Privacy Policy

We collect the minimum needed to run Xeend (website and apps). The main categories are:

• Account & profile

  Name, username, email, phone, avatar or photo, referral codes, language and notification preferences.

• Orders & activity

  Items, delivery addresses with coordinates, notes to vendor or rider, in-app search queries. For some actions we store IP address and app/browser user-agent for fraud prevention and auditing.

• Wallet & payouts

  Wallet balance and history, bank details for vendor/rider payouts. Transaction PINs are stored only as salted hashes—we cannot read your PIN.

• Chat

  Messages and file attachments you send in order chat.

• Vendors & riders

  KYC documents and photos, store information, rider vehicle details where applicable.

• Automatic & device

  Device model, OS, app version, approximate and precise location (when you allow it), push notification token.

• Server diagnostics

  Our API uses tools such as Pydantic Logfire for errors and performance—not for third-party behavioral advertising.

We use this information to run accounts and sign-in (phone OTP, Sign in with Apple, Sign in with Google), operate the marketplace and deliveries, run Xeend Wallet, meet KYC and anti-fraud or legal obligations, send service messages and (if you opt in) promotional messages you can turn off, improve reliability and security, personalize search and recommendations, and comply with applicable law.

Apple provides a token, a scoped user identifier, and a private relay email if you hide your real address. Google provides your name, email, and a stable user identifier. We do not receive your passwords, contacts, or calendar from Apple or Google beyond what is needed to sign you in.

We use location to show nearby stores, price delivery, save addresses, and show order tracking. Riders who go online may be located in the background so we can dispatch and show live progress. On-device accelerometer may reduce how often we request location to save battery; we do not send that motion data to our servers as health data. Map and address features may send coordinates or queries to Google Maps—see Google’s privacy policy. You can disable location in device settings, but core delivery features will be limited.

We do not store full card numbers. You complete card or mobile-money payment in our partners’ interfaces; we receive the outcome and references (amount, status, transaction references, last digits where applicable). We store wallet activity and bank details you provide for payouts. We retain financial records as required by law.

Vendors and riders submit government ID and sometimes selfies. IDs may show date of birth, photo, or ID number. We use this only for verification, legal compliance, and fraud prevention, and may disclose to regulators or partners when the law requires. KYC material is stored with restricted access.

• Chat & images

  Order chat and attachments may be stored on Google Firebase (Realtime Database and Cloud Storage).

• Other uploads

  Profile, store, menu, or verification files may be sent to our API and stored in cloud object storage (for example AWS S3 or S3-compatible / MinIO).

• What we do not do

  We do not record microphone audio, read your contacts, or scan your photo library beyond items you explicitly choose.

• In-app browser

  WebViews may load our legal pages, YouTube help videos, or third-party sites from banners. Those services have their own policies. Some links open in the system browser or an in-app Safari-style view.

We share information only as needed to provide the service:

• Other users

  For example, vendors and riders see what they need to prepare and deliver an order, consistent with what you already see in the app.

• Service providers

  Including Apple, Google (Sign-in, Firebase, Maps, FCM, Play diagnostics), Expo/EAS, Supabase, Logfire, AWS or similar hosting, email senders (such as ZeptoMail, Mailgun, or Resend), and regulated payment or mobile-money partners.

• Authorities & corporate

  We may disclose when required by law, or to a successor in a merger or asset sale (who must respect this policy).

We do not sell your personal information. We do not share it with ad networks or data brokers for their marketing.

Crash reports may reach us through Apple App Store Connect or Google Play when you allow OS-level sharing. Our servers use Logfire and related tooling for logs and database diagnostics—not for cross-app advertising.

The mobile app does not use third-party advertising SDKs. The website may use first-party cookies for sign-in and preferences. We do not use your information for cross-app or cross-site behavioral advertising.

• Security

  We use TLS in transit, access controls, encryption for sensitive stores, and monitoring. No system is perfectly secure; we will notify you and regulators where the law requires if we discover a breach affecting you.

• Retention

  We keep data while your account is active and as long as needed for legal, tax, and dispute purposes—often many years for finance and KYC.

• International transfers

  Providers may process data outside Tanzania (including the US and EU). Where required, we use appropriate safeguards such as Standard Contractual Clauses.

• Your rights

  Subject to law, you may request access, correction, deletion, restriction, objection, or portability, and complain to a regulator. Contact privacy@xeend.com or use Profile → Delete Account in the app.

• Account deletion

  You can permanently delete your Xeend account in the mobile app: open Profile, scroll down, tap Delete Account, and confirm. Deletion removes your account and profile from our active systems. We are not required to delete information we must keep for legal, regulatory, tax, anti-fraud, or dispute purposes (for example wallet transaction records or KYC documents submitted by vendors or riders). If you cannot use the app, email privacy@xeend.com from your account email and we will process your request.

• Children

  Xeend is not directed at anyone under 13.

• Changes

  We may update this policy; we will give notice of material changes through the app, email, or this page.

Questions: privacy@xeend.com.