Get the App

Privacy Notice

Kokki — Customers and Order Recipients

Last updated: March 8, 2026

← Back to Legal

I. Overview

Responsible Party

Kokki is the responsible party for the processing of your personal information. Contact us at hello@kokki.co.za or at our registered address for any privacy-related matters.

Scope

This notice applies when you use Kokki's apps or website to request or receive meal kit deliveries. It describes how we collect and use your data when you order meal kits, receive deliveries, or interact with our platform as a customer.

This notice applies if you: (a) create an account and place orders for meal kits (a "Customer"); (b) receive deliveries at a specified address, including when someone else places an order for you (an "Order Recipient"); or (c) browse our website or app without an account.

If you use Kokki as a delivery driver, a separate notice describes our collection and use of driver data. Contact us for that notice.

Our privacy practices are subject to applicable laws, including the Protection of Personal Information Act (POPIA) in South Africa.

II. Data We Collect

When we collect personal information, we take reasonably practicable steps to ensure you are aware of: what we collect and why; that Kokki is the responsible party; the purpose of collection; whether provision is voluntary or mandatory; and your rights (access, correction, objection, complaint). See Section VI for your rights.

1. Data you provide

  • Account information: Name, email, phone number, profile photo, and password when you create or update your account.
  • Delivery addresses: Street address, city, postal code, delivery instructions, and location (for delivery zone verification).
  • Payment information: Payment method details (processed by our payment provider; we do not store full card numbers).
  • User content: Ratings and reviews of meal kits, feedback, and any messages you send to customer support.

2. Data collected when you use our services

  • Location data: We collect your delivery address and, if you allow it, your device location to verify you are within our delivery zones and to improve delivery accuracy.
  • Order information: Items ordered, quantities, prices, order status, delivery status, and timestamps.
  • Usage data: How you interact with our app or website, including pages viewed, search history, and features used.
  • Device data: Device type, operating system, app version, and identifiers used for push notifications.

3. Data from other sources

We may receive data from our payment processor (Paystack) to confirm transactions, from delivery drivers to confirm delivery, or from you if you contact us via email or other channels.

4. Voluntary vs mandatory provision

Provision of account information (name, email, phone) and delivery address is mandatory to place and fulfil orders. Without it, we cannot process your order or deliver to you. Profile photo, delivery instructions, and reviews are voluntary. You may browse our website without providing personal information, but some features will be unavailable.

III. How We Use Your Data

Kokki uses data to provide, personalise, and improve our meal kit delivery services. We use data to:

  • Provide our services: Process orders, fulfil deliveries, calculate prices and delivery fees, and send order updates and receipts.
  • Personalise your experience: Recommend meal kits based on your preferences, dietary tags, and order history.
  • Enable communications: Connect you with delivery drivers (e.g. for pickup or delivery updates) and send transactional notifications.
  • Ensure safety and security: Verify your identity, prevent fraud, and enforce our terms and policies.
  • Improve our services: Analyse usage, fix bugs, and develop new features.
  • Further processing: Any use of your information beyond the original purpose of collection will be compatible with that purpose or done with your consent.
  • Marketing (with consent): Send promotional offers, discounts, and news about Kokki. We will only send direct marketing by electronic means if you have consented or are an existing customer, and we will give you a reasonable opportunity to object, free of charge, at the time of collection and on each marketing communication. Every marketing message will include our identity and contact details to unsubscribe. You may opt out at any time.

IV. Data Sharing and Disclosure

We share your data in these circumstances:

  • With delivery drivers: Name, delivery address, contact phone, and order details so they can fulfil your delivery.
  • With payment processors: Payment information is shared with Paystack (or our configured provider) to process payments. We do not store full card details.
  • With service providers: We use providers for hosting (Supabase), push notifications (Firebase), and analytics. They process data on our behalf under contractual obligations.
  • For legal reasons: We may disclose data when required by law, to enforce our terms, or to protect rights and safety.

We do not sell your personal information to third parties.

Transborder transfers

Some of our service providers (e.g. hosting, push notifications, payment processing) may process or store data outside the Republic of South Africa. We only transfer data to third parties who provide an adequate level of protection through law, binding agreements, or recognised frameworks (e.g. standard contractual clauses). You may contact us for details about specific transfers.

V. Data Retention and Deletion

We retain your data for as long as necessary to provide our services and as required by law. For example:

  • Account data: For the life of your account.
  • Order and transaction data: For tax, legal, and dispute resolution purposes, typically up to 7 years where required.
  • Usage and analytics data: For as long as needed to improve our services, then anonymised or deleted.

You may request deletion of your account and associated data by contacting us. We will delete or de-identify data as soon as reasonably practicable after we are no longer authorised to retain it, except where retention is required by law or for legitimate purposes such as fraud prevention. Destruction will be done in a manner that prevents reconstruction.

Information quality

We take reasonably practicable steps to ensure your personal information is complete, accurate, not misleading, and updated where necessary. You can update your profile, addresses, and payment methods in the app or website.

VI. Your Rights (POPIA)

Under the Protection of Personal Information Act (POPIA), you have the right to:

  • Access: Establish whether we hold your personal information and request access to it
  • Correction: Request correction, destruction, or deletion of inaccurate or incomplete information
  • Objection: Object, on reasonable grounds, to the processing of your information; object to direct marketing at any time
  • Withdraw consent: Withdraw consent at any time (where processing is based on consent)
  • Complaint: Lodge a complaint with the Information Regulator
  • Civil remedies: Institute civil proceedings regarding alleged interference with the protection of your information

You can access and update your profile, addresses, and payment methods in the app or website. For other requests, contact us at hello@kokki.co.za.

Information Regulator (South Africa): You may lodge a complaint with the Information Regulator at P.O. Box 31533, Braamfontein, Johannesburg, 2017; enquiries@inforegulator.org.za; POPIAComplaints@inforegulator.org.za; or 010 023 5200. Website: inforegulator.org.za.

VII. Children, Automated Decisions & Cookies

Children

We do not knowingly process the personal information of children under 18 without the consent of a competent person (e.g. parent or guardian). If you believe we have collected a child's information without proper consent, please contact us immediately.

Automated decision-making

We do not make decisions that significantly affect you based solely on automated processing of your personal information intended to profile you. Recommendations (e.g. meal kit suggestions) are assistive and do not constitute such profiling.

Cookies and tracking

We use cookies and similar technologies to authenticate users, remember preferences, and analyse site traffic. You can manage cookies in your browser settings. Disabling cookies may affect some features.

VIII. Security

We implement appropriate technical and organisational measures to secure the integrity and confidentiality of your personal information, including encryption in transit and at rest, access controls, and secure payment processing through PCI-compliant providers. We identify risks, maintain safeguards, and update them in response to new risks.

Security breach notification: Where there are reasonable grounds to believe your personal information has been accessed or acquired by an unauthorised person, we will notify you and the Information Regulator as required by POPIA. The notification will describe the compromise, possible consequences, measures we have taken, and recommendations for you.

IX. Updates

We may update this notice from time to time. We will notify you of significant changes via the app, email, or our website. Continued use of our services after an update constitutes acceptance of the revised notice unless otherwise required by law.

X. Contact

For privacy-related questions or to exercise your rights, contact us at hello@kokki.co.za.