Privacy Policy

Last updated: March 15, 2024

1. Definitions

For purposes of this Privacy Policy:

  • "Company" (referred to as "we," "us," or "our") means Drovas Inc.
  • "Service" refers to the Drovas delivery platform, mobile applications, and related services.
  • "User" or "you" refers to any individual who accesses or uses our Service.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, including collection, use, storage, and disclosure.

2. Information We Collect

2.1 Personal Information You Provide

We collect Personal Data that you voluntarily provide when you:

  • Create an account or register for our Service
  • Place orders or make purchases through our platform
  • Apply to become a delivery driver or retail partner
  • Contact us for customer support or inquiries
  • Subscribe to our newsletters or marketing communications
  • Participate in surveys, contests, or promotional activities

This information may include:

  • Full name, email address, phone number, and mailing address
  • Date of birth and government-issued identification numbers
  • Payment card information, bank account details, and billing addresses
  • Driver's license number, vehicle registration, and insurance information (for drivers)
  • Business registration details and tax identification numbers (for retail partners)
  • Profile photographs and other uploaded content

2.2 Information Collected Automatically

When you access or use our Service, we automatically collect:

  • Device identifiers, including IP address, device type, operating system, and browser type
  • Usage data, including pages visited, time spent on pages, and click-through rates
  • Location data (with your explicit consent), including GPS coordinates and delivery addresses
  • Transaction data, including order history, delivery times, and payment methods used
  • Communication records, including customer service interactions and in-app messages

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Social media platforms when you connect your accounts
  • Payment processors and financial institutions
  • Background check providers (for driver applications)
  • Marketing partners and advertising networks
  • Public databases and government agencies

3. Legal Basis for Processing

We process your Personal Data based on the following legal grounds:

  • Contract Performance: To fulfill our contractual obligations to provide delivery services
  • Legitimate Interest: To improve our services, prevent fraud, and ensure platform security
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Consent: Where you have provided explicit consent for specific processing activities
  • Vital Interests: To protect the safety and security of users and the public

4. How We Use Your Information

We use your Personal Data for the following purposes:

4.1 Service Provision

  • Processing and fulfilling delivery orders
  • Matching customers with available drivers
  • Calculating delivery fees and processing payments
  • Providing real-time order tracking and notifications
  • Managing user accounts and preferences

4.2 Business Operations

  • Conducting background checks and verifying driver qualifications
  • Analyzing usage patterns to improve service efficiency
  • Developing new features and services
  • Conducting market research and customer satisfaction surveys
  • Managing inventory and supply chain operations

4.3 Legal and Safety

  • Preventing fraud, abuse, and unauthorized access
  • Investigating and resolving disputes
  • Complying with legal obligations and regulatory requirements
  • Protecting the rights, property, and safety of users and third parties
  • Enforcing our Terms of Service and other agreements

5. Information Sharing and Disclosure

We may share your Personal Data in the following circumstances:

5.1 Service Providers

We engage third-party service providers to perform functions on our behalf, including:

  • Payment processing and fraud prevention services
  • Cloud hosting and data storage providers
  • Customer support and communication platforms
  • Analytics and marketing automation tools
  • Background check and identity verification services

5.2 Legal Requirements

We may disclose your information when required by law or in good faith belief that such disclosure is necessary to:

  • Comply with legal process, court orders, or government requests
  • Enforce our Terms of Service or other agreements
  • Protect against fraud, security breaches, or illegal activities
  • Safeguard the rights, property, or safety of our users or the public

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your Personal Data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.

6. Data Retention

We retain your Personal Data for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

  • Account Information: Retained for the duration of your account plus 7 years after closure
  • Transaction Records: Retained for 7 years for tax and accounting purposes
  • Driver Records: Retained for 7 years after termination of driver agreement
  • Marketing Data: Retained until you withdraw consent or 3 years of inactivity
  • Legal Claims: Retained until the expiration of applicable statute of limitations

7. Data Security Measures

We implement comprehensive security measures to protect your Personal Data, including:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Multi-factor authentication and role-based access controls
  • Regular security audits and penetration testing
  • Employee background checks and mandatory security training
  • Incident response procedures and breach notification protocols
  • Compliance with SOC 2 Type II and ISO 27001 standards

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

8.1 Access and Portability

  • Request access to your Personal Data and information about our processing activities
  • Receive a copy of your Personal Data in a structured, machine-readable format
  • Request transfer of your Personal Data to another service provider

8.2 Correction and Deletion

  • Request correction of inaccurate or incomplete Personal Data
  • Request deletion of your Personal Data (subject to legal retention requirements)
  • Request restriction of processing in certain circumstances

8.3 Consent and Objection

  • Withdraw consent for processing based on consent
  • Object to processing based on legitimate interests
  • Opt-out of direct marketing communications

To exercise these rights, contact us using the information provided in Section 12. We will respond to your request within 30 days, or as required by applicable law.

9. International Data Transfers

Your Personal Data may be transferred to and processed in countries other than your country of residence. We ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct

10. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

  • Maintain user sessions and preferences
  • Analyze website traffic and user behavior
  • Deliver targeted advertising and marketing content
  • Prevent fraud and enhance security

You can control cookie settings through your browser preferences. However, disabling certain cookies may limit your ability to use some features of our Service.

11. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect Personal Data from children under 18. If we become aware that we have collected Personal Data from a child under 18 without parental consent, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us immediately.

12. Contact Information and Complaints

For questions about this Privacy Policy or to exercise your privacy rights, contact our Data Protection Officer:

Data Protection Officer

Email: privacy@drovas.com

Phone: +1 (555) 123-4567

Address: 123 Innovation Drive, San Francisco, CA 94105

Response Time: Within 30 days of receipt

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated Policy on our website with a new "Last Updated" date
  • Send email notifications to registered users
  • Provide in-app notifications for mobile users
  • Obtain consent where required by applicable law

Your continued use of our Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

14. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the State of California, United States, without regard to conflict of law principles. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts located in San Francisco County, California.