Privacy Policy
Last updated: 6/14/2026
Data we collect
Account data (name, email, phone), identity documents (KYC), delivery addresses, payment information (processed by Stripe — we never store card numbers), courier location during active deliveries, messages between senders and couriers, and device/usage analytics.
Why we collect it
To operate the marketplace, verify identities, route parcels, process payments and payouts, prevent fraud, resolve disputes, and improve the product. Location is only tracked while a delivery is active and stops on completion.
Legal basis (GDPR)
Contract performance (delivery + payment), legal obligation (KYC, AML), legitimate interest (fraud prevention, analytics), and consent (marketing, push notifications).
Sharing
We share what's necessary with: the other party of a delivery (name, photo, rating, live location during the job), Stripe (payments + payouts), identity verification providers, hosting providers (Supabase/Cloudflare), and law enforcement when legally required.
Retention
Account data is kept while your account is active and for 12 months after closure. KYC records are kept 5 years (AML obligation). Delivery records are kept 7 years (tax). Messages are kept 2 years.
Your rights
Access, correct, export, delete your data, restrict processing, or object — contact privacy@godrop.app. You can also lodge a complaint with your data protection authority.
International transfers
Data may be processed outside your country (e.g. the US for Stripe). We rely on Standard Contractual Clauses to protect such transfers.
Security
Encryption in transit (TLS) and at rest, role-based access control, audited backend access. No system is 100% secure — report suspected incidents to security@godrop.app.
Children
GoDrop is not for users under 18.