Privacy Policy

2.1 Information You Provide to Us

• Account Information: When you register for an account, we collect your name, email address, phone number, company name, billing address, and other contact information.
• Customer and Driver Data: When using our Services, you provide information about your customers (delivery recipients), drivers, vehicles, and warehouses/depots. This includes names, addresses, phone numbers, email addresses, GPS coordinates, vehicle license plates, and delivery preferences.
• Order and Delivery Data: Information related to delivery orders, including recipient addresses, delivery time windows, package details (weight, volume), proof of delivery data (photos, signatures, barcode scans), and delivery feedback/ratings.
• Payment Information: We collect billing information such as credit card details, billing address, and payment history. Payment processing is handled by our third-party payment processor (Stripe). We do not store your full credit card number on our servers.
• Communications: When you contact our support team, submit a request, or communicate with us, we collect the content of those communications.

2.2 Information Collected Automatically

• Device and Connection Information: We collect information about your device, including device type, operating system, browser type, IP address, unique device identifiers, and crash data.
• GPS and Location Data: Our mobile application collects real-time GPS location data from drivers during active delivery routes. This is essential to provide route tracking, ETA calculations, proof of delivery, and geofence-based notifications. Location data is collected only while the driver is on an active route or shift.
• Usage Data: We collect information about how you interact with our Services, including features used, pages visited, actions taken, time spent, and frequency of use.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activity, remember your preferences, and improve our Services. You may set your browser to refuse cookies, but some parts of our Services may not function properly.

2.3 Information from Third Parties

• Integration partners (Shopify, WooCommerce) when you connect your e-commerce store to Dropioo.
• Mapping and geolocation services used for route optimization and address validation.
• Analytics and advertising partners that help us understand usage patterns.

We use the information we collect for the following purposes:

• To Provide and Operate the Services: Route optimization, dispatch management, real-time tracking, proof of delivery, delivery notifications (SMS and email), analytics, and reporting.
• To Process Payments: Billing, invoicing, and processing subscription fees.
• To Communicate with You: Sending transactional communications, service updates, technical notices, security alerts, and support responses.
• To Improve Our Services: Analyzing usage patterns, conducting research and development, training and improving our AI route optimization engine, and developing new features.
• To Send Marketing Communications: With your consent, sending promotional emails about new features, product updates, and offers. You can opt out at any time using the unsubscribe link in any marketing email.
• For Safety and Security: Detecting, preventing, and addressing fraud, abuse, security risks, and technical issues.
• To Comply with Legal Obligations: Fulfilling our legal and regulatory obligations, responding to lawful requests from public authorities, and protecting our legal rights.

Dropioo uses artificial intelligence and machine learning algorithms to optimize delivery routes. In this context:

• We process delivery addresses, GPS coordinates, driver locations, time windows, traffic patterns, and weather data to generate optimized routes.
• Aggregated and anonymized delivery data may be used to improve our optimization algorithms. This data cannot be used to identify any individual or specific business.
• We do not sell or share raw delivery data with third parties for purposes unrelated to providing our Services.
• Route optimization calculations are performed on our secure servers. Results are returned to your account and are not shared with other tenants.

Dropioo enables businesses to send automated SMS notifications to their delivery recipients (end customers) at various stages of the delivery process (e.g., order confirmed, driver en route, delivery completed, delivery failed).

• The phone numbers of delivery recipients are provided by you (our customer) and are used solely for sending delivery-related SMS notifications on your behalf.
• Dropioo acts as a data processor for delivery recipient data. You, as our customer, are the data controller and are responsible for ensuring you have the appropriate legal basis (e.g., legitimate interest or consent) to send notifications to your customers.
• SMS notifications are sent via our third-party provider Twilio. Twilio processes phone numbers and message content solely for delivery purposes and is bound by its own privacy and security obligations.
• Delivery recipients may opt out of SMS notifications by replying STOP to any message. You are responsible for honoring opt-out requests within your Dropioo dashboard.

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

• Service Providers: We share information with trusted third-party providers who help us operate our Services, including cloud hosting (e.g., AWS, Google Cloud), payment processing (Stripe), SMS delivery (Twilio), email services, mapping/geolocation services, and analytics tools. These providers are contractually bound to use your data only for the purposes of providing their services to us.
• Within Your Organization: Account administrators and dispatchers can access driver data, order data, and analytics within their tenant account. Each tenant’s data is logically isolated from other tenants.
• Integration Partners: When you connect a third-party integration (e.g., Shopify, WooCommerce, ERP/TMS systems), data is shared with those platforms as necessary to operate the integration. These integrations are initiated and controlled by you.
• Legal Requirements: We may disclose your information if required to do so by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our Site of any change in ownership or use of your personal information.

• Account Data: We retain your account information for as long as your account is active. Upon account deletion, we will delete or anonymize your data within 90 days, except where retention is required by law.
• Order and Delivery Data: Delivery records and proof of delivery data are retained for the duration of your subscription and for a period of 12 months after account termination, unless you request earlier deletion.
• GPS and Location Data: Real-time driver location data is retained for 90 days for analytics and audit purposes, then automatically purged.
• Billing Data: Payment records and invoices are retained for 7 years as required by applicable tax and accounting laws.
• Analytics Snapshots: Aggregated daily, weekly, and monthly analytics snapshots are retained for the duration of your subscription.

We implement industry-standard technical and organizational measures to protect your data:

• All data in transit is encrypted using TLS/SSL.
• Data at rest is encrypted using AES-256 encryption.
• Passwords are hashed and salted; we never store plaintext passwords.
• Access to customer data is restricted to authorized personnel on a need-to-know basis.
• Our platform is multi-tenant with strict logical data isolation between tenants.
• We conduct regular security assessments and vulnerability testing.
• We maintain incident response procedures and will notify affected customers of any data breach within 72 hours of discovery, as required by applicable law.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Dropioo is a multi-tenant SaaS platform. Each customer’s data (orders, drivers, routes, analytics, and settings) is logically isolated from other customers. This means:

• No customer can access another customer’s data.
• All API calls and dashboard access are scoped to your tenant ID, which is validated via JWT authentication.
• Analytics and reporting are computed per-tenant and never aggregated across different customers.

10.1 All Users

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may update or correct inaccurate personal information through your account settings or by contacting us.
• Deletion: You may request deletion of your personal information, subject to certain legal exceptions. You can also delete customer, driver, and order data directly from the Dropioo dashboard.
• Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format (JSON or CSV).
• Opt-Out of Marketing: You may unsubscribe from marketing emails at any time using the unsubscribe link in the email.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

10.2 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the right to restrict processing, the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local data protection authority.

10.3 Canada (PIPEDA and Quebec Law 25)

If you are located in Canada, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for residents of Quebec, the Act Respecting the Protection of Personal Information in the Private Sector (Law 25). You have the right to access, correct, and withdraw consent for the processing of your personal information. For any privacy-related requests, please contact our privacy officer at privacy@dropioo.com.

Dropioo is headquartered in Montreal, Quebec, Canada. Your information may be processed and stored in Canada, the United States, or other countries where our service providers operate. When we transfer data outside of Canada or the EEA, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent measures approved by applicable data protection authorities.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at privacy@dropioo.com.

Our Services may contain links to third-party websites, applications, or services that are not operated by Dropioo. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last Updated” date at the top of this page and, where appropriate, by sending you an email notification or displaying a notice within the Services. Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Dropioo Inc.

Montreal, Quebec, Canada

[Address to be specified]

Privacy inquiries: privacy@dropioo.com

Legal inquiries: legal@dropioo.com

Website: www.dropioo.com

© 2026 Dropioo Inc. All rights reserved.