Privacy Policy
Last updated: 7/2/2026
1. Introduction
GoDrop Global ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our peer-to-peer parcel delivery platform. By using GoDrop Global, you agree to the practices described in this policy.
2. Information we collect
We collect the following types of information to provide and improve our services:
- Account information — name, email address, phone number, profile photo, and password (hashed).
- Identity verification (KYC) — government-issued ID, driver's licence, passport, or other documents required to verify your identity before you can send or carry parcels.
- Delivery addresses — pickup and drop-off addresses, saved addresses, and address book entries.
- Payment information — we do not store credit or debit card numbers. All payment data is processed securely by Stripe.
- Location data — real-time courier location during active deliveries to enable live tracking for senders and recipients. Location tracking stops automatically when a delivery is completed.
- Communications — messages between senders, recipients, and couriers conducted through our in-app chat system.
- Device and usage data — IP address, browser type, operating system, app version, crash logs, and interaction analytics to help us improve performance and security.
- Photos and proof of delivery — images captured at pickup and delivery to confirm handoff and resolve disputes.
3. How we use your information
We use your information to:
- Operate the marketplace and match senders with couriers.
- Verify identities and comply with legal KYC obligations.
- Route parcels and provide accurate ETAs and live tracking.
- Process payments, hold funds in escrow, and pay couriers.
- Prevent fraud, abuse, and illegal activity on the platform.
- Resolve disputes between senders, recipients, and couriers.
- Send transactional notifications (booking confirmations, delivery updates, payment receipts) via push, SMS, and email.
- Improve the product, fix bugs, and analyse usage patterns.
4. Payments and Stripe
All payments on GoDrop Global are processed by Stripe, a PCI-compliant payment provider. We never store your full card number, CVV, or bank account details on our servers. When you enter payment information, it is sent directly to Stripe via encrypted channels. Stripe's use of your data is governed by their Privacy Policy.
5. Location information
Location data is collected only when a delivery is active and you are acting as a courier. Senders and recipients can see the courier's live location on the map to track their parcel in real time. Location tracking begins when a courier accepts a delivery and stops automatically when the delivery is marked as completed. You can disable location permissions in your device settings, but this will prevent you from accepting delivery jobs.
6. How we protect your data
We take security seriously and implement the following measures:
- Encryption in transit — all data transmitted between your device and our servers is protected with TLS (HTTPS).
- Encryption at rest — sensitive data stored in our database is encrypted.
- Role-based access control — only authorised personnel can access backend systems, and all access is logged and audited.
- Row-level security (RLS) — database policies ensure you can only access data you are authorised to see.
- Regular security reviews — we conduct ongoing audits of our infrastructure and code to identify and fix vulnerabilities.
No system is 100% secure. If you suspect a security issue, please report it immediately to info@godropglobal.com.
7. Cookies and similar technologies
We use a minimal set of cookies and local storage entries:
- Session cookies — to keep you signed in (managed by our authentication provider).
- Preference cookies — to remember your theme (light/dark), notification preferences, and last selected role.
- Stripe fraud prevention — Stripe may set cookies during checkout to detect fraudulent transactions.
We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that build behavioural profiles. If we add product analytics in the future, we will ask for your consent first. You can clear cookies and local storage from your browser settings at any time — doing so will sign you out.
8. Sharing your information
We only share data when necessary:
- With the other party — during an active delivery, the sender and recipient can see the courier's name, photo, rating, and live location. The courier can see the sender's and recipient's names and contact phone numbers.
- Stripe — for payment processing, escrow, and payouts.
- Identity verification providers — to confirm your identity during KYC.
- Hosting and infrastructure providers — our backend is hosted on secure cloud infrastructure.
- Law enforcement — when required by law or to protect the safety of our users.
9. Data retention
- Account data — kept while your account is active and for 12 months after closure.
- KYC records — retained for 5 years to comply with anti-money laundering (AML) obligations.
- Delivery records — kept for 7 years for tax and dispute resolution purposes.
- Messages — retained for 2 years.
- Proof-of-delivery photos — retained permanently as evidence to resolve disputes and support insurance claims.
10. International transfers
Your data may be processed outside your country of residence (for example, in the United States by Stripe for payment processing). When this happens, we rely on Standard Contractual Clauses and other lawful transfer mechanisms to ensure your data remains protected.
11. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete information.
- Delete your account and associated data (subject to legal retention requirements).
- Export your data in a portable format.
- Restrict or object to certain types of processing.
- Withdraw consent where processing is based on consent (e.g. push notifications).
To exercise any of these rights, contact us at info@godropglobal.com. We will respond within 30 days.
12. Children's privacy
GoDrop Global is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
14. Contact us
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:
Email: info@godropglobal.com
Address: GoDrop Global, Auckland, Aotearoa New Zealand