Effective date: 19 Oct 2025
Company: [Company legal name] trading as Pahva (“Pahva”, “we”, “us”, “our”).
Contact: [email] | [hotline] | [address]
This Privacy Policy explains how Pahva collects, uses, shares, and protects personal data when you use our mobile apps, websites, and services (ordering from vendors, delivery, pharmacy prescriptions, and parcel). It also covers data of vendors and delivery partners.
Pahva is the data controller for platform operations. For the items you buy, each vendor is the controller of product and receipt data they must keep under law. For payments, a licensed payment provider may be a separate controller/processor.
A. Data you provide
Account: name, phone, email, password, profile photo, language, addresses, location nicknames.
Orders: items, preferences (e.g., cutlery/no pepper), delivery instructions, rating/reviews, dispute messages.
Payments: masked card/MNO token (no full card stored by us), wallet balance, promo codes, receipts.
Support: messages, attachments, call recordings (where allowed), proof of issue (photos).
Pharmacy: prescription images, prescriber details, and delivery notes (processed only to fulfill the order and comply with health rules).
Parcel: declared contents, size/weight, pickup and drop-off details, recipient contacts.
Vendors/Delivery partners: KYC/identity info (NIDA/ID, photo), license/vehicle details, bank/M-Pesa/TigoPesa numbers, tax info, profile photo, shift/availability, earnings and withdrawal history.
B. Data we collect automatically
Device & app: device model, OS, app version, IP, identifiers, crash logs, performance data.
Usage: pages/screens viewed, taps, time, referrers, marketing attribution.
Geolocation:
Customers: precise location when you allow it (for nearby stores/ETA), otherwise approximate.
Delivery partners: foreground GPS while on shift; limited background GPS during an active delivery for safety, routing and proof of delivery.
Cookies/SDKs: to keep you signed in, remember preferences, measure performance, and show relevant offers.
C. Data from others
Vendors and delivery partners (e.g., order status, issue reports).
Payment, fraud-prevention, KYC providers.
If you join via referral, we store the referrer code to allocate rewards.
Contract – to create your account, take/fulfil orders, dispatch, and provide support.
Consent – for things like push notifications, location, marketing, prescription handling, and certain cookies.
Legitimate interests – to secure our services, prevent fraud, improve the app, and show relevant offers.
Legal obligation – to keep accounting/tax/health records or to respond to lawful requests.
Provide and improve ordering, payments, dispatch, live tracking, and customer support.
Show nearby stores, recommendations, and search results.
Manage wallet, loyalty, and referrals; prevent abuse of promos.
Detect/prevent fraud and unsafe behaviour; verify identity and eligibility for vendors/riders.
Run analytics, quality assurance, and testing.
Send operational messages (OTPs, order/driver updates, receipts) and, with consent, marketing.
Pharmacy: share your prescription with the dispensing pharmacy; restrict access to trained staff; store only as long as required for legal or clinical purposes.
Delivery partners: compute route & ETA, display location to customer/vendor during an active job, and calculate earnings.
We share only what’s necessary:
Vendors – items ordered, delivery name/phone/location, notes, issue reports.
Delivery partners – delivery location, name/phone (masked where supported), order notes, and parcel hand-off codes.
Payment/KYC providers – to process payments, refunds, chargebacks, identity and AML checks.
Cloud & communications – hosting (e.g., cloud servers), SMS/voice/email/push providers, analytics/bug tracking.
Affiliates & professional advisers – for compliance, audits, and accounting.
Authorities – where required by law or to protect safety and rights.
We do not sell personal data.
Some processors may be located outside Tanzania. When we transfer data, we use appropriate safeguards (contractual clauses, security, and minimisation) and work with vendors who meet comparable data-protection standards.
We keep data only as long as needed:
Account data: while your account is active and for up to 24 months after closure (unless we must keep it longer).
Order & payment records: up to 7 years for tax and accounting.
Support chats/calls and logs: typically 24 months.
Location traces:
Customers: ephemeral for session features; we store only what’s needed for order proof and disputes (generally ≤ 12 months).
Delivery partners: GPS for completed jobs retained for 24 months for safety, payment accuracy and disputes.
Pharmacy prescriptions: retained for the period required by health/pharmacy regulations, then securely deleted/anonymised.
Subject to law, you can:
Access, correct, or delete profile data in the app.
Object to/limit processing in some cases; request portability of data you provided.
Manage permissions: location, camera/photos, contacts, microphone, notifications.
Control cookies via your browser/device and in-app settings.
Opt out of marketing at any time (“unsubscribe” link or in-app toggles).
To exercise rights, use the in-app Help or email [email]. You can also complain to the relevant data-protection authority in Tanzania.
We use encryption in transit, encryption at rest for sensitive fields, access controls, least-privilege policies, monitoring, and secure development practices. No system is 100% secure; we will notify affected users and, where required, regulators in case of a significant breach.
Our services are for 18+. We do not knowingly collect data from minors. For pharmacy orders involving a minor, a parent/guardian must place the order and provide valid prescription details.
We use automated checks (e.g., fraud/risk scoring, routing, ETA). These do not produce legal effects without human review. You can request a review via support.
We may update this Policy. We will post changes in the app/website and update the “Effective date”. Continued use means you accept the updated Policy.
Questions or requests: [email] | [hotline] | [address].
If you are a vendor or delivery partner, you may also contact your account manager inside the app.
