Privacy Policy

This Privacy Policy applies to DeliverOS web applications, mobile applications, APIs, support communications, and related services.

In this policy, "DeliverOS", "we", "our", and "us" mean EEP TECH DELIVERY, a sole trader business trading as DeliverOS. If you have privacy questions or want to exercise your rights, contact us at hello@deliveros.com.

DeliverOS acts as a data controller for information relating to our own account administration, user authentication, security, support, communications, and billing relationship with our customers.

When a DeliverOS customer uploads or manages delivery, routing, recipient, address, or driver workforce data through the service for its own business purposes, DeliverOS generally acts as a data processor or service provider on that customer's behalf, and the customer remains responsible for the lawfulness of that processing.

Depending on how you use DeliverOS, we may collect:

• account and profile data, such as business name, user name, email address, phone number, role, and store assignments;
• authentication and security data, such as login events, refresh session records, password reset events, device/session identifiers, and audit or abuse-prevention logs;
• operational data, such as store details, delivery stops, itinerary data, route and schedule information, saved addresses, and workflow changes made by account users;
• driver and dispatch data, such as check-in/check-out events, queue state, assigned work, live location submissions, and driver presence or activity data where those features are used;
• communications data, such as support requests and service-related emails;
• payment and subscription data if you purchase paid services, which may be collected directly by us or by our payment providers.

We collect information:

• directly from you when you sign up or use the service;
• from your organization and authorized users;
• automatically from your use of DeliverOS, including session, security, and technical logs;
• from third-party providers that support mapping, routing, email, payment, hosting, or infrastructure services.

We use personal information to:

• create and manage accounts and workspaces;
• authenticate users and keep sessions secure;
• provide dispatch, routing, address, and map features;
• store and process Customer Data on behalf of our customers;
• send service, security, verification, and reset emails;
• respond to support requests and communicate about the service;
• prevent fraud, abuse, and unauthorized access;
• monitor, troubleshoot, maintain, and improve the service;
• comply with legal obligations and enforce our terms.

Where UK GDPR or EU GDPR applies, we rely on one or more of the following legal bases:

• performance of a contract with you or your organization;
• our legitimate interests in operating and securing DeliverOS;
• compliance with legal obligations;
• consent, where consent is required by law.

If we rely on legitimate interests, we do so only where those interests are not overridden by your rights and interests.

We use cookies, local storage, session storage, and similar technologies for sign-in persistence, security, user preferences, and service functionality. Please see our Cookie Policy for more detail.

We may share personal information with:

• service providers that help us deliver the service, such as hosting, infrastructure, mapping, routing, email, and payment providers;
• your organization and its authorized users;
• professional advisers, auditors, insurers, and legal or regulatory authorities where necessary;
• a buyer, investor, or successor entity as part of a merger, financing, acquisition, or sale of assets, subject to appropriate safeguards.

We do not sell personal information in the ordinary meaning of that term, and we do not use the web app for advertising profiling based on the current implementation.

Some providers that help us operate DeliverOS may process information outside your country. Where required, we use appropriate safeguards for international transfers, such as contractual protections or other approved transfer mechanisms.

We keep personal information for as long as needed for the purposes described in this policy, including to provide the service, maintain security records, resolve disputes, enforce agreements, and comply with legal obligations.

Retention periods vary by data type. For example, account records are generally kept while the account is active and for a reasonable period afterward, while security and audit records may be kept longer where needed for fraud prevention, incident investigation, or legal compliance.

We use technical and organizational measures designed to protect personal information, including access controls, authentication, session management, logging, and other security practices appropriate to the nature of the service.

No system is completely secure, so we cannot guarantee absolute security.

Depending on where you are located, you may have rights to access, correct, delete, restrict, object to, or port your personal information, and to withdraw consent where processing is based on consent.

If DeliverOS processes your information on behalf of one of our customers, you may also need to contact that customer directly so they can handle your request as the primary controller of that data.

You may also have the right to complain to your local data protection authority. If you are in the UK, that is the Information Commissioner's Office.

DeliverOS is intended for business use and is not directed to children. We do not knowingly collect personal information directly from children for our own consumer use.

We may update this Privacy Policy from time to time. If we make a material change, we will use reasonable efforts to notify users through the service or by email. The updated version will take effect when posted with a revised "Last updated" date.