Kilodey ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Kilodey platform, website, and mobile application (collectively, the "Platform").
1. Information We Collect
We collect information from you in the following ways:
Personal Identification Information
- Name, email address, phone number, and WhatsApp contact
- Date of birth and gender
- Profile photo and user avatar
- Government-issued ID information (during KYC verification)
- Address information (street, city, country, postal code)
Payment and Financial Information
- Bank account or Stripe account details for payouts
- Transaction history and payment records
- Billing addresses and payment method information
Identity Verification Data
- ID scans and facial recognition data (processed by Didit.me)
- Proof of address documents (utility bills, bank statements)
- Verification status and compliance records
Trip and Package Data
- Trip origin, destination, and travel dates
- Package descriptions, weights, and contents
- Photos of packages for documentation
- Delivery addresses and contact information
Communication Data
- Messages exchanged via Kilodey messaging system
- WhatsApp conversations (we do not store these directly)
- Support tickets and correspondence with our team
- Ratings and reviews you leave for other users
Device and Usage Data
- Device type, operating system, and unique device identifiers
- IP address and location data
- Browser type, pages visited, and time spent on Platform
- Push notification tokens for mobile app alerts
- Crash reports and error logs
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To create and manage your account, process transactions, and deliver our Platform services
- Verification: To comply with Know Your Customer (KYC) regulations and verify your identity via Didit.me
- Payments: To process payments, prevent fraud, and handle refunds or disputes via Stripe
- Communication: To send you confirmations, updates, notifications, and customer support messages
- Safety: To detect, investigate, and prevent fraud, abuse, and illegal activity
- Improvement: To analyze usage patterns and improve the Platform's features and user experience
- Marketing: To send you promotional content, newsletters, and service announcements (with your consent)
- Compliance: To comply with legal obligations, court orders, and government requests
- Dispute Resolution: To mediate disputes between users and enforce our Terms of Use
3. Third-Party Service Providers
We share your information with trusted third-party providers who assist us in operating the Platform:
- Supabase: Database and cloud infrastructure provider
- Paddle: Payment processing and financial transaction handling
- Didit.me: Identity verification and KYC compliance
- Firebase: Push notifications, authentication, and analytics
- Google Analytics: Website traffic and user behavior analytics
All third-party providers are contractually obligated to use your information only as necessary to provide services to Kilodey and to maintain the confidentiality and security of your data.
4. Data Retention
We retain your personal information for as long as necessary to provide our services and comply with legal obligations:
- Account information: Retained for the duration of your account and 2 years after deletion
- Transaction records: Retained for 7 years for tax and legal compliance
- KYC/Identity data: Retained for 5 years after verification
- Communication logs: Retained for 2 years for dispute resolution
- Device and usage data: Retained for 1 year for analytics and security
You may request deletion of your personal information at any time, subject to legal and contractual obligations to retain certain data.
5. Your Rights Under GDPR
If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete information
- Right to Erasure: Request deletion of your personal data (right to be forgotten)
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing of your data for marketing or analytics
- Right to Restrict Processing: Limit how we use your data
To exercise any of these rights, contact us at privacy@kilodey.app with your request. We will respond within 30 days.
6. Security and Encryption
We implement industry-standard security measures to protect your information:
- SSL/TLS encryption for all data transmitted between you and our servers
- AES-256 encryption for sensitive data at rest
- Secure password hashing (bcrypt) for authentication
- Regular security audits and penetration testing
- Two-factor authentication options for account protection
- Strict access controls limiting employee access to personal data
While we use robust security practices, no system is completely secure. We cannot guarantee absolute security of your information.
7. Cookies and Tracking
We use cookies and similar tracking technologies to enhance your user experience:
- Essential Cookies: Required for Platform functionality (authentication, security)
- Analytics Cookies: Track usage patterns to improve the Platform
- Marketing Cookies: Enable personalized advertising (with your consent)
- Push Notifications: Sent via Firebase for real-time alerts on trip updates and messages
You can manage cookie preferences in your browser settings. Disabling cookies may affect Platform functionality.
8. Contact Information
If you have questions about this Privacy Policy, wish to exercise your rights, or want to report a privacy concern, please contact us:
- Email: privacy@kilodey.app
We will respond to all privacy requests within 30 days.