Privacy Policy

Last updated: 1 June 2026

This document is a professional template aligned to South African law (POPIA). Please have it reviewed and finalised by qualified legal counsel before relying on it in production.

Athena Advisors SA 786 (Pty) Ltd ("we", "us", "our") operates the Tripi staff-transport and logistics platform. This policy explains what personal information we process, why and how we process it, who we share it with, how long we keep it, how we protect it, and the rights available to you under the Protection of Personal Information Act, 2013 (POPIA).

1. Who we are and our role

Athena Advisors SA 786 (Pty) Ltd provides the Tripi platform. For most personal information processed on the platform, the organisation that arranges your transport — typically your employer — is the Responsible Party, and we act as its Operator, processing personal information on its documented instructions. For platform accounts, billing, security and the operation of the service itself, we may act as a Responsible Party in our own right.

Our Information Officer can be contacted at privacy@tripi.co.za.

2. Who this policy covers

This policy applies to every person who interacts with the platform, including passengers and employees, transport administrators and managers, vendors, subcontractors and drivers, control-room and security users, finance users, and system and platform administrators.

3. Information we collect

We collect only the information needed to operate a safe and accountable transport service:

Identity and contact details — name, employee number, work email and mobile number, and a nominated emergency contact.
Employment context — department, cost centre, site, line manager, employment status, passenger type and transport eligibility.
Addresses and location — approved home, pickup and drop-off addresses (including versions and effective dates), and GPS location while a trip is in progress.
Bookings and travel — your bookings, shift details, attendance and check-in events, no-shows, and trip history.
Safety and incidents — SOS events and incident records that involve you, and related communications.
In-vehicle recordings — audio and video captured during a trip, but only where your organisation has enabled dashcam recording.
Communications — notifications and messages we send you, and your support correspondence.
Technical and security data — IP address, device and browser information, session data, and access and audit logs.

4. How we use your information

To arrange and deliver staff, shuttle and client transport, including eligibility checks, routing, consolidation, vendor allocation and live execution.
For safety — SOS and incident command, live monitoring, emergency and security response coordination, and, where enabled, in-vehicle recording.
To manage attendance, no-shows, and collection or drop-off confirmation.
For waybilling, vendor billing validation, cost allocation, and — where your organisation requires it — passenger cost recovery and payroll export.
To send you service notifications about your bookings, trips and account.
For compliance, audit, governance, dispute resolution and fraud prevention.
To secure, maintain, troubleshoot and improve the platform.

5. Lawful basis for processing

Depending on the activity, we (or the Responsible Party) rely on one or more of the following grounds recognised by POPIA: the conclusion or performance of the transport arrangement; the legitimate interests of you, your organisation or us (such as safety, security and fraud prevention); compliance with a legal obligation; the protection of a legitimate interest such as life or safety in an emergency; and your consent where it is required, which you may withdraw at any time.

6. When and with whom we share information

We share personal information only as necessary to operate the service, and we never sell it. Recipients may include:

Your employer or the organisation arranging your transport (the Responsible Party).
Transport vendors, subcontractors and drivers — limited to the information required to execute a specific trip (such as pickup point, name and contact for coordination).
Emergency, medical and security responders during an incident, to protect safety.
Our service providers (Operators) — for example hosting, mapping and routing, SMS, WhatsApp and email gateways, and payment processors — under written contracts that require confidentiality and security.
Professional advisers, auditors and authorities where we are legally required or permitted to disclose.
A successor entity in connection with a corporate transaction, subject to this policy.

7. Automated processing

The platform automates operational tasks such as route optimisation, trip consolidation and cost calculation. These do not constitute decisions based solely on automated processing that produce legal effects concerning you; operational decisions remain subject to human oversight by transport administrators.

8. Cross-border transfers

Where personal information is transferred outside the Republic of South Africa, we do so only where section 72 of POPIA is satisfied — for example where the recipient is subject to laws or binding rules that provide adequate protection, the transfer is necessary to perform the arrangement, or you have consented.

9. Retention

We retain personal information only for as long as necessary for the purposes set out above and to meet legal, operational, audit, billing and dispute requirements. Operational records are versioned rather than overwritten so that history remains accurate. In-vehicle recordings are retained according to your organisation's configured retention policy and any applicable legal hold, after which they are securely destroyed or de-identified.

10. How we protect your information

We apply appropriate, risk-based technical and organisational safeguards, including encryption in transit, role-based access control, multi-factor authentication for administrators, comprehensive and immutable audit logging, tamper-evidence and chain-of-custody controls for recordings, strict isolation of each organisation's data, session controls, and regular, tested backups.

11. Your rights under POPIA

Subject to the Act, you may request access to your personal information; request that we correct, update or delete it; object, on reasonable grounds, to particular processing; and complain to the Information Regulator. Because your organisation is usually the Responsible Party, we will route or support your request to them and assist as required. We may need to verify your identity before acting on a request.

12. Your responsibilities

Please keep your contact details and addresses accurate and up to date through the platform or your administrator, and keep your account credentials confidential. Accurate information is important for your safety and for the correct delivery of transport.

13. Marketing

We send operational and service messages relating to your bookings, trips and account. We do not use your personal information for third-party marketing.

14. Cookies and sessions

The platform uses essential, first-party session cookies that are necessary to sign you in and keep the service secure. It does not use advertising or third-party tracking cookies.

15. Children

The platform is intended for an organisation's workforce and authorised users and is not directed at children. Any processing relating to a minor is handled in accordance with POPIA and the relevant organisation's policy.

16. Changes to this policy

We may update this policy from time to time to reflect changes in the platform, our practices or the law. The effective date above reflects the latest version, and material changes will be communicated through the platform where appropriate.

17. Contact us and complaints

Information Officer, Athena Advisors SA 786 (Pty) Ltd — privacy@tripi.co.za. If you are not satisfied with how we have handled your information, you may lodge a complaint with the Information Regulator (South Africa), via its official channels at inforegulator.org.za.