Privacy Policy

Last updated: 6 June 2026 · Applies to Fletcha Eats, operating in South Africa.

Fletcha Eats ("we", "us") is a delivery and personal-shopper platform serving Mount Fletcher and surrounding areas. This policy explains what information we collect from customers, drivers and businesses, why we collect it, how we keep it safe, and the rights you have under the South African Protection of Personal Information Act (POPIA).

1. What we collect

From everyone (account basics)

• Full name, phone number, email address.
• Password (stored encrypted — we never see it in plain text).
• Profile photo (optional).
• Date you accepted these Terms and the Privacy Policy.

From customers

• Delivery addresses and saved favourite locations.
• Your live GPS location only while an order is active or when you tap "use my location".
• Order history, items ordered, notes to the driver, and proof-of-payment images you upload.
• Messages you send to drivers or businesses inside an order chat.

From drivers

• Vehicle type and number plate.
• Verification documents: ID document, driver's licence, vehicle photos, banking details.
• Live GPS location while you are online or on an active delivery.
• Earnings, trip history, ratings and trust score.

From businesses

• Business name, category, address, GPS coordinates, opening hours, phone, WhatsApp.
• Logo, cover image, product/menu photos.
• Banking details and accepted payment methods (used to display payment instructions to your customers).
• Order history and customer order notes.

Automatic / technical

• Device type, operating system, app version, IP address (for security and abuse prevention).
• Push-notification token (only if you opt in).
• Basic usage events (e.g. "order placed", "driver went online").

2. Why we collect it

• To run deliveries: match customers with the nearest available driver and show you each other on a live map.
• To calculate delivery fees using the distance between the customer's and business's GPS points.
• To verify drivers are licensed and entitled to operate.
• To prevent fraud — fake payment proofs, fake GPS, account abuse.
• To pay drivers via the banking details they provide.
• To support you when you contact us with a problem.
• To comply with the law (e.g. tax, fraud investigations).

3. GPS and location tracking

Location is sensitive. We only use it as follows:

• Customers: we read your GPS only when you (a) tap "use my location", or (b) have an active order — so the driver can find you. Tracking stops as soon as the order is delivered or cancelled.
• Drivers: while you are online or on a delivery we track your location continuously so customers can watch you on the map and so dispatch can offer you the nearest jobs. Going offline stops tracking.
• Businesses: we store your business's fixed GPS coordinates so customers can find you and so delivery fees can be calculated. We do not track business owners' movement.

4. Notifications

Push and in-app notifications are optional. If you deny notification permission the app still works — you simply won't hear an alert when an order updates. You can enable or disable them in your device settings at any time.

5. Who can see your data

• During an active order: the customer, the assigned driver and the business see each other's first name, profile photo and (where relevant) live location.
• Administrators can see all data for safety, support and dispute resolution. Every administrator access is logged.
• Driver verification documents are visible only to the driver and to administrators.
• Banking details are only visible to the owner of those details (driver or business) and to administrators.
• We do not sell personal information to anyone, ever.

6. Where data is stored and how we secure it

• Data is stored on Supabase (PostgreSQL) infrastructure with row-level security enforced on every table.
• Files (proofs, ID documents, vehicle photos, business logos) live in access-controlled storage buckets.
• Connections to the app are encrypted with TLS.
• Passwords are hashed; we cannot recover your password — only reset it.

7. How long we keep data

• Active accounts: for as long as you use Fletcha Eats.
• Closed accounts: personal details deleted within 30 days of your request, except records we are required to retain by law (e.g. tax invoices, fraud investigations).
• Order records: retained for up to 5 years for tax and dispute purposes, anonymised where possible.

8. Your rights under POPIA

You have the right to:

• Know what data we hold about you.
• Ask us to correct anything that is wrong.
• Ask us to delete your data (subject to legal retention obligations).
• Object to processing that is not strictly necessary.
• Lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.

9. How to request access, correction or deletion

1. Open the in-app Support page, or
2. Email fletchalink.admin@gmail.com from the address on your account, with subject "POPIA request".
3. We respond within 30 days.

10. Changes to this policy

If we make material changes we will notify you in-app and update the "Last updated" date at the top of this page. Continued use of Fletcha Eats after a change means you accept the updated policy.

Questions? Contact us via the in-app Support page or email fletchalink.admin@gmail.com.