Delivables Logo

Privacy Policy

Last updated: 25th February, 2026.

At Delivables, we are deeply committed to protecting your privacy and handling your personal data with the highest standards of care and responsibility. This Privacy Policy ("Policy") constitutes a legally binding agreement between you and Stackwares Ltd ("Delivables", "we", "our", "us") and comprehensively explains how we collect, use, process, store, disclose, transfer, and safeguard information when you access, download, or use the Delivables platform, including all web dashboards, mobile applications (iOS and Android), application programming interfaces (APIs), webhooks, web services, documentation, and all related services (collectively, the "Platform", "Service", or "System").By creating an account, accessing, downloading, or using any part of the Delivables Platform, you expressly acknowledge that you have carefully read, fully understood, and voluntarily agree to be bound by this Privacy Policy in its entirety. If you do not agree with any provision of this Policy, you must immediately discontinue all use of the Platform and delete any downloaded applications. This Policy should be read in conjunction with our Terms of Service, which are incorporated herein by reference.

1. Information We Collect

We collect various categories of information to operate, maintain, secure, improve, and personalize the Delivables platform. The specific types of data we collect depend on your role (Organization, Management, Staff, Rider, or Customer) and how you interact with our Platform. All data collection is performed in accordance with applicable data protection laws and regulations.

1.1 Organization Information (Account Holders)

When you register an organization account, we collect:

  • Account credentials including business email address, password (encrypted and hashed), and security authentication data
  • Legal business information including registered business name, trading name (if different), business registration number, tax identification number
  • Primary contact telephone number and alternative contact numbers for account recovery and critical notifications
  • Physical business address, registered office address, and precise GPS coordinates for location-based features
  • Business branding assets including logos, color schemes, and custom domain settings
  • Business classification data including industry category, business type, operational scale, and service areas
  • Complete billing and payment information including bank account details, payment card information (stored securely via PCI-DSS compliant payment processors), billing addresses, invoice history, and payment authorization codes
  • Subscription and plan details including selected tier, billing cycle, feature entitlements, usage limits, and subscription status
  • Branch configuration data including branch locations, operational hours, staff assignments, and service coverage areas
  • Administrative settings including user permissions, role assignments, security settings, notification preferences, and integration configurations
  • Contact person details including full name, official email address, direct telephone number, job title, and authorization level
  • All communications sent to our customer support, sales, technical support, or billing teams including email correspondence, chat transcripts, support tickets, and call recordings (where permitted by law)
  • Usage and consumption data including distance credits used, orders created, API calls made, and feature utilization metrics

1.2 Management Personnel Information

For individuals with management or administrative access, we collect:

  • Full legal name and any preferred professional name or nickname
  • Primary and secondary telephone numbers for account access and security verification
  • Professional email address and alternative contact email for account recovery purposes
  • Authentication credentials including passwords (encrypted), two-factor authentication tokens, and biometric authentication data (if enabled)
  • Organizational role designation, permission levels, and access scope within the Platform
  • Comprehensive activity logs including but not limited to: staff member creation and management, rider onboarding and assignments, branch creation and configuration, system settings modifications, user permission changes, billing and subscription updates, and all administrative actions taken within the Platform
  • Login history including timestamps, IP addresses, device information, and geographic location of access attempts
  • Session data including duration, features accessed, and actions performed

1.3 Staff Member Information

For staff members authorized to use the Platform, we collect:

  • Full legal name as it appears on official identification documents
  • Primary contact telephone number for work-related communications and notifications
  • Work email address (if provided by organization) for official correspondence
  • System-generated unique staff identification number and secure personal identification number (PIN) for authentication
  • Profile photograph or avatar (optional, if uploaded by staff or organization)
  • Branch assignment information including current assigned location, work schedule, and operational territories
  • Detailed activity logs including orders created, modified, or canceled; customer interactions; rider assignments; delivery confirmations; and all transactional data
  • Performance metrics including order processing speed, accuracy rates, customer satisfaction scores, and productivity statistics
  • Device information used to access the Platform including device type, operating system, app version, and unique device identifiers
  • Login timestamps, session durations, and access patterns for security monitoring and fraud prevention

1.4 Rider (Delivery Personnel) Information

For riders who perform deliveries through the Platform, we collect:

  • Full legal name exactly as it appears on government-issued identification documents
  • Primary mobile telephone number for order notifications, customer communications, and emergency contact purposes
  • Email address for account notifications, payment receipts, and official notices
  • Current branch assignment, operational zones, and service coverage areas designated by the organization
  • Comprehensive delivery activity data including orders accepted, in-progress, completed, or declined; pickup and drop-off timestamps; route deviations; and delivery success rates
  • Performance statistics and analytics including average delivery time, on-time delivery percentage, customer ratings, customer feedback, completion rates, and efficiency scores
  • Detailed activity logs encompassing all actions taken within the rider application including order status updates, navigation usage, communication with customers, and proof of delivery submissions
  • Precise real-time GPS location data continuously collected during active delivery assignments for route optimization, delivery tracking, safety monitoring, and dispute resolution. Location tracking begins when a rider accepts an order and continues until delivery completion or order cancellation
  • Historical location data retained for auditing, performance analysis, route optimization, billing verification, and dispute resolution purposes
  • Complete profile and verification information including profile photograph, government-issued identification type (National ID, Passport, Voter ID, etc.), identification number, clear photographs of front and back of identification document
  • Driver's license information including license number, issuing authority, expiration date, license class/category, and high-resolution photographs of front and back of license
  • Vehicle information including type (motorcycle, car, bicycle, etc.), manufacturer, model, year, color, license plate number, and vehicle registration documents
  • Vehicle documentation including road-worthiness certificate, vehicle insurance policy documents, insurance coverage dates, and periodic renewal documentation
  • Background verification data including criminal record checks (where permitted by law), employment history verification, reference checks, and identity authentication results
  • Financial information including bank account details for payment disbursements, payment history, earnings records, and tax documentation (where applicable)
  • Device-specific data including mobile device identifiers, push notification tokens, app permissions, battery status, network connectivity, and sensor data

1.5 Customer (End Recipient) Information

For customers receiving deliveries, we collect only the minimum necessary information:

  • Full name or business name for delivery identification and proof of delivery purposes
  • Contact telephone number for delivery coordination, status notifications, delivery confirmation, and issue resolution
  • Complete delivery address including street address, building name or number, floor, apartment/unit number, nearby landmarks, and precise GPS coordinates for accurate delivery
  • Optional delivery instructions including access codes, gate codes, preferred delivery location, safe drop-off preferences, and contact preferences
  • Package details including item description (where provided), package value, special handling instructions, and proof of delivery requirements
  • Unique delivery confirmation codes generated for secure package handover and delivery verification
  • Delivery interaction data including SMS message history, delivery status acknowledgments, feedback provided, and any customer service communications
  • Optional delivery photos or signatures captured as proof of successful delivery (with customer consent)

1.6 Location Data

Location data is fundamental to the operation of our delivery platform. We collect:

  • Continuous, real-time, high-precision GPS location data from rider mobile devices and delivery equipment during all active delivery periods
  • Background location data from rider devices (when app is running in background) to enable location-based order assignments and optimize rider positioning
  • Detailed route information including complete path traveled, speed data, stops made, route deviations, distance covered, and time spent at each location
  • Trip metadata including start location, intermediate stops, final destination, estimated vs. actual distance, and route efficiency metrics
  • Customer delivery addresses collected and stored as precise GPS coordinates along with formatted street addresses for delivery fulfillment
  • Organization and branch location data including exact coordinates for order routing, distance calculations, and service area determinations
  • WiFi access points, cellular tower data, and IP-based approximate location (for web dashboard users) to supplement GPS data and improve location accuracy
  • Geofencing data used to trigger automated events such as arrival notifications, pickup confirmations, and delivery completion

1.7 Device & Technical Information

To ensure Platform functionality, security, and optimal performance, we automatically collect:

  • Device identification data including device type, manufacturer, model number, unique device identifiers (IMEI, UDID, Android ID), and hardware specifications
  • Operating system information including OS type (iOS, Android, Windows, macOS), OS version, system language, timezone, and regional settings
  • Application data including app version number, build number, installation date, update history, and installed app configuration
  • Network information including IP address (both IPv4 and IPv6), internet service provider, connection type (WiFi, cellular, ethernet), signal strength, and network quality metrics
  • Browser information (for web dashboard users) including browser type, version, screen resolution, viewport size, installed plugins, and browser capabilities
  • Comprehensive session logs recording authentication events, feature usage, page views, clicks, navigation patterns, time spent on each screen, and user interactions
  • Approximate location derived from IP address for security monitoring, fraud detection, and compliance with regional restrictions
  • Detailed actions and events tracked within the Platform including button clicks, feature activations, form submissions, search queries, filter selections, and workflow completions
  • System performance data including app launch time, screen load times, API response times, memory usage, CPU usage, and battery consumption
  • Comprehensive log files capturing system events, errors, warnings, security events, and audit trails for troubleshooting and security purposes
  • Crash reports and diagnostic data automatically generated when application errors occur, including stack traces, error messages, system state at time of crash, and device conditions
  • Cookie data, local storage, and similar tracking technologies used to maintain session state, store user preferences, and enable Platform functionality

1.8 Usage Data

We collect detailed usage data to improve Platform performance and user experience:

  • Feature utilization patterns including which features are accessed most frequently, feature adoption rates, workflow patterns, and user engagement levels
  • Delivery and operational metrics including total orders processed, order volumes over time, cancellation rates, completion rates, average delivery times, and peak usage periods
  • Distance and route analytics including total kilometers traveled, average distance per delivery, route efficiency scores, and distance-based billing data
  • Performance benchmarking data including organization performance compared to industry standards, rider performance metrics, and service quality indicators
  • Aggregated and anonymized analytics data used to identify trends, optimize algorithms, improve user interfaces, and develop new features
  • Search queries, filter selections, and navigation patterns to understand user intent and improve search functionality
  • Error rates, failure patterns, and user-reported issues to identify and resolve technical problems
  • A/B testing data and experimental feature usage to evaluate new functionality before general release

1.9 Communications and Correspondence

When you communicate with us, we collect:

  • Email correspondence including subject lines, message content, attachments, timestamps, sender/recipient information, and email metadata
  • Support ticket information including issue descriptions, screenshots, diagnostic data provided, resolution history, and satisfaction ratings
  • Live chat transcripts including full conversation history, participant information, session duration, and resolution outcomes
  • Phone call records including call duration, caller information, call recordings (where legally permitted and disclosed), and call notes made by support staff
  • Social media interactions including messages sent through our official social media channels, public posts mentioning our brand, and engagement with our content
  • Feedback and survey responses including customer satisfaction scores, feature requests, product improvement suggestions, and testimonials

1.10 Payment and Financial Information

We collect payment and financial information in two contexts: (a) for billing Organizations for their Delivables subscriptions and credit purchases, and (b) for processing end-customer order payments on behalf of Organizations through our Platform payment collection feature. Data collected includes:

  • Payment card information including card number (tokenized), cardholder name, expiration date, CVV (not stored), billing address, and card brand (processed securely through PCI-DSS Level 1 compliant payment processors)
  • Bank account information including account holder name, account number, bank name, sort code or routing number, and IBAN (for direct debit payments)
  • Mobile money account details including provider name, account number, and registered mobile number (where applicable)
  • Payment authorization codes and tokens provided by payment gateways for recurring billing
  • Complete transaction history including payment amounts, timestamps, transaction IDs, payment methods used, transaction status, refunds, chargebacks, and failed payment attempts
  • Invoice data including invoice numbers, billing periods, itemized charges, taxes, discounts applied, and payment due dates
  • Subscription management data including plan changes, upgrades, downgrades, cancellation requests, and renewal history
  • Credit purchase records including distance credits purchased, credit consumption rates, remaining balance, and purchase timestamps
  • Tax information including VAT registration numbers, tax exemption certificates (where applicable), and tax calculation data
  • For Platform-processed order payments: transaction amount, payment reference, payment status, payer contact details (telephone number), and settlement records used to transfer collected funds to the Organization's designated payout account within 24–48 business hours. We do not store full payment card numbers for end-customer order payments; these are tokenized and managed exclusively by our certified payment processors
  • Organization payout account details including bank account name, account number, bank name, and mobile money account information provided for settlement of collected order payments
  • Order split records reflecting the financial breakdown of delivery fees between Branches and Riders within an Organization, retained for audit, reporting, and operational purposes

1.11 Platform Users Information

Platform users are users of the Delivables Platform who place orders through the user subdomain. They are treated as active platform users who interact with the system through order placements and deliveries. As such, the Platform reserves the right to send Platform users updates, alerts, notifications, and service-related communications. For Platform users, we collect:

  • Full name for order identification and delivery coordination
  • Primary contact telephone number for order notifications, delivery status updates, verification codes (OTP), and service-related communications
  • Email address (optional, if provided) for account notifications and official notices
  • Organization context including the organization identifier for multi-tenant association
  • OTP verification data including timestamp of last OTP sent and verification confirmation for security and authentication purposes
  • Location data including last order delivery address and precise GPS coordinates for delivery fulfillment and future order optimization
  • Account status and activation state for service access and platform management
  • Order history and order-related data linked to their account for service delivery and support
  • Creation and update timestamps for account management and audit purposes

2. How We Use Your Information

We process collected information for specific, explicit, and legitimate purposes necessary to provide, maintain, secure, and improve the Delivables Platform. The personal data we collect is used exclusively for the following purposes:

2.1 Service Provision and Platform Operations

  • Creating, managing, and maintaining user accounts across all user roles (Organizations, Management, Staff, Riders, Customers)
  • Authenticating users, verifying identities, and securing access to the Platform through password verification, two-factor authentication, and session management
  • Processing and facilitating deliveries including order creation, rider assignment, route calculation, real-time tracking, delivery confirmation, and proof of delivery
  • Enabling real-time GPS tracking and location-based features essential for delivery coordination and customer visibility
  • Calculating accurate distances, estimating delivery times, and optimizing delivery routes using advanced routing algorithms
  • Managing distance-based billing, tracking usage consumption, processing subscription payments, and generating accurate invoices
  • Facilitating communications between riders, staff, customers, and support teams through in-app messaging, SMS notifications, and email
  • Enabling organizational administration including branch management, staff onboarding, rider assignment, and permission configuration

2.2 Personalization and User Experience Enhancement

  • Customizing the user interface based on role, preferences, language, timezone, and historical usage patterns
  • Providing personalized recommendations for optimal feature usage, workflow improvements, and best practices
  • Remembering user preferences, saved settings, favorite configurations, and frequently used features
  • Tailoring notifications and alerts based on user behavior, relevance, and notification preferences
  • Adapting the Platform interface to individual usage patterns to improve efficiency and reduce friction

2.3 Analytics, Performance Monitoring, and Service Improvement

  • Analyzing usage patterns, user behavior, and feature adoption to understand how the Platform is used and identify areas for improvement
  • Monitoring system performance, uptime, response times, error rates, and resource utilization to maintain service quality
  • Identifying technical issues, bugs, crashes, and performance bottlenecks through automated monitoring and error reporting
  • Conducting A/B testing and controlled experiments to evaluate new features, improvements, and design changes before general release
  • Generating aggregated statistical reports and industry benchmarks while preserving individual privacy through anonymization
  • Measuring key performance indicators including delivery success rates, customer satisfaction, rider performance, and organizational efficiency

2.4 Feature Development and Innovation

  • Researching and developing new features, services, and capabilities based on user needs and market demands
  • Training and improving machine learning algorithms for route optimization, demand forecasting, and intelligent rider assignment
  • Testing experimental features and gathering feedback from early adopters before broader deployment
  • Innovating on delivery logistics, route planning, and operational efficiency through data-driven insights

2.5 Customer Support and Service Delivery

  • Responding to customer inquiries, support requests, technical issues, and billing questions through multiple support channels
  • Investigating and resolving disputes, complaints, delivery issues, and service quality concerns
  • Providing technical assistance, troubleshooting guidance, and user training to ensure successful Platform adoption
  • Maintaining comprehensive support ticket history to provide context for ongoing issues and improve resolution efficiency
  • Conducting follow-up communications to ensure issue resolution and gather satisfaction feedback

2.6 Security, Fraud Prevention, and Platform Integrity

  • Detecting, preventing, and investigating fraudulent activities, suspicious behavior, unauthorized access attempts, and security threats
  • Monitoring unusual usage patterns, anomalous behavior, and potential abuse of Platform features or billing systems
  • Verifying user identities, authenticating credentials, and preventing unauthorized account access through multi-factor authentication and risk-based authentication
  • Conducting background checks and identity verification for riders to ensure safety and reliability
  • Implementing and maintaining security measures including encryption, access controls, intrusion detection, and vulnerability management
  • Investigating security incidents, data breaches, and potential violations of our Terms of Service
  • Protecting against denial-of-service attacks, malware, phishing attempts, and other cyber threats

2.7 Legal Compliance and Regulatory Obligations

  • Complying with applicable laws, regulations, legal processes, court orders, subpoenas, and governmental requests
  • Meeting regulatory requirements for data retention, audit trails, financial record-keeping, and tax reporting
  • Responding to law enforcement requests, regulatory inquiries, and legal investigations in accordance with applicable law
  • Maintaining records required for dispute resolution, litigation, arbitration, and legal proceedings
  • Enforcing our Terms of Service, Privacy Policy, and other agreements including investigating violations and taking appropriate action
  • Protecting our legal rights, interests, property, and the safety of our users and the public

2.8 Business Operations and Communications

  • Sending transactional emails and notifications including account confirmations, order updates, delivery status, password resets, and security alerts
  • Communicating important service announcements, Platform updates, maintenance schedules, policy changes, and terms updates
  • Delivering marketing communications, promotional offers, feature announcements, and product news (with appropriate consent and opt-out mechanisms)
  • Conducting customer satisfaction surveys, feedback requests, and user research to improve our services
  • Processing payments, managing subscriptions, generating invoices, handling refunds, and maintaining financial records
  • Facilitating business development activities, partnership opportunities, and integration with third-party services

2.9 Aggregate and Statistical Analysis

  • Creating anonymized, aggregated statistical data and industry reports that do not identify individual users
  • Conducting market research, trend analysis, and competitive benchmarking using de-identified data
  • Publishing anonymized insights, case studies, and best practices to benefit the broader delivery and logistics industry
  • Sharing aggregated metrics with partners, investors, and the public without revealing individual or organization-specific data

3. Location Services and GPS Data Collection

Location data is absolutely fundamental and essential to the core operation of our delivery platform. Without precise location information, we cannot provide the delivery coordination, tracking, and routing services that form the basis of our Platform.

3.1 Why We Collect Location Data

Delivables relies on continuous, precise GPS location data to:

  • Match available riders with incoming delivery requests based on proximity, availability, and optimal positioning
  • Calculate accurate distances between pickup locations and delivery destinations for proper billing and route planning
  • Optimize delivery routes using advanced algorithms that consider real-time traffic, road conditions, and multiple stop sequences
  • Provide real-time delivery tracking to customers, enabling them to see exactly where their package is and when it will arrive
  • Generate accurate delivery status updates including "rider on the way", "arrived at pickup", "en route to destination", and "delivered"
  • Verify delivery completion by confirming that riders physically reached the designated delivery addresses
  • Ensure rider safety through location monitoring, emergency location sharing, and route deviation alerts
  • Resolve disputes by providing verifiable location evidence of where riders traveled and when deliveries occurred
  • Analyze delivery patterns, identify operational inefficiencies, and improve overall service quality
  • Comply with regulatory requirements that may mandate location tracking for commercial delivery operations

3.2 How Location Data is Collected

  • Continuous GPS tracking through the rider mobile application during all active delivery periods, from order acceptance through delivery completion
  • Background location collection when the rider app is running in the background, enabling location-based order notifications and optimized rider positioning
  • WiFi-based location triangulation to supplement GPS data in areas with poor satellite visibility such as urban canyons or indoor locations
  • Cellular tower triangulation to provide approximate location when GPS and WiFi signals are unavailable
  • Manual address input and geocoding when users enter addresses for pickup or delivery locations
  • IP-based geolocation for web dashboard users to provide region-appropriate services and comply with regional restrictions

3.3 Location Data Retention and Usage

  • Location data is retained for the duration necessary to provide the service and for legitimate business purposes including billing verification, dispute resolution, and regulatory compliance
  • Historical route data may be stored for up to 24 months for auditing, performance analysis, and legal compliance purposes
  • After the retention period, location data may be anonymized and aggregated for statistical analysis while removing all personally identifiable information
  • Location data may be retained longer when required for ongoing legal proceedings, regulatory investigations, or unresolved disputes

3.4 Managing Location Permissions

You have control over location permissions through your device settings. However, please note:

  • Riders must grant "Always Allow" or "Allow While Using App" location permissions to accept and fulfill delivery orders. Disabling location access will prevent riders from using the Platform for deliveries
  • Organizations and staff members may disable location services, but this will limit access to location-based features such as nearby rider visualization and branch-based filtering
  • Customers who disable location services may need to manually enter complete delivery addresses instead of using location-based address detection
  • Disabling location services may significantly degrade the quality and reliability of the delivery service, including inaccurate ETAs, suboptimal routing, and inability to provide real-time tracking

4. Legal Basis for Processing (GDPR and International Compliance)

Where required by applicable data protection laws including the General Data Protection Regulation (GDPR), UK GDPR, and similar privacy frameworks, Delivables processes personal data based on one or more of the following lawful bases:

4.1 Performance of a Contract (Article 6(1)(b) GDPR)

Processing is necessary to perform the contract between you and Delivables, or to take steps at your request before entering into a contract. This applies to:

  • Creating and managing user accounts
  • Providing the Platform and all its features
  • Processing and facilitating deliveries
  • Calculating distances and billing for services
  • Providing customer support and resolving issues
  • Fulfilling our obligations under the Terms of Service

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

Processing is necessary for our legitimate business interests or those of a third party, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

  • Ensuring Platform security, preventing fraud, and detecting unauthorized access or abuse
  • Improving and optimizing the Platform through analytics, A/B testing, and performance monitoring
  • Developing new features and services based on user needs and market demands
  • Conducting business operations including accounting, auditing, and financial reporting
  • Marketing our services to existing customers and prospective users
  • Protecting our legal rights and interests in case of disputes or legal proceedings
  • Ensuring rider safety and service quality through location monitoring and performance tracking

4.3 Legal Obligations (Article 6(1)(c) GDPR)

Processing is necessary to comply with legal obligations to which Delivables is subject, including:

  • Responding to court orders, subpoenas, and law enforcement requests
  • Maintaining records for tax and accounting purposes as required by law
  • Complying with regulatory requirements for financial services and data protection
  • Meeting data retention obligations under applicable laws
  • Reporting to regulatory authorities when legally required

4.4 Consent (Article 6(1)(a) GDPR)

Where we rely on consent, you have freely given, specific, informed, and unambiguous consent for processing, such as:

  • Marketing communications beyond transactional messages
  • Optional features that require additional permissions
  • Participation in surveys, user research, or beta testing programs
  • Collection of sensitive personal data where required by law (with explicit consent)

You may withdraw consent at any time by contacting us or using in-app preference settings. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

4.5 Vital Interests (Article 6(1)(d) GDPR)

In rare cases, processing may be necessary to protect vital interests, such as emergency situations where rider safety is at risk and immediate location sharing with emergency services is required.

5. Data Sharing, Disclosure & Third-Party Service Providers

We do not sell, rent, or trade personal data to third parties for their marketing purposes. However, we may share information with carefully selected third parties under strict confidentiality and data protection agreements in the following circumstances:

5.1 Within Your Organization

Information is shared within your organization according to role-based access controls:

  • Organization administrators and management can access data for all users within their organization
  • Staff members can access delivery and customer data necessary to fulfill their job responsibilities
  • Riders can access customer contact information and delivery addresses only for assigned deliveries
  • Branch managers can access data relevant to their specific branch and assigned personnel

5.2 Service Providers and Business Partners

We engage trusted third-party service providers who process personal data on our behalf under strict data processing agreements. These providers are contractually obligated to:

  • Process data only according to our documented instructions
  • Implement appropriate technical and organizational security measures
  • Maintain confidentiality and not use data for their own purposes
  • Delete or return data upon termination of services
  • Assist us in responding to data subject requests and regulatory inquiries

Categories of service providers include:

  • Cloud infrastructure and hosting providers (AWS, Google Cloud, or similar) for secure data storage, processing, and Platform hosting
  • Mapping and geolocation services (Google Maps, Mapbox, or similar) for address geocoding, route calculation, distance computation, and map visualization
  • SMS gateway providers for sending delivery notifications, verification codes, and transactional messages to customers and riders
  • Email service providers for sending transactional emails, account notifications, support communications, and marketing messages (where consented)
  • Payment processors and gateways (Paystack, Flutterwave, Stripe, or similar) for secure payment processing, subscription management, and financial transactions (these providers are PCI-DSS Level 1 certified). When processing end-customer order payments on behalf of Organizations, payment data including transaction amounts, payer contact information, and Organization payout account details are shared with our payment processors solely for the purpose of completing the transaction and settling funds to the Organization. Collected funds are not retained by Delivables and are settled to the Organization within 24–48 business hours. Delivables does not process customer refunds; Organizations are responsible for issuing refunds directly to their customers
  • Analytics and monitoring services (Google Analytics, Mixpanel, or similar) for usage analysis, performance monitoring, and crash reporting
  • Customer support and helpdesk platforms for ticket management, live chat, and customer communication tracking
  • Identity verification and background check services for rider onboarding, KYC compliance, and security screening
  • Push notification services for delivering real-time alerts and updates to mobile devices
  • Content delivery networks (CDNs) for fast, reliable delivery of static assets, images, and application resources
  • Database and backup services for data redundancy, disaster recovery, and business continuity
  • Security and fraud detection services for monitoring suspicious activity, preventing abuse, and protecting against cyber threats

5.3 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, corporate restructuring, sale of assets, bankruptcy, or other business transition, personal data may be transferred to the acquiring or successor entity. We will:

  • Provide notice before your data is transferred or becomes subject to a different privacy policy
  • Require the successor entity to honor this Privacy Policy or provide adequate notice of changes
  • Take reasonable steps to ensure continued protection of personal data during the transition

5.4 Legal and Regulatory Authorities

We may disclose personal data to regulatory authorities, government agencies, law enforcement, or legal professionals when required or permitted by law, including:

  • Responding to valid legal processes including subpoenas, court orders, search warrants, or other lawful requests
  • Complying with regulatory investigations, audits, or information requests from data protection authorities
  • Protecting against legal liability, enforcing our Terms of Service, investigating potential violations, or defending legal claims
  • Preventing, detecting, or investigating fraud, security breaches, criminal activity, or threats to public safety
  • Protecting the rights, property, or safety of Delivables, our users, or the public as required or permitted by law

Where legally permitted, we will notify affected users before disclosing their data to authorities unless prohibited by law or court order.

5.5 Professional Advisers

We may share information with professional advisers including lawyers, accountants, auditors, insurers, and consultants where necessary for:

  • Obtaining legal advice and representation
  • Financial auditing and accounting compliance
  • Insurance claims and risk management
  • Business consulting and strategic planning

These advisers are bound by professional confidentiality obligations and data protection requirements.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify individuals or organizations. This includes:

  • Industry statistics, trends, and benchmarks shared publicly or with partners and investors
  • Aggregated usage metrics, performance data, and platform analytics
  • Anonymized research data used for academic or industry research purposes
  • De-identified data used for machine learning model training and algorithm improvement

5.7 With Your Explicit Consent

We may share your information with additional third parties when you provide explicit, informed consent for such sharing, such as integration with external services or participation in partner programs.

6. International Data Transfers and Cross-Border Processing

Delivables operates globally and may transfer, process, and store personal data in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

6.1 Transfer Mechanisms and Safeguards

When we transfer personal data internationally, we implement appropriate safeguards to protect your information, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or other relevant data protection authorities
  • Adequacy decisions issued by the European Commission or equivalent authorities recognizing certain countries as providing adequate data protection
  • Binding Corporate Rules (BCRs) where applicable for transfers within corporate groups
  • Privacy Shield certification or successor frameworks where applicable and valid
  • Explicit consent for specific transfers where other mechanisms are not available
  • Encryption, pseudonymization, and other technical safeguards to protect data in transit and at rest

6.2 Data Storage Locations

Your data may be stored and processed in data centers located in multiple jurisdictions including but not limited to the European Union, United Kingdom, United States, and other regions where our cloud infrastructure providers maintain facilities. We select data center locations based on:

  • Proximity to users for optimal performance and latency
  • Data sovereignty and compliance requirements
  • Availability of robust security and infrastructure
  • Compliance with applicable data localization laws

6.3 Additional Protection for Sensitive Transfers

For transfers to countries without an adequacy decision, we implement supplementary measures including:

  • Enhanced encryption for data in transit and at rest
  • Regular assessments of the legal environment in destination countries
  • Contractual commitments from service providers to challenge unlawful data access requests
  • Technical measures to minimize data exposure and enable rapid data deletion if necessary

You may request information about the specific safeguards used for international transfers of your personal data by contacting us at help@stackwares.tech.

7. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

7.1 Retention Periods by Data Category

  • Account information (Organizations, Management, Staff, Riders): Retained for the duration of the active account plus 12 months after account closure for dispute resolution and regulatory compliance
  • Customer delivery information: Retained for 24 months after delivery completion for dispute resolution, quality assurance, and regulatory requirements
  • Rider location and route data: Retained for 24 months for auditing, billing verification, performance analysis, and dispute resolution purposes
  • Financial and billing records: Retained for 7 years to comply with tax, accounting, and financial regulatory requirements
  • Transaction logs and usage data: Retained for 24 months for analytics, fraud detection, and operational optimization
  • Communications and support tickets: Retained for 36 months for quality assurance, training, and regulatory compliance
  • Security logs and audit trails: Retained for 12-24 months for security monitoring, incident investigation, and compliance purposes
  • Marketing consent and preferences: Retained until consent is withdrawn or account is closed, plus 12 months for compliance verification
  • Legal hold data: Retained indefinitely while subject to ongoing litigation, regulatory investigation, or legal proceedings

7.2 Extended Retention for Legal Compliance

We may retain certain data beyond standard retention periods when:

  • Required by applicable law, regulation, or legal process (e.g., tax records must be retained for 7 years in most jurisdictions)
  • Necessary for ongoing legal proceedings, disputes, regulatory investigations, or audits
  • Essential for exercising or defending legal claims within the applicable statute of limitations
  • Needed to comply with data retention obligations imposed by regulators or professional bodies
  • Subject to a specific legal hold notice from law enforcement or regulatory authorities

7.3 Data Deletion and Anonymization

When retention periods expire or data is no longer needed, we implement the following deletion procedures:

  • Secure deletion: Personal data is permanently and securely deleted from production systems, databases, and active storage using industry-standard data sanitization methods
  • Backup deletion: Data is removed from backup systems during the next scheduled backup rotation cycle, typically within 90 days
  • Anonymization: Where beneficial for analytics or research, data may be irreversibly anonymized by removing all identifiers, making re-identification practically impossible
  • Aggregation: Individual data points may be aggregated into statistical summaries that cannot be linked back to individuals
  • Third-party deletion: We ensure that third-party service providers delete or return data when no longer needed for the original processing purpose

7.4 Account Closure and Data Deletion

When you close your account or request data deletion:

  • Your account will be deactivated immediately and you will lose access to the Platform
  • Most personal data will be deleted within 30 days of account closure, subject to the retention periods described above
  • Some information may be retained in anonymized or aggregated form for analytics and service improvement
  • Certain data must be retained to comply with legal obligations, such as financial records for tax purposes
  • Data subject to legal holds or ongoing disputes will be retained until the matter is resolved
  • You will receive confirmation once the deletion process is complete (excluding legally required retentions)

Organizations wishing to close accounts and delete data should contact help@stackwares.tech. Individual users should contact their organization administrator for account closure requests.

8. Data Security and Protection Measures

We implement comprehensive technical, physical, and organizational security measures designed to protect personal data against unauthorized access, disclosure, alteration, destruction, or loss. Our security program is based on industry best practices and continuously evolves to address emerging threats.

8.1 Technical Security Measures

  • Encryption in transit: All data transmitted between users and our servers is encrypted using TLS 1.2 or higher with strong cipher suites
  • Encryption at rest: Sensitive personal data including passwords, payment information, and personal identifiers are encrypted at rest using AES-256 or equivalent encryption standards
  • Password security: All passwords are hashed using industry-standard, cryptographically secure hashing algorithms (bcrypt, Argon2, or similar) with unique salts
  • Access controls: Role-based access control (RBAC) ensures users can only access data necessary for their specific role and responsibilities
  • Multi-factor authentication (MFA): Available for all user accounts and required for administrative access to sensitive systems
  • Network security: Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) monitor and protect network infrastructure
  • Secure architecture: Systems are designed with security principles including defense in depth, least privilege, and separation of duties
  • API security: API endpoints are protected with authentication tokens, rate limiting, input validation, and output encoding to prevent common attacks
  • Database security: Production databases are isolated, encrypted, access-controlled, and regularly backed up to secure, geographically distributed locations
  • Vulnerability management: Regular security scanning, penetration testing, and vulnerability assessments identify and remediate potential weaknesses
  • Security monitoring: 24/7 automated monitoring detects suspicious activity, unauthorized access attempts, and potential security incidents
  • Secure development: Code undergoes security reviews, static analysis, and dynamic testing before deployment to production

8.2 Physical and Environmental Security

  • Data centers operated by reputable cloud providers (AWS, Google Cloud, or similar) with SOC 2 Type II, ISO 27001, and other relevant security certifications
  • Physical access controls including biometric authentication, security guards, video surveillance, and visitor management systems
  • Environmental controls including fire suppression, climate control, power redundancy, and disaster recovery infrastructure
  • Hardware security including secure disposal of storage media, encrypted hard drives, and tamper-evident seals

8.3 Organizational Security Measures

  • Employee training: All employees receive regular security awareness training, privacy training, and phishing awareness education
  • Background checks: Employees with access to personal data undergo appropriate background screening before employment
  • Confidentiality agreements: All employees, contractors, and service providers sign confidentiality and data protection agreements
  • Access management: Access to personal data is granted on a need-to-know basis and regularly reviewed and revoked when no longer necessary
  • Incident response: Documented incident response procedures ensure rapid detection, containment, investigation, and resolution of security incidents
  • Business continuity: Disaster recovery and business continuity plans ensure data availability and service resilience
  • Third-party management: Vendors undergo security assessments, sign data processing agreements, and are subject to ongoing security reviews
  • Security governance: Dedicated security team, regular security policy reviews, and executive oversight of security and privacy programs

8.4 Limitations and User Responsibilities

While we implement robust security measures, no system can be guaranteed to be completely secure against all threats. Users also have responsibilities:

  • Keep passwords confidential, use strong unique passwords, and never share credentials with others
  • Enable multi-factor authentication when available for additional account security
  • Keep devices secure with passwords, biometric locks, and up-to-date security patches
  • Use secure networks and avoid accessing sensitive information on public WiFi without VPN protection
  • Report suspicious activity, security concerns, or potential breaches immediately to help@stackwares.tech
  • Log out of accounts when using shared or public devices
  • Review account activity regularly and report unauthorized access immediately

If you suspect unauthorized access to your account or a security vulnerability in our systems, please contact us immediately at help@stackwares.tech.

9. Your Privacy Rights and How to Exercise Them

Depending on your jurisdiction and applicable data protection laws (including GDPR, UK GDPR, CCPA, and other privacy regulations), you may have certain rights regarding your personal data. We are committed to facilitating the exercise of these rights.

9.1 Right of Access (Right to Know)

You have the right to request confirmation of whether we process your personal data and, if so, to access that data. This includes:

  • Categories of personal data we collect
  • Specific pieces of personal data we hold about you
  • Purposes for which data is processed
  • Categories of third parties with whom data is shared
  • Retention periods or criteria used to determine retention
  • Source of the data if not collected directly from you
  • Existence of automated decision-making, including profiling
  • Safeguards applied for international data transfers

We will provide one copy of your data free of charge; additional copies may incur a reasonable administrative fee.

9.2 Right to Rectification (Right to Correction)

You have the right to request correction of inaccurate, incomplete, or outdated personal data. This includes:

  • Correcting factual errors in your account information
  • Updating contact details, addresses, or other personal information
  • Completing incomplete data by providing supplementary information

Many corrections can be made directly through your account settings. For data you cannot update yourself, contact us at help@stackwares.tech.

9.3 Right to Erasure (Right to Deletion/"Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when:

  • Data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • Data has been processed unlawfully
  • Deletion is required to comply with a legal obligation

We may not be able to delete all data if retention is necessary to:

  • Comply with legal obligations (e.g., tax records, financial reporting)
  • Exercise or defend legal claims within the statute of limitations
  • Fulfill contractual obligations or complete ongoing transactions
  • Detect, prevent, or investigate fraud and security incidents
  • Protect the vital interests of individuals

9.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain situations:

  • When you contest the accuracy of data (restriction applies while we verify accuracy)
  • When processing is unlawful but you prefer restriction over deletion
  • When we no longer need the data but you require it for legal claims
  • When you object to processing and we are verifying whether our legitimate grounds override yours

During a restriction period, we will store the data but not further process it without your consent, except for legal claims or protecting others' rights.

9.5 Right to Data Portability

Where technically feasible and when processing is based on consent or contract and carried out by automated means, you have the right to:

  • Receive your personal data in a structured, commonly used, machine-readable format (typically JSON or CSV)
  • Transmit that data to another controller without hindrance from us
  • Request direct transmission to another controller where technically feasible

This right applies only to data you provided to us and does not include inferred or derived data.

9.6 Right to Object

You have the right to object to processing of your personal data in certain circumstances:

  • Processing based on legitimate interests: You can object at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests or we need the data for legal claims.
  • Direct marketing: You have an absolute right to object to processing for direct marketing purposes. We will cease such processing immediately upon request.
  • Profiling: You can object to automated profiling related to direct marketing.

9.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time:

  • Withdrawal does not affect the lawfulness of processing before withdrawal
  • You can withdraw consent through your account settings or by contacting us
  • Marketing consent can be withdrawn via unsubscribe links in marketing emails
  • Withdrawal may affect your ability to use certain features that require the consented processing

9.8 Right to Object to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects. Currently, we do not make such automated decisions, but if this changes, you will have the right to:

  • Obtain human intervention in the decision
  • Express your point of view regarding the decision
  • Contest the decision

9.9 Right to Lodge a Complaint

If you believe your privacy rights have been violated or you are dissatisfied with how we handle your data, you have the right to lodge a complaint with:

  • Your local data protection authority (for EU/EEA residents, UK residents, and other jurisdictions with data protection authorities)
  • The supervisory authority in the country where you work or where an alleged infringement occurred

We encourage you to contact us first at help@stackwares.tech so we can address your concerns directly.

9.10 How to Exercise Your Rights

To exercise any of these rights:

  • Email us at help@stackwares.tech with "Privacy Rights Request" in the subject line
  • Clearly state which right you wish to exercise and provide sufficient information to verify your identity
  • Specify which data or processing activities your request relates to
  • Include any supporting documentation that may help us process your request efficiently

We will respond to your request within one month (30 days) of receipt, or within two months for complex requests. We will inform you if we need additional time and explain the reasons for the delay. We may request additional information to verify your identity before processing requests involving access to or deletion of personal data.

There is no charge for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse to act on the request.

10. Responsibilities of Organizations and Employers

Organizations using the Delivables Platform act as data controllers for personal data of their staff, riders, and customers. As such, organizations have significant legal obligations and responsibilities:

10.1 Consent and Notice Obligations

Organizations are solely responsible for:

  • Providing clear, comprehensive privacy notices to all staff members, riders, and customers explaining what data will be collected, how it will be used, and with whom it will be shared
  • Obtaining all necessary consents, authorizations, and permissions required under applicable law before collecting, processing, or sharing personal data through the Platform
  • Informing staff and riders that their location will be continuously tracked during working hours and deliveries, and obtaining explicit consent where required by law
  • Disclosing to customers that their delivery information will be shared with Delivables and used for delivery coordination, tracking, and service improvement
  • Ensuring staff, riders, and customers understand their privacy rights and how to exercise them
  • Maintaining records of consent where legally required

10.2 Lawful and Fair Processing

Organizations must ensure:

  • All data processing through the Platform is lawful, fair, and transparent
  • They have a valid legal basis (consent, contract, legitimate interest, legal obligation) for each processing activity
  • Data collected is adequate, relevant, and limited to what is necessary for legitimate business purposes
  • Staff and riders are not subjected to excessive or invasive surveillance beyond what is necessary for business operations
  • Location tracking is proportionate to the business need and not used for purposes unrelated to work performance

10.3 Employment and Labor Law Compliance

Organizations must comply with:

  • Local employment laws regarding employee monitoring, workplace surveillance, and data protection
  • Works council or union consultation requirements before implementing employee monitoring systems
  • Requirements to conduct Data Protection Impact Assessments (DPIAs) for high-risk processing including systematic location monitoring
  • Obligations to provide employees with clear information about monitoring and its purposes

10.4 Data Subject Rights Facilitation

Organizations must:

  • Establish procedures for staff, riders, and customers to exercise their privacy rights
  • Respond to data subject access requests, deletion requests, and other rights requests within legal timeframes
  • Coordinate with Delivables when data subject requests involve data processed by both parties
  • Maintain records of how data subject requests are handled

10.5 Security and Confidentiality

Organizations are responsible for:

  • Maintaining confidentiality of account credentials and not sharing passwords or access tokens
  • Implementing appropriate organizational security measures including staff training and access controls
  • Promptly reporting any suspected data breaches or security incidents to Delivables and, where required, to supervisory authorities and affected individuals
  • Ensuring authorized users only access data necessary for their specific role
  • Revoking access immediately when staff members or riders leave the organization

10.6 Accurate and Up-to-Date Data

Organizations must:

  • Ensure all data entered into the Platform is accurate, complete, and up-to-date
  • Promptly correct inaccuracies and update outdated information
  • Not upload false, fraudulent, or misleading information
  • Verify the identity and authorization of riders before granting Platform access

10.7 Cross-Border Transfer Compliance

If organizations operate across borders or transfer data internationally:

  • They must ensure compliance with data export restrictions and cross-border transfer requirements
  • Implement appropriate safeguards such as Standard Contractual Clauses when transferring data outside the EEA or other protected regions
  • Inform data subjects about international data transfers and obtain consent where required

10.8 Record-Keeping and Documentation

Organizations should maintain:

  • Records of processing activities (Article 30 GDPR compliance where applicable)
  • Documentation of legal bases for processing
  • Records of consents obtained from staff, riders, and customers
  • Data Protection Impact Assessments for high-risk processing
  • Documentation of security incidents and breach notifications

Failure to meet these obligations may result in legal liability, regulatory enforcement action, fines, and suspension or termination of Platform access. Organizations should consult with legal counsel to ensure compliance with all applicable privacy and data protection laws in their jurisdiction.

11. Cookies, Tracking Technologies, and Analytics

We use cookies, web beacons, pixels, local storage, and similar tracking technologies to enhance user experience, analyze Platform usage, and deliver personalized content.

11.1 Types of Technologies Used

  • Cookies: Small text files stored on your device that remember preferences, session information, and user settings
  • Local Storage: Browser storage that maintains data locally for improved performance and offline functionality
  • Session Storage: Temporary storage cleared when the browser session ends
  • Web Beacons/Pixels: Tiny graphics that track page views, email opens, and user behavior
  • Analytics Scripts: JavaScript code that collects usage statistics and performance metrics
  • Device Identifiers: Unique identifiers assigned to mobile devices for analytics and feature delivery

11.2 Categories of Cookies and Purposes

  • Strictly Necessary Cookies: Essential for Platform functionality, authentication, security, and session management. These cannot be disabled.
  • Performance Cookies: Collect information about how users interact with the Platform, including page load times, error rates, and feature usage
  • Functional Cookies: Remember user preferences, language settings, region, and other personalization options
  • Analytics Cookies: Track aggregated usage patterns, user journeys, conversion rates, and help us improve the Platform
  • Marketing Cookies: Used for targeted advertising, measuring campaign effectiveness, and retargeting (only with consent where required)

11.3 Third-Party Analytics and Tracking

We use third-party analytics services that may set their own cookies:

  • Google Analytics: Tracks website usage, user demographics, and behavior patterns. Privacy policy: https://policies.google.com/privacy
  • Other analytics providers as needed for performance monitoring, crash reporting, and user behavior analysis

11.4 Managing Cookie Preferences

You can control cookies through:

  • Browser settings: Most browsers allow you to refuse cookies or delete existing cookies. Consult your browser's help documentation.
  • Cookie consent banner: Manage preferences through our cookie consent interface when first visiting the Platform
  • Opt-out tools: Use industry opt-out tools like the Network Advertising Initiative opt-out page
  • "Do Not Track" signals: We currently do not respond to Do Not Track browser signals due to lack of industry standards

Disabling cookies may impact Platform functionality and prevent access to certain features.

12. Children's Privacy and Age Restrictions

The Delivables Platform is not intended for, nor directed to, individuals under the age of 18 years. We do not knowingly collect, use, or disclose personal information from children under 18.

  • Organizations must not create accounts for, or grant Platform access to, any individual under 18 years of age
  • Riders, staff members, and management personnel must be at least 18 years old to use the Platform
  • If we become aware that we have inadvertently collected information from an individual under 18, we will take immediate steps to delete such information from our systems
  • Parents or guardians who believe their child's information has been collected should contact us immediately at help@stackwares.tech for prompt removal
  • Organizations are solely responsible for verifying the age of their staff and riders before granting Platform access

In jurisdictions where the age of digital consent is higher than 18, we comply with local age requirements. Organizations operating in such jurisdictions must ensure compliance with local age restrictions.

13. Data Breach Notification

While we implement robust security measures to protect personal data, no system is completely immune to security incidents. In the event of a data breach that poses a risk to your rights and freedoms:

13.1 Our Notification Obligations

  • We will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (as required by GDPR and similar laws)
  • We will notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • Notifications will include: nature of the breach, categories and approximate number of affected individuals, likely consequences, measures taken to address the breach, and contact information for further inquiries
  • We will notify organization customers promptly if their users' data is affected, enabling them to meet their own notification obligations

13.2 Breach Response and Remediation

In the event of a breach, we will:

  • Immediately investigate the incident to determine scope, cause, and affected systems
  • Contain the breach and prevent further unauthorized access or data loss
  • Assess the risk to affected individuals and determine appropriate remediation
  • Provide affected users with clear guidance on protective measures they can take (password resets, fraud monitoring, etc.)
  • Implement additional security measures to prevent similar incidents in the future
  • Document the incident, response actions, and lessons learned for internal review and regulatory reporting

If you suspect a security incident or unauthorized access to your account, please contact us immediately at help@stackwares.tech with "Security Incident" in the subject line.

14. Marketing Communications and Preferences

We may send you various types of communications depending on your relationship with Delivables:

14.1 Transactional Communications (Cannot Opt Out)

  • Account creation confirmations and welcome messages
  • Order status updates and delivery notifications
  • Password reset and security alert emails
  • Billing statements, payment receipts, and invoice notifications
  • Service announcements and critical Platform updates
  • Responses to your support requests and inquiries
  • Legal notices and policy updates

These communications are essential for providing the service and cannot be opted out of without closing your account.

14.2 Marketing Communications (Can Opt Out)

  • Promotional emails about new features, upgrades, and special offers
  • Product announcements and release notes
  • Educational content, best practices, and tips for using the Platform
  • Surveys, feedback requests, and user research invitations
  • Newsletters and industry insights
  • Event invitations and webinar announcements

14.3 Managing Communication Preferences

You can manage your communication preferences by:

  • Clicking "Unsubscribe" links in marketing emails (processed immediately)
  • Updating email preferences in your account settings
  • Contacting help@stackwares.tech with "Unsubscribe" in the subject line
  • Disabling push notifications through your device settings (for mobile app users)

Opting out of marketing communications will not affect transactional emails necessary for service delivery. It may take up to 10 business days to process opt-out requests.

15. California Privacy Rights (CCPA/CPRA)

California residents have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

15.1 Right to Know and Access

You have the right to request disclosure of:

  • Categories of personal information collected
  • Specific pieces of personal information held
  • Categories of sources from which information was collected
  • Business or commercial purposes for collection
  • Categories of third parties with whom information is shared
  • Categories of personal information sold or shared (if any)

15.2 Right to Delete

You may request deletion of personal information we collected, subject to certain exceptions including legal obligations and ongoing business transactions.

15.3 Right to Correct

You have the right to request correction of inaccurate personal information.

15.4 Right to Opt-Out of Sale/Sharing

We do not sell personal information for monetary consideration. We may share personal information with service providers for business purposes as described in this Policy. If this constitutes a "sale" or "sharing" under CCPA, you have the right to opt out by contacting us.

15.5 Right to Limit Use of Sensitive Personal Information

If we use sensitive personal information beyond what is necessary to provide services, you have the right to limit such use. We use sensitive information (precise geolocation, financial data) only as necessary to provide the Platform.

15.6 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights, including by:

  • Denying goods or services
  • Charging different prices or rates
  • Providing different quality of service
  • Suggesting you will receive different pricing or quality

To exercise these rights, email help@stackwares.tech with "California Privacy Rights" in the subject line. We will respond within 45 days.

16. Changes to This Privacy Policy

We reserve the right to modify, amend, or update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

16.1 How We Notify You of Changes

  • Material changes will be communicated through prominent notice on the Platform, email notification to registered users, or in-app notification at least 30 days before the changes take effect
  • The "Last updated" date at the top of this Policy will always reflect the most recent version
  • Non-material changes (clarifications, formatting, contact information updates) may be made without specific notice
  • For significant changes affecting how we use personal data, we may request your re-consent where required by law

16.2 Your Acceptance of Changes

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the revised Policy, you must discontinue use of the Platform and may close your account.

16.3 Reviewing Updates

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. You can check the "Last updated" date to see when the Policy was most recently revised.

17. Contact Information and Data Protection Officer

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy, our data protection practices, or how we handle your personal information, please contact us:

Company: Stackwares Ltd

Product: Delivables

Email: help@stackwares.tech

Subject Line for Privacy Inquiries: "Privacy Inquiry" or "Privacy Rights Request"

We are committed to resolving privacy concerns and complaints promptly and fairly. We will acknowledge receipt of your inquiry within 5 business days and provide a substantive response within 30 days. For complex requests, we may extend this period by an additional 30 days with notice and explanation of the delay.

If you are not satisfied with our response or resolution, you have the right to lodge a complaint with your local data protection authority or supervisory authority.