At Autoreceptive, intelligence is the product — but trust is the foundation. We designed our data practices around a simple rule: collect only what makes your vehicle smarter, be transparent about every signal, and never sell your information. This page is the full, honest account of how that works.
Who we are
Autoreceptive Ltd ("Autoreceptive", "we", "us") is a company incorporated in Kenya, headquartered in Nairobi. For the purposes of the Data Protection Act, 2019, we act as the data controller for personal data processed through the Autoreceptive app, OBD hardware, web dashboard, and connected services (together, the "Platform").
For fleet and enterprise customers, your employer or fleet operator may act as an independent or joint controller for driver data they manage — see Section 08.
Data we collect
We group data by why it exists. We do not collect data "just in case" — every category below maps to a feature you can see.
Name, phone number, email, password hash, preferred language, and your role (driver, owner, fleet admin).
Make, model, year, registration/number plate, VIN, odometer, fuel type, insurer, and uploaded documents.
Engine RPM, coolant & oil readings, fault/DTC codes, battery voltage, speed, and trip diagnostics — only when an OBD device is connected.
GPS coordinates and routes, captured during active trips or when you trigger roadside SOS. See Section 05.
Fuel fills, costs, service records, parts replaced, mechanic visits, and receipts you add manually or via integrations.
Plan tier, billing history, and partial card/M-Pesa references. Full card numbers are handled by our PCI-DSS payment processor — we never store them.
Device model, OS, app version, IP address, crash logs, and diagnostic events needed to keep the app running.
Messages you send us, SOS call metadata, and your notification preferences.
In-cabin audio or video, your contacts, your photo library beyond images you explicitly attach, or any data unrelated to managing your vehicle.
How we use it
Your data exists to do one thing: keep your vehicle running smoothly and affordably. Specifically, we use it to:
- Power predictions — forecast service needs from mileage, usage rhythm, and OBD signals.
- Surface alerts — warn you of due maintenance, abnormal fuel consumption, or fault codes before they become breakdowns.
- Dispatch help — share your live location and vehicle details with emergency partners when you trigger SOS.
- Match the network — connect you to nearby vetted garages, parts dealers, and insurers based on your needs.
- Maintain records — build the verifiable digital service history that protects your resale value.
- Operate & bill — manage your account, process payments, and provide support.
- Improve safely — analyse aggregated, de-identified patterns to make our models more accurate.
AI & automated decisions
Autoreceptive is AI-native. Our models learn the patterns of your engine and habits to make predictions. We believe transparency here is non-negotiable:
- Predictions are advisory — a maintenance alert is a recommendation, never an action taken without you.
- We do not make decisions with legal or similarly significant effects about you solely by automated means.
- Models are trained on aggregated, de-identified signals; your raw records are not used to train models that serve other customers without anonymisation.
- You can request a plain-language explanation of any prediction, and you can dismiss or correct signals that look wrong.
We earn money from subscriptions and our verified partner network, never from selling your personal data. Full stop.
Location & telematics
Location is among the most sensitive data we touch, so we treat it carefully:
- Trip location is recorded only while a trip is active and only if you enable trip tracking. You can pause it anytime.
- SOS location is captured the moment you trigger roadside assistance and shared only with the dispatched responder.
- Background location is off by default. If enabled for live fleet tracking, an on-screen indicator makes it obvious.
- Precise location history can be deleted by you at any time, independently of the rest of your account.
Legal bases
Under the Data Protection Act, 2019, we rely on the following grounds:
- Performance of a contract — to deliver the Platform features you signed up for.
- Consent — for location tracking, marketing, and optional integrations; withdrawable anytime.
- Legitimate interests — to secure the Platform, prevent fraud, and improve our service, balanced against your rights.
- Legal obligation — where we must retain records or respond to lawful requests.
- Vital interests — to share location with responders during an emergency you initiate.
Fleet & business accounts
If you drive a vehicle managed by a business on Autoreceptive, your employer or fleet operator is the controller of the operational data tied to that vehicle:
- Fleet admins can see vehicle status, trip logs, fuel, maintenance, and assigned-driver activity for company vehicles.
- Admins cannot see your personal vehicles, private contacts, or activity outside assigned work vehicles.
- Where required, we act as a data processor for the fleet operator under a data-processing agreement.
- Questions about how your employer uses fleet data should be directed to them as the controller.
How long we keep it
- Account & vehicle records — for as long as your account is active, then up to 12 months after closure.
- Maintenance & service history — retained for the life of the account so resale value is protected; exportable and deletable on request.
- Precise location history — 90 days by default, then automatically aggregated or deleted.
- Payment & tax records — kept as long as Kenyan tax law requires (typically 7 years).
- Support logs — up to 24 months.
Your rights
The Data Protection Act gives you strong rights over your data. Exercise any of these from Settings → Privacy or by contacting our DPO. To delete your account entirely, delete your account & data →
Access
Get a copy of the personal data we hold about you.
Correct
Fix data that's inaccurate or incomplete.
Delete
Erase your data where there's no overriding legal reason to keep it.
Export
Receive your data in a portable, machine-readable format.
Object
Object to processing based on legitimate interests or marketing.
Withdraw
Pull consent for location, marketing, or integrations anytime.
We respond to verified requests within 30 days, free of charge in most cases.
How we protect it
- Encryption in transit (TLS 1.2+) and at rest for sensitive records.
- Least-privilege access — staff see data only when their role requires it, with full audit logging.
- Tokenised payments — card data never touches our servers.
- Routine testing — penetration tests and continuous monitoring.
- Breach response — we notify the ODPC and affected users without undue delay where a breach poses a risk.
International transfers
We process data primarily in Kenya. Where a provider stores data outside Kenya, we ensure an adequate level of protection through approved safeguards — such as contractual clauses and ODPC-recognised mechanisms — consistent with the Data Protection Act.
Children's data
The Platform is intended for users aged 18 and over. We do not knowingly collect data from children. If you believe a minor has provided us data, contact our DPO and we will delete it promptly.
Changes to this notice
We may update this notice as the Platform evolves or the law changes. Material changes will be announced in-app and by email at least 14 days before they take effect. The version and effective date at the top always reflect the current notice.
Contact & complaints
Questions, requests, or concerns? Our Data Protection Officer is here to help.
Autoreceptive Ltd
Westlands, Nairobi, Kenya
We always prefer to resolve concerns directly — reach out first and we'll make it right.