Privacy Policy

1. Who We Are (Data Controller)

papaCity (“papaCity”, “we”, “us”) is the controller of your personal data when you use our Services.

Company

papaCity, Kampala, Uganda

Address

[Insert physical address]

Email

privacy@papacity.ug

Phone

+256 000 000 000

2. Information We Collect

2.1 Information you provide

• Account & profile: name, email, phone, password, addresses.
• Orders & delivery: items purchased, delivery address, instructions, contact person.
• Payments: payment method and transaction details (processed via partners; we don’t store full card details).
• Support & feedback: messages, reviews, ratings, attachments.
• Vendor/KYC (if applicable): business info, IDs, bank details, compliance docs.

2.2 Information collected automatically

• Device & usage data: IP address, device identifiers, app version, browser type, pages viewed, clicks, referring URLs, timestamps.
• Location data: approx. location derived from IP; precise GPS location if you grant app permission for features like nearby delivery estimates.
• Cookies & SDKs: cookies, pixels, and mobile SDK signals (see Cookies).

2.3 Information from third parties

• Payment, logistics, and verification providers (e.g., delivery status, payment confirmations, fraud checks).
• Marketing and analytics partners (aggregated or inferred data).

3. How We Use Information

• Provide and operate the Services (account creation, orders, delivery, returns).
• Process payments and prevent fraud/abuse.
• Customer support and service communications.
• Personalise content, recommendations, and promotions.
• Analytics to improve performance, reliability, and UX.
• Compliance with laws, taxation, and regulatory requirements.
• With your consent, send marketing updates and offers (you can unsubscribe anytime).

4. Legal Bases

Where required, we rely on these bases to process personal data:

• Contract: to fulfil orders and provide the Services.
• Consent: for optional features (e.g., marketing, precise location).
• Legitimate interests: to secure the Services, prevent fraud, and improve the platform—balanced against your rights.
• Legal obligation: to comply with applicable laws and requests from authorities.

5. How We Share Information

• Vendors & logistics partners: to fulfil orders, deliveries, returns.
• Payment processors: to process transactions securely.
• Service providers: hosting, analytics, communications, security, and support tools under contractual confidentiality.
• Compliance & safety: with authorities or third parties when required by law or to protect rights, property, or safety.
• Business transfers: in a merger, acquisition, or asset sale, per applicable law.

6. International Data Transfers

Your information may be transferred to and processed in countries outside your own. Where required, we use appropriate safeguards (e.g., contractual clauses) to protect your data.

7. Data Retention

We keep personal data only as long as necessary for the purposes described in this Policy, including to meet legal, accounting, or reporting requirements. Typical examples:

• Order records: [7 years] (tax/audit requirements—adjust as needed).
• Accounts: kept while active; deleted or anonymised after [X months] of inactivity unless we must retain for legal reasons.
• Support tickets: [24 months].

8. Data Security

We implement technical and organisational measures (encryption in transit, access controls, staff training) designed to protect your information. However, no system is 100% secure; please use strong passwords and keep them confidential.

9. Your Rights

Subject to applicable law, you may have the right to:

• Access a copy of your personal data.
• Request correction or deletion.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Request data portability.

To exercise these rights, email privacy@papacity.ug or use our contact form. For identity protection, we may verify your request before acting.

If you believe your rights have been infringed, you may lodge a complaint with your local data protection authority. [Insert relevant authority details if required.]

10. Cookies & Tracking Technologies

We use cookies, pixels, and SDKs to run and improve the Services. Types include:

• Essential: login, cart, checkout, fraud prevention.
• Performance & analytics: usage insights, crash reports.
• Functionality: preferences like language and location.
• Marketing: measuring campaign effectiveness and showing relevant offers.

You can manage cookies via your browser/app settings. Some features may not work without essential cookies. See our Cookie Policy or manage preferences.

11. Children’s Privacy

The Services are not directed to children under [13/16/18] (choose applicable). If you believe a child has provided personal data, contact us to request deletion.

12. Third-Party Links

Our Services may contain links to external sites or services. We are not responsible for their privacy practices. Review their policies before providing personal data.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted here with a new “Last updated” date. Continued use after changes constitutes acceptance.

14. Contact Us

• Email: privacy@papacity.ug
• Phone: +256 000 000 000
• Contact form: papacity.ug/contact
• Address: [Insert physical address, Kampala, Uganda]