Privacy Policy

Last updated: May 2026

Delivery Platform operates in Kuwait and processes the personal data described below to deliver orders, manage merchant and courier accounts, and meet legal obligations.

1. What we collect

• Merchants: business name, contact email of staff users, wallet balance and topup history, integration keys, audit logs of admin actions.
• Customers (end recipients): dropoff address text + coordinates, phone number, name, COD amount. Source: the merchant when an order is created.
• Agents: phone number, password hash, location pings while clocked in, device integrity attestations, proof photos and signatures captured during delivery.
• Couriers: business name, contact info, compliance documents.

2. How we use it

Personal data is used to dispatch orders, contact recipients (via SMS / WhatsApp / email), authenticate users, compute fares, settle couriers and merchants, and meet anti-fraud / regulatory obligations.

3. Sharing

We share data with the assigned courier and agent for the duration of a delivery. We use service providers (SMS, email, push notifications, mapping, payment processing) under contracts that restrict their use of your data to those purposes.

4. Retention

We follow these retention windows:

• Raw agent GPS pings: 30 days
• Delivery route replay: 180 days after the delivery terminates
• Outbound notification recipient + payload: 90 days
• Delivery proof media + signatures: 2 years after terminal state
• Compliance + payout documents: indefinite unless removal is requested and legally allowed
• Audit log (operational): 24 months; money + compliance + permission-change rows: indefinite

5. Your rights

You can request access to your personal data, correction of inaccuracies, or deletion subject to our legitimate-interest and legal retention obligations. Send requests through your merchant portal contact channel; we respond within 30 days.

6. Security

We use Android Keystore for agent-app session token storage, TLS in transit, row-level security on the database for tenant isolation, and HMAC signature verification on inbound webhooks.

7. Changes

We may update this policy; the "Last updated" date above reflects the most recent version. Material changes will be communicated through the merchant portal.