confirmation emails to you and notification emails to us.
• Netlify (website hosting) — serves the website and processes form submissions.
• Microsoft Clarity (analytics) — collects anonymised usage data. See Microsoft's privacy statement.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

How long we keep it

Booking records are retained for 24 months after the ride date for operational and accounting purposes. After that, they are deleted or anonymised. You can request earlier deletion at any time.

Your rights

Under the Kenya Data Protection Act 2019 and the EU General Data Protection Regulation (GDPR), you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data (“right to be forgotten”)
• Restrict or object to certain processing of your data
• Data portability — receive a copy of your data in a machine-readable format

To exercise any of these rights, email us at the address below. We will respond within 30 days.

Cookies and tracking

We use a single analytics tool (Microsoft Clarity) which sets cookies to track page interactions anonymously. We do not use advertising cookies or retargeting pixels.

You can opt out of Clarity tracking by declining cookies when the banner appears, or by adjusting your browser settings to block third-party cookies.

Data security

All data is transmitted over HTTPS (TLS encryption). Database access is protected by row-level security policies. Admin access is restricted to a single authorised email via multi-layer authentication checks.

Children's privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with an updated date. Continued use of the website after changes constitutes acceptance.

Contact

For privacy-related questions or to exercise your rights, contact us at:

Obsidian Concierge
Nairobi, Kenya
Email: privacy@obsidianconcierge.co.ke

Legal basis

This policy is governed by the laws of Kenya, including the Data Protection Act 2019 (Act No. 24 of 2019). For users in the European Economic Area, we also comply with the General Data Protection Regulation (EU) 2016/679.