Legal
Last updated: July 17, 2026
Hayame (“Hayame,” “we,” “us,” or “our”) operates a peer-to-peer car rental marketplace in Ghana through our website at hayamegh.com and our iOS and Android apps (together, the “Service”). Hayame is the data controller responsible for your personal information.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, how long we keep it, and the rights and choices you have — including under the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA), and Ghana’s Data Protection Act, 2012 (Act 843). If you do not agree with this Policy, please do not use the Service.
We collect the following categories of personal information:
Identity & contact information: your first and last name, email address, phone number, and account password when you register, edit your profile, or contact support. We offer email-and-password sign-in only; our authentication provider (Supabase) processes your email address and a unique user identifier to create and secure your session. We do not use third-party or social sign-in.
Identity & host verification: if you apply to become a host, a government-issued ID and related verification details so we can confirm your identity, comply with our legal obligations, and keep the marketplace safe.
Photos & media: profile pictures and vehicle listing photos you upload. On mobile, and only with your permission, we access your camera and photo library solely to capture or select these images.
Booking, transaction & address information: listings you view, save, and book; trip dates; the pickup, delivery, or trip-use address and city you provide; your booking and trip history; reviews; and favorites.
Location information: we use the city or area you enter to show relevant vehicles. On Android, where you grant permission, we may use your device’s location to show nearby vehicles and improve search results; you can turn this off at any time in your device settings. Our iOS app does not request device location.
Payment information: payments are processed by our payment provider, Paystack. Your card or bank details are entered directly with Paystack and we do not store them on our servers; we retain transaction records (such as amount, status, and a reference) needed to manage bookings, payouts, disputes, and refunds.
Communications: messages exchanged between guests and hosts through the Service, and the contents of support or contact requests.
Device, identifiers & usage data: an account/user ID, device identifiers and push-notification tokens, device type and app version, and product-interaction data such as pages and listings viewed, taps, and favorites, along with log data we use to operate, secure, and improve the Service.
Categories of sources. We collect personal information directly from you (when you register, build a profile, list a vehicle, book a trip, message another user, or contact support); automatically from your devices and your use of the Service (device identifiers, push tokens, log and product-interaction data, and, on Android with permission, device location); from other users (for example, a host or guest you transact with, and reviews); and from our service providers, including Paystack (transaction reference, amount, and status) and Supabase.
Required vs. optional information. Some information is required to provide the Service. You must provide your name, email, phone number, and password to create an account and to book or list a vehicle; if you apply to become a host, you must provide a government-issued ID for identity verification and our legal and fraud-prevention obligations. If you do not provide this required information, we cannot create your account or let you book or list vehicles. Other items — such as camera, photo library, or Android device-location access — are optional and used only with your permission.
We use the information we collect to:
We do not use your personal information for third-party advertising, and we do not engage in tracking across other companies’ apps or websites.
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:
Data subjects in Ghana. For data subjects in Ghana, we process personal data in accordance with the Data Protection Act, 2012 (Act 843), relying on your consent (for example, for camera, photo library, location, and notification access) and on other lawful grounds, including the performance of our contract with you, compliance with our legal obligations, and our legitimate interests in operating and securing the marketplace.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We disclose information only as needed to run the Service:
In the preceding 12 months we disclosed the following categories of personal information for business purposes: identifiers, commercial/booking information, communications, photos, geolocation, and (for hosts) government identifiers — to the categories of recipients above (service providers, the other party to a booking, and, where required, legal or regulatory authorities and parties to a business transfer). We did not sell or share any category of personal information for cross-context behavioral advertising.
Strictly necessary (always on). We use cookies and similar technologies to keep you signed in, maintain your session, and secure the Service. These are required for the Service to work and cannot be turned off. Disabling them in your browser may break sign-in and booking.
Analytics (only with your permission). If you accept, we record how the Service is used: pages viewed, searches made, which cars are viewed, and where a booking is abandoned. To do this we store a random identifier on your device (in your browser's local storage on the web, or in app storage on iOS). It is not a name, an email, or an advertising ID, and it is not shared with anyone. Nothing is stored and nothing is sent until you accept.
What we do not do. We do not use advertising or cross-site tracking cookies. We do not track you across other companies' apps or websites. We do not use device fingerprinting, session recording, or heatmaps. We do not sell your data or share it with data brokers or advertising networks. Our iOS app does not use the advertising identifier (IDFA), which is why it does not show Apple's tracking permission prompt.
Changing your mind. You can turn analytics on or off at any time, and turning it off deletes the identifier described above. On the web, use the controls in section 11 below. On iOS, go to Profile → Privacy → Share usage analytics. Declining does not limit any feature of the Service.
We keep individual analytics events for up to 400 days, after which they are deleted. Aggregate counts that cannot identify you may be kept longer.
We retain each category of personal information for as long as your account is active and for the period needed for the purpose it was collected:
When information is no longer needed for these purposes, we delete or anonymize it.
We use industry-standard safeguards, including encryption in transit, access controls, and row-level security on our database, to protect your information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Hayame operates from Ghana, and our service providers may process and store data in other countries, including outside your own. Where required by law, we put appropriate safeguards in place — such as standard contractual clauses or transfers to jurisdictions recognized as providing an adequate level of protection — so that your information remains protected. You can request a copy of the safeguards we rely on, or more information about where your data is processed, by emailing us at support@hayamegh.com.
We do not make decisions about you based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you. Our fraud-prevention and identity-verification checks may use automated tools, but any decision that significantly affects you (such as suspending or removing your account) involves human review. If this changes, we will update this Policy and explain the logic involved and the consequences for you.
Depending on where you live, you may have some or all of the following rights regarding your personal information:
Where we process your information based on our legitimate interests, you have the right to object at any time on grounds relating to your particular situation by contacting support@hayamegh.com; we will stop unless we have compelling legitimate grounds to continue or need the data to establish, exercise, or defend legal claims.
EEA & UK (GDPR): you also have the right to lodge a complaint with a data protection supervisory authority, in particular in the country of your residence or workplace, or — if you are in the UK — with the Information Commissioner’s Office (ICO) at ico.org.uk. We would appreciate the chance to address your concerns first, so please contact us before doing so.
California (CCPA/CPRA): you have the right to know what personal information we collect and how we use and disclose it, to request deletion or correction, and to opt out of the sale or sharing of personal information and to limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising, and we have not done so in the preceding 12 months. You may use an authorized agent to submit requests, and we will not discriminate against you for exercising your rights. We do not sell or share the personal information of consumers we know are under 16, and the Service is intended only for adults 18 and older.
In the past 12 months we have collected the following categories of personal information as defined by the CCPA: identifiers (name, email, phone, account/user ID, device identifiers, push tokens); commercial information (bookings, trip history, favorites); internet or other network activity (pages and listings viewed, taps, log data); geolocation data (city/area you enter and, on Android with permission, device location); audio, electronic, visual, or similar information (profile and vehicle photos); the contents of communications (guest-host messages, support requests); and sensitive personal information.
Sensitive personal information. For California residents, certain information we collect is treated as sensitive: government-issued ID and verification details (hosts only), your account log-in credentials, the contents of messages between guests and hosts and of support requests, and, on Android where you grant permission, precise device location. We use this information only to provide and secure the Service, verify host identity, prevent fraud, and meet our legal obligations — not to infer characteristics about you — so the right to limit its use does not change how we handle it.
Ghana (Act 843): you have the rights provided under the Data Protection Act, 2012, including to access and correct your data and to object to processing. You may also lodge a complaint with the Data Protection Commission of Ghana (dataprotection.org.gh) about how your data is handled.
You can view and update most of your information directly from your profile settings, and you can manage camera, photo, location, and notification permissions at any time in your device settings. Turning off a permission stops the related collection going forward — for example, disabling location on Android stops us from using your device location, and disabling notifications stops delivery of push notifications. This does not delete data already collected.
Your analytics choice
Current choice: Not chosen yet
To request access, correction, portability, or deletion of your personal information — or to delete your account entirely — email us at support@hayamegh.com with the subject “Delete my account.” We will verify your request and respond within the time required by applicable law, and in any case delete your profile and personal information within 30 days — except records we must retain for legal, tax, or fraud-prevention purposes, which we will tell you about.
The Service is intended for adults who are old enough to enter into a car rental agreement, and is not directed to children under 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe a child under 18 has provided us with personal information, please email us at support@hayamegh.com and we will delete it. If we learn that we have collected information from a child under 18 without verifiable parental consent, we will promptly delete that information and close any associated account.
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you through the Service. Your continued use of the Service after an update means you accept the revised Policy.
If you have questions about this Privacy Policy, want to exercise your rights, or wish to make a privacy complaint, reach us at:
Email: support@hayamegh.com
Address: Accra Digital Centre, Ring Road West