Privacy Policy

Last Updated: October 14, 2025

Welcome to Xave (the "App"), a quick-commerce delivery service for fast, local ordering of essentials. We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy describes how we collect, use, share, and protect your data in compliance with applicable laws (e.g., GDPR, CCPA) and Google's policies, including those from the Google Play Developer Console.

By using the App, you consent to these practices. If you do not agree, please do not use the App. We do not collect data from children under 13, and the App is not directed at them.

1. Information We Collect

We collect only the data necessary for App functionality:

• From Google Sign-In: Your name and email address (automatically provided by Google for account creation, login, cart management, and profile setup).
• User-Provided for Deliveries: Delivery address and contact phone number (entered manually during checkout).
• Order Data: Order items and details (e.g., products selected in cart).
• App and Device Data (from Google Play Developer Console): Anonymized usage stats, crash reports, and device info (e.g., IP address, app version) to improve the App and debug issues.

We do not collect sensitive financial details (payments are handled securely by third-party processors like Google Pay).

2. How We Use Your Information

Your data is used solely to provide and enhance the App:

• Name and email: For account management, personalized recommendations, and communication (e.g., order confirmations).
• Delivery address, phone number, and order items: To process and fulfill your orders efficiently.
• App/device data: To monitor performance, fix bugs, and ensure security (per Google Play policies).

We do not use your data for unrelated marketing without explicit opt-in.

3. How We Share Your Information

We do not sell, rent, or trade your personal data. Sharing is limited to:

• Delivery Partners: Your delivery address, contact phone number, and order items are shared only with trusted couriers (e.g., local logistics providers) to complete deliveries. They are bound by confidentiality agreements.
• Service Providers: Secure third parties for payment processing or analytics (e.g., Google for Sign-In and crash reporting), under strict data protection terms.
• Legal Compliance: If required by law, subpoena, or to protect our rights/safety (e.g., fraud prevention).

Google may receive aggregated, anonymized data via the Play Developer Console for app distribution and policy enforcement.

4. Data Storage and Security (Production-Level Policies)

Your data is stored securely in our backend using Supabase, a GDPR-compliant cloud platform. For details on their handling, see Supabase's Privacy Policy at supabase.com/privacy. We ensure all data is protected as follows:

• Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256).
• Access Controls: Role-based access for our team; regular audits and penetration testing.
• Retention: Personal data (e.g., name/email) is kept as long as your account is active. Order data (address/phone/items) is retained for 2 years post-delivery for support/disputes, then deleted or anonymized.
• Breach Response: If a security incident occurs, we notify affected users and regulators within 72 hours (per GDPR-like standards) via email.
• Cookies/Tracking: Minimal use; you can manage via device settings. We honor Do Not Track signals.

No system is infallible— we implement production-grade measures but cannot guarantee absolute security.

5. Your Data Rights and Deletion

You have control over your data:

• Access and Update: View/edit your profile (name, email, address, phone) in the App settings.
• Deletion: Request full deletion of your data (including Google-sourced info and Play Console-related app data) at any time. Email *supabase.backend@gmail.com* with your account details; we'll process within 30 days, unless legally required to retain (e.g., for audits). This includes permanent removal from backups.
• Opt-Out: Unsubscribe from emails; revoke Google Sign-In permissions via your Google account.
• Other Rights: For EU/CA users: Rectification, restriction, portability, and objection—contact us to exercise.

6. Third-Party Services

The App integrates Google Sign-In and Play services. Review Google's Privacy Policy[](https://policies.google.com/privacy) for their handling. Links to delivery partners are for fulfillment only—their policies apply separately.

7. Changes to This Policy

We may update this policy to reflect App changes or legal requirements. We'll notify you via in-App message or email (to your registered address) at least 30 days in advance. Continued use after changes constitutes acceptance.

8. Contact Us

For questions, support, or data requests:
Email: *supabase.backend@gmail.com*

This Privacy Policy is for informational purposes and does not form a contract. It complies with Google Play requirements and general best practices. Consult legal counsel for jurisdiction-specific advice.