Privacy Policy

1. Introduction and Scope

1.1 Purpose of the Privacy Policy

This Privacy Policy explains how RAVEON ("RAVEON", "we", "us", or "our") collects, uses, processes, discloses, and protects personal data in connection with the use of its platform.

RAVEON is committed to safeguarding the privacy and personal data of its users, partners, and stakeholders. This Policy is designed to ensure transparency in how personal data is handled and to demonstrate compliance with applicable data protection laws, including the Kenya Data Protection Act, 2019, the General Data Protection Regulation (GDPR) where applicable, and other relevant international standards.

This Privacy Policy forms an integral part of RAVEON's legal framework and should be read together with the Terms of Use and any other applicable policies.

1.2 Scope of Application

This Privacy Policy applies to all personal data processed by RAVEON in connection with mobile applications (iOS, Android), web applications and dashboards, venue-integrated systems and partner interfaces, APIs and backend services, and customer support and communication channels.

It covers all users of the platform, including end users (customers and party attendees), venue partners (clubs, restaurants, event organizers), service providers and contractors, DJs, performers, and content creators, and website visitors and prospective users. This Policy applies regardless of the user's geographic location, subject to applicable laws.

1.3 Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Data Subject" means the individual to whom the personal data relates.
• "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
• "Controller" means the entity that determines the purposes and means of processing personal data.
• "Processor" means an entity that processes personal data on behalf of the Controller.
• "Platform" means the RAVEON mobile apps, web apps, APIs, and integrated systems.
• "Services" means all features and functionalities offered through the Platform.

1.4 Acceptance of Policy

By accessing, registering for, or using the RAVEON Platform, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. Where required by law, RAVEON will obtain your explicit consent before collecting or processing certain categories of personal data. You have the right to withdraw your consent at any time, subject to legal or contractual restrictions. If you do not agree with this Privacy Policy, you must refrain from using the Platform and its Services.

2. About RAVEON

2.1 Platform Overview

RAVEON is a technology-driven nightlife and entertainment platform designed to enhance in-venue and event-based experiences through digital innovation. The platform integrates social networking, financial transactions, and real-time service access into a unified ecosystem. RAVEON enables users to interact seamlessly within nightlife environments by providing features such as in-app ordering, digital payments, social engagement, and access to exclusive events and services. The platform operates across multiple venues and supports real-time interactions between users, venues, and service providers.

2.2 Services Covered

This Privacy Policy applies to all services offered by RAVEON, including but not limited to:

• Digital Payments and Wallet Services — wallet balances, coin purchases, tipping, peer-to-peer transfers, and group payments.
• In-Club and Venue Services — ordering food and beverages, requesting waitstaff, booking tables, and accessing VIP or private sections.
• Social Networking Features — user profiles, check-ins, friend requests, messaging, club feeds, and user-generated content.
• Creator and Performer Engagement — DJ tipping, song requests, performer interactions, and creator monetization features.
• Event Access and Ticketing — event discovery, ticket purchases, entry passes, and private event access.
• Loyalty and Rewards Programs — points accumulation, incentives, promotions, and redemption mechanisms.
• Analytics and Personalization Services — recommendations, targeted content, and usage-based insights.

2.3 Role as Data Controller and Processor

RAVEON primarily acts as a Data Controller in relation to personal data collected and processed through its platform. This means RAVEON determines the purposes and means of processing personal data.

In certain cases, RAVEON may act as a Data Processor, particularly where it processes personal data on behalf of third parties such as venue partners, payment service providers, or marketing or analytics partners. Where RAVEON acts as a Data Processor, it will process personal data strictly in accordance with the instructions of the relevant Data Controller and applicable data protection laws.

3. Information We Collect

RAVEON collects and processes various categories of personal data to provide, operate, and improve its services. The type and extent of data collected depend on how you interact with the platform.

3.1 Personal Identification Information

• Full name
• Phone number
• Email address
• Date of birth (where required)
• Profile photo or avatar
• Government-issued identification (where required for verification or compliance)

3.2 Account and Profile Data

• Username and login credentials
• Account preferences and settings
• Linked social media accounts (if applicable)
• Loyalty program participation data
• Membership or VIP status information

3.3 Financial and Transaction Data

• Wallet balances and transaction history
• Coin purchases and usage
• Tipping and peer-to-peer transfer data
• Payment method details (processed securely via third-party providers)
• Billing and invoice information

RAVEON does not store full payment card details where third-party payment processors are used, in line with industry standards.

3.4 Location and Check-In Data

• Real-time or approximate device location (subject to permissions)
• Venue check-ins and presence data
• Event attendance and movement within venues (where applicable)

This data supports features such as club feeds, friend discovery, and service delivery within venues.

3.5 Social and User-Generated Content

• Posts, comments, and reactions
• Messages and communication with other users
• Friend requests and connections
• Song requests, DJ interactions, and tipping activity
• Uploaded media (photos, videos, etc.)

3.6 Device and Technical Data

• Device type, model, and operating system
• IP address and network information
• App version and configuration
• Device identifiers and session data

3.7 Usage and Behavioral Data

• Features accessed and actions performed
• Time spent on the platform
• Navigation patterns and user flows
• Engagement with content, events, and venues

4. How We Collect Information

4.1 Direct User Input

We collect information that you voluntarily provide when you register or create an account, complete your profile or update account details, make payments, top up your wallet, or perform transactions, book tables, purchase tickets, or request services, post content, send messages, or interact with other users, or contact customer support or submit inquiries.

4.2 Automated Data Collection Technologies

We automatically collect certain data when you access or use the platform through mobile applications and web browsers, cookies and similar tracking technologies, device sensors and system logs, and analytics and performance monitoring tools. This includes technical data, usage patterns, session activity, and interaction behavior.

4.3 Third-Party Sources

We may receive personal data from third-party sources, including payment service providers (transaction confirmations and status), identity verification providers (KYC/AML compliance where applicable), social media platforms (if you link or sign in via third-party accounts), analytics and marketing partners, and fraud detection and security service providers. All third-party data collection is governed by contractual agreements and applicable data protection laws.

4.4 Venue and Partner Integrations

RAVEON integrates with physical venues and service partners to enable real-time experiences. Through these integrations, we may collect order and service requests made within venues, table bookings and event participation data, staff interactions (e.g., waiters, hosts, DJs), and venue-based activity such as check-ins and engagement.

5. Purpose of Data Processing

5.1 Service Delivery and Operations

We process personal data to provide and manage core platform functionalities, including user account creation and management, venue interactions (orders, bookings, service requests), event access and participation, and customer support and issue resolution.

5.2 Payments, Wallet, and Transactions

Personal data is processed to facilitate financial services, including wallet management and balance tracking, coin purchases and usage, tipping, peer-to-peer transfers, and group payments, and transaction verification and reconciliation.

5.3 Social Networking and Interactions

We process data to enable social features, including user profiles and connections, messaging and communication between users, club feeds, posts, comments, and reactions, and friend discovery and check-in visibility.

5.4 Personalization and Recommendations

We use personal data to tailor the user experience, including personalized venue and event recommendations, content curation within club feeds, targeted offers and promotions, and user-specific settings and preferences.

5.5 Marketing and Promotions

Personal data may be used for marketing purposes, including sending promotional messages, offers, and updates, notifying users about events, venues, and features, and conducting campaigns and loyalty programs. Where required by law, such processing is based on user consent, and users may opt out at any time.

5.6 Security, Fraud Prevention, and Compliance

We process data to maintain platform integrity and comply with legal obligations, including detecting and preventing fraud, abuse, and unauthorized access, monitoring transactions for suspicious activity, enforcing platform policies and terms, and complying with legal and regulatory requirements.

5.7 Analytics and Platform Improvement

We analyze usage and behavioral data to improve platform performance and reliability, develop new features and services, conduct research and statistical analysis, and optimize user experience and engagement. This processing is typically performed using aggregated or anonymized data where possible.

6. Legal Basis for Processing

RAVEON processes personal data in accordance with applicable data protection laws, including the Kenya Data Protection Act, 2019 and, where applicable, the General Data Protection Regulation (GDPR). Each processing activity is supported by a valid legal basis as outlined below.

6.1 Consent

RAVEON relies on your consent to process personal data in specific circumstances, including sending marketing communications and promotional offers, accessing precise location data, enabling certain social visibility features, and using cookies and similar tracking technologies (where required). Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to such withdrawal.

6.2 Contractual Necessity

We process personal data where it is necessary to perform a contract with you or to take steps at your request prior to entering into a contract. This includes creating and managing user accounts, processing payments and transactions, delivering in-app services such as bookings, orders, and event access, and facilitating user interactions and platform functionality.

6.3 Legal Obligations

RAVEON may process personal data to comply with legal and regulatory obligations, including financial reporting and record-keeping requirements, anti-money laundering (AML) and fraud prevention obligations, compliance with court orders, subpoenas, or lawful requests from authorities, and data protection and privacy compliance obligations.

6.4 Legitimate Interests

We may process personal data based on our legitimate interests, including improving and optimizing the platform and services, ensuring platform security and preventing fraud or abuse, conducting analytics and performance monitoring, personalizing user experiences and recommendations, and supporting business operations and growth. Where we rely on legitimate interests, we conduct appropriate assessments to ensure a fair balance between our interests and your rights.

7. Sharing and Disclosure of Information

RAVEON may share personal data with third parties where necessary to provide services, comply with legal obligations, or support legitimate business operations. All data sharing is conducted in accordance with applicable data protection laws and subject to appropriate safeguards.

7.1 Venues and Event Partners

We may share relevant personal data with venues and event partners to facilitate service delivery, including table bookings and reservations, order fulfillment (food, drinks, in-club services), event access and ticket validation, and user interactions within venue environments. Such partners are required to process personal data in accordance with applicable data protection standards and contractual obligations.

7.2 Payment Processors and Financial Institutions

To enable secure financial transactions, we share necessary data with payment gateways and processors, banks and financial institutions, and fraud detection and transaction monitoring services. These entities process payment-related data independently or as data processors and are subject to strict security and compliance requirements, including industry standards such as PCI-DSS.

7.3 Service Providers and Vendors

RAVEON engages third-party service providers to support platform operations, including cloud hosting and infrastructure providers, analytics and performance monitoring services, customer support tools and communication platforms, and marketing and campaign management services. These providers act as data processors and are contractually bound to process personal data only on RAVEON's instructions and to implement appropriate security measures.

7.4 Legal and Regulatory Authorities

We may disclose personal data where required to comply with applicable laws and regulations, respond to lawful requests from public authorities, enforce our Terms of Use or other agreements, or protect the rights, safety, and property of RAVEON, its users, or third parties. Such disclosures are made only when legally justified and necessary.

7.5 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to relevant third parties as part of the transaction. In such cases, users will be notified where required by law, and personal data will remain subject to equivalent confidentiality and protection standards.

8. Financial Data and Payments

8.1 Wallet and Coin System

RAVEON enables users to maintain a digital wallet and use virtual coins within the platform. In connection with these services, we process wallet balances and transaction records, coin purchases, usage, and redemption, and funding sources and top-up activities.

8.2 Tipping and Peer Transfers

Users may send funds to other users, DJs, performers, or service staff through tipping and peer-to-peer transfers. For these transactions, we process sender and recipient identifiers, transaction amounts and timestamps, and transaction history and confirmations.

8.3 Payment Security and PCI Considerations

RAVEON implements appropriate safeguards to protect financial data, including use of secure, encrypted communication channels (e.g., HTTPS/TLS), integration with compliant third-party payment processors, and avoidance of storing full payment card details on RAVEON systems where possible. Where payment card processing is involved, it is handled by certified providers in accordance with PCI-DSS (Payment Card Industry Data Security Standard) requirements.

8.4 Transaction Monitoring and Fraud Controls

To protect users and maintain platform integrity, RAVEON implements monitoring and fraud prevention measures, including real-time transaction monitoring, detection of suspicious or unusual activity, risk scoring and automated alerts, and manual review where necessary. RAVEON may temporarily restrict or investigate transactions where fraud, abuse, or policy violations are suspected.

9. Location Data and Real-Time Tracking

RAVEON uses location-based data to enable core platform features that depend on user presence within venues and event environments. All location data processing is conducted in accordance with applicable laws and subject to user permissions.

9.1 Check-In Features

RAVEON allows users to check in to venues and events using the platform. In connection with this feature, we may process venue check-in status, time and duration of presence, and associated interactions within the venue (e.g., posts, orders, connections). Check-ins may be visible to other users depending on your privacy settings.

9.2 Venue Presence Tracking

To support real-time services, RAVEON may process location data to determine whether a user is present within or near a venue. This enables access to venue-specific features and services, real-time ordering and service requests, discovery of nearby users and social interactions, and contextual content and event participation. Location data may be collected using GPS, Wi-Fi, Bluetooth, or other proximity-based technologies, depending on device capabilities and permissions.

9.3 User Controls and Permissions

RAVEON provides users with control over how their location data is collected and used. Location services can be enabled or disabled through device settings. Users may control visibility of their check-ins and presence. Certain features may be unavailable if location access is restricted. Where required, RAVEON will obtain your explicit consent before collecting precise location data.

10. Social Features and Content Visibility

10.1 User-Generated Content

RAVEON processes content that users voluntarily create and share on the platform, including posts, comments, and reactions, messages and interactions with other users, media uploads (photos, videos, etc.), and song requests, DJ interactions, and engagement activities. Users are responsible for the content they share and must ensure it complies with applicable laws and platform policies.

10.2 Public vs Private Interactions

RAVEON allows different levels of content visibility. Public Content is visible to other users within a venue, event, or broader platform audience. Private Content is restricted to selected users, such as direct messages or limited audience posts. Visibility depends on user settings, feature design, and the context in which content is shared.

10.3 Club Feeds and Engagement

RAVEON features venue-based or event-based feeds ("club feeds") where users can share updates and experiences in real time, interact with other attendees through comments and reactions, and discover content from users present in the same venue. Content in club feeds may be visible to users who are checked into the same venue or event.

10.4 Content Moderation

RAVEON may monitor and moderate user-generated content to ensure compliance with its policies and applicable laws. This may include automated detection of inappropriate or harmful content, manual review and moderation actions, removal or restriction of content that violates platform rules, and suspension or restriction of user accounts in serious cases.

11. Data Retention

11.1 Retention Principles

RAVEON retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, regulatory, operational, and contractual requirements. RAVEON applies the principles of purpose limitation, data minimization, storage limitation, and security when determining data retention periods. Where data is no longer required, it is securely deleted or anonymized.

11.2 Retention Periods by Data Category

• Account and Profile Data: retained for the duration of the user account and for a reasonable period thereafter for legal and operational purposes.
• Financial and Transaction Data: retained for a minimum period required by financial regulations, tax laws, and audit requirements (typically several years).
• Location and Usage Data: retained for a limited period necessary to support platform functionality, analytics, and security.
• User-Generated Content: retained until deleted by the user or removed in accordance with platform policies.
• Communication and Support Data: retained as necessary to resolve disputes, enforce agreements, and improve services.

Retention periods may be extended where required by law or for the establishment, exercise, or defense of legal claims.

11.3 Data Deletion and Anonymization

RAVEON implements processes to ensure timely and secure data disposal. Personal data may be deleted upon user request, subject to legal and contractual restrictions. Certain data may be anonymized for analytical or statistical purposes. Backup systems may retain data for limited periods before automatic deletion. Where deletion is not immediately feasible (e.g., due to technical constraints), data will be isolated and protected until it can be permanently removed.

12. Data Security

RAVEON implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

12.1 Technical Safeguards

• Encryption of data in transit using secure protocols (e.g., HTTPS/TLS)
• Encryption of sensitive data at rest where applicable
• Secure API communication and authentication mechanisms
• Firewalls, intrusion detection, and prevention systems
• Regular system updates and vulnerability management

12.2 Organizational Measures

• Internal data protection policies and procedures
• Employee training and awareness on data privacy and security
• Confidentiality obligations for staff and contractors
• Controlled access to systems based on roles and responsibilities

12.3 Access Control and Authentication

• Role-Based Access Control (RBAC)
• Multi-factor authentication (MFA) for sensitive systems
• Secure credential management
• Logging and monitoring of access activities

12.4 Incident Response and Breach Notification

RAVEON maintains incident response procedures to detect, investigate, and respond to security incidents, including real-time monitoring and alerting systems, incident containment and remediation processes, and internal escalation and reporting protocols. In the event of a data breach, RAVEON will notify affected users where required by law, report the breach to relevant regulatory authorities within prescribed timelines, and take corrective actions to mitigate risks and prevent recurrence.

13. Your Rights and Choices

RAVEON respects your rights as a data subject and provides mechanisms to exercise control over your personal data, in accordance with applicable data protection laws, including the Kenya Data Protection Act, 2019 and, where applicable, the GDPR.

13.1 Right to Access

You have the right to request access to the personal data we hold about you, including confirmation of whether your data is being processed, a copy of your personal data, and information about how and why your data is being processed.

13.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. RAVEON will take reasonable steps to ensure that such data is updated without undue delay.

13.3 Right to Erasure

You may request the deletion of your personal data where the data is no longer necessary for the purposes it was collected, you withdraw consent (where processing is based on consent), or the data has been processed unlawfully. This right is subject to legal and regulatory obligations that may require retention of certain data.

13.4 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances, including where you contest the accuracy of the data, where processing is unlawful but you prefer restriction over deletion, or where RAVEON no longer needs the data but you require it for legal claims.

13.5 Right to Data Portability

Where applicable, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request transfer of such data to another service provider.

13.6 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of prior processing.

13.7 Right to Object

You have the right to object to processing of your personal data where such processing is based on legitimate interests or for direct marketing purposes.

13.8 Exercising Your Rights

You may exercise your rights by contacting RAVEON through the channels provided in Section 19. RAVEON may require verification of your identity before processing such requests. Requests will be handled within the timeframes required by applicable law.

14. Cookies and Tracking Technologies

RAVEON uses cookies and similar tracking technologies to enhance user experience, ensure platform functionality, and support analytics and marketing activities.

14.1 Types of Cookies Used

• Strictly Necessary Cookies: essential for the operation of the platform, including authentication, security, and session management.
• Performance and Analytics Cookies: used to collect information about how users interact with the platform.
• Functionality Cookies: enable enhanced features and personalization, such as remembering user preferences and settings.
• Advertising and Marketing Cookies: used to deliver relevant advertisements and measure the effectiveness of marketing campaigns (where applicable).

14.2 Purpose of Cookies

• Enable core platform functionality and secure access
• Analyze user behavior and improve performance
• Personalize content and user experience
• Support marketing and promotional activities
• Detect and prevent fraudulent or unauthorized activity

14.3 Managing Cookie Preferences

Cookies can be managed or disabled through browser settings. Mobile device settings may allow control over tracking technologies. Where required by law, users will be presented with cookie consent options. Disabling certain cookies may affect the functionality and performance of the platform.

15. Children's Privacy

RAVEON is designed for use by adults and does not knowingly collect or process personal data from individuals below the legally permitted age.

15.1 Age Restrictions

Use of the RAVEON platform is restricted to individuals who meet the minimum legal age requirements applicable in their jurisdiction, including the legal age for entering nightlife venues, the legal age for entering into binding contracts, and the legal age for using financial and payment services. By using the platform, you represent and warrant that you meet these age requirements.

15.2 Handling of Minor Data

RAVEON does not knowingly collect personal data from minors. If we become aware that personal data has been collected from a minor without appropriate authorization, we will take immediate steps to delete such data, may suspend or terminate the associated account, and may request verification of age where necessary. Parents or guardians who believe that a minor has provided personal data to RAVEON may contact us to request its deletion.

16. International Data Transfers

16.1 Cross-Border Data Processing

Personal data collected by RAVEON may be stored, processed, or accessed in countries other than the country in which it was originally collected. This may occur where cloud infrastructure and hosting providers operate in multiple jurisdictions, service providers or partners are located in different countries, or users interact with the platform across international locations. These transfers are necessary to ensure the availability, performance, and scalability of the platform.

16.2 Safeguards and Transfer Mechanisms

Where personal data is transferred internationally, RAVEON implements appropriate safeguards, including entering into data transfer agreements incorporating standard contractual clauses, ensuring that recipients are subject to adequate data protection obligations, conducting risk assessments of cross-border transfers, and applying technical and organizational security measures to protect data. Where required by law, RAVEON will obtain user consent or rely on other lawful transfer mechanisms before transferring personal data internationally.

17. Third-Party Links and Services

17.1 External Platforms

The RAVEON platform may include links to external websites, applications, or services that are not operated or controlled by RAVEON. These may include payment gateways and financial service providers, social media platforms, event partners and ticketing systems, and marketing or promotional partners. When you interact with such third-party platforms, your data will be subject to their respective privacy policies and terms. RAVEON is not responsible for the privacy practices, content, or security of external platforms.

17.2 Third-Party Integrations

RAVEON may integrate with third-party services to enhance functionality, including payment processing and financial services, analytics and performance monitoring tools, identity verification and fraud detection services, and communication and messaging tools. In such cases, only necessary data is shared to enable the integration. Third parties are contractually required to protect personal data, and data processing is limited to defined purposes. Users are encouraged to review the privacy policies of third-party services where applicable.

18. Changes to This Privacy Policy

18.1 Updates and Notifications

Where changes are made to this Privacy Policy, the updated version will be published on the RAVEON platform, the "Last Updated" date will be revised accordingly, and users may be notified through in-app notifications, email, or other appropriate channels where required. Material changes that significantly affect user rights or data processing practices will be clearly communicated.

18.2 Continued Use

By continuing to access or use the RAVEON platform after updates to this Privacy Policy, you acknowledge and agree to the revised terms. Where required by law, RAVEON will seek your consent for specific changes before they take effect.

19. Contact Information

RAVEON is committed to addressing any questions, concerns, or requests related to this Privacy Policy and the processing of personal data.

19.1 Data Protection Officer (DPO)

RAVEON has appointed a Data Protection Officer (DPO) responsible for overseeing data protection compliance and handling data-related inquiries. You may contact the DPO for questions about this Privacy Policy, requests to exercise your data protection rights, concerns regarding data processing practices, and reporting potential data breaches or misuse.

19.2 Contact Channels

You can reach RAVEON through the following channels:

• Email: privacy@raveon.com
• Support Portal: available within the RAVEON application
• Postal Address: Registered office address of RAVEON (as published on the Platform)

RAVEON will respond to inquiries within the timelines required by applicable law.

19.3 Complaints and Regulatory Authorities

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a relevant supervisory authority, including the Office of the Data Protection Commissioner (ODPC), Kenya, or any other applicable data protection authority in your jurisdiction. RAVEON encourages users to contact us first to resolve concerns before escalating to regulatory authorities.