Legal · UpDash Mauritius

UPDASH PRIVACY POLICY

This page contains the main UpDash company privacy policy. App-specific privacy pages are also available for the Client App, Driver App, and Order App.

Version
1.0
Effective date
26 February 2026
Jurisdiction
Republic of Mauritius

Section 01

1. INTRODUCTION

UpDash ("UpDash", "we", "us", "our") is committed to protecting your personal data in accordance with the Data Protection Act 2017 of Mauritius.

This Privacy Policy explains how we collect, use, process, store, disclose, and protect personal data when you use our website, mobile applications, and related services (the "Platform").

Contact: legal@updash.mu

Section 02

2. DATA CONTROLLER

UpDash Technologies Ltd

Republic of Mauritius

Email: legal@updash.mu

UpDash acts as Data Controller for customer and driver personal data processed through the Platform.

Section 03

3. CATEGORIES OF PERSONAL DATA COLLECTED

3.1 Customer Data

  • Name
  • Email address
  • Phone number
  • Delivery addresses (manually entered by you)
  • Order history
  • Wallet transactions
  • Complaint submissions and customer support data
  • Uploaded complaint photos
  • IP address and device/session data (for security/fraud purposes)
  • Session metadata (e.g., IP address and user agent stored temporarily in Redis for session/audit tracking)

3.2 Payment Data

UpDash does not store card numbers or bank account details.

Payments are processed via Peach Payments secure embedded checkout (PCI DSS Level 1 compliant).

UpDash may store limited payment metadata such as:

  • Transaction identifiers
  • Payment status
  • Refund status

3.3 Driver Data

  • Name
  • Contact details
  • Driver license copy
  • Vehicle registration documents
  • Background/compliance documentation
  • Last active GPS location (during active delivery only)
  • IP address (for security/fraud purposes)

3.4 Age Verification Data (If Applicable)

For restricted goods (e.g., alcohol/tobacco), government-issued ID copies may be temporarily collected and stored for age verification and compliance purposes.

Section 04

4. PURPOSES OF PROCESSING AND LAWFUL BASIS

UpDash processes personal data for the following purposes and lawful bases:

Data CategoryPurposeLawful Basis
Account dataCreate/manage account; provide Platform accessContract
Order & delivery dataFulfil Orders; provide delivery servicesContract
Payment metadataProcess payments/refunds; manage disputesContract
Security logs (IP/session/user agent)Security monitoring; fraud prevention; abuse detection; rate limitingLegitimate Interests
Complaint & support dataInvestigate issues/disputes; customer serviceLegitimate Interests
Driver onboarding documentsVerify eligibility; regulatory compliance; safety controlsLegal Obligation / Legitimate Interests
Marketing communicationsOffers and promotionsConsent
Fraud profilingDetect/refuse abuse; protect Platform integrityLegitimate Interests

Section 05

5. PROFILING AND AUTOMATED PROCESSING

UpDash may use automated analysis and profiling to detect fraudulent or abusive behavior, including repeated refund abuse, suspicious complaint patterns, or other activity that may indicate misuse of the Platform.

Where fraud or serious abuse is confirmed following investigation, UpDash may permanently restrict an account.

Users may contact UpDash Support to request review of a restriction decision.

Section 06

6. DATA RETENTION

UpDash retains personal data only as long as necessary for the purposes described in this Policy, and as required for compliance, tax, audit, and fraud prevention.

Data TypeRetention Period
Customer account dataUntil deletion request
Customer PII after deletion requestAnonymized within 5 days
Order recordsRetained for legal/tax/audit/fraud purposes (anonymized if account deleted)
Wallet recordsRetained for financial audit and fraud prevention (anonymized if account deleted)
IP/security logs stored in databasesUp to 6 months
Session metadata stored in RedisTemporary (session/audit purposes)
Support chat recordsDeleted 30 days after resolution
Complaint photosArchived for dispute handling and audit, then retained as required for legitimate purposes
Age-verification ID copies (restricted goods)30 days, then permanently deleted
Driver onboarding/compliance documents1 year after termination, then permanently deleted

Section 07

7. ACCOUNT DELETION AND ANONYMIZATION

Upon a verified account deletion request:

  • The account is deactivated (soft deleted).
  • Personally identifiable information (PII) is anonymized within five (5) days.
  • Order and wallet records may be retained in anonymized form for legal, tax, audit, and fraud prevention purposes.

Some UpDash mobile apps may also provide an in-app deletion option or a public web form for deletion requests. Where app-specific deletion options exist, they are described on the relevant app privacy page.

Anonymization is intended to be irreversible.

Section 08

8. LOCATION DATA

8.1 Customers

UpDash does not track live customer GPS location. We store delivery addresses that you manually add to your profile for delivery purposes.

8.2 Drivers

UpDash tracks driver GPS location during active delivery and dispatch operations to provide accurate order tracking and to assign Orders efficiently.

UpDash does not store driver historical GPS trails. UpDash stores only the driver's last active location and deletes it when the driver goes offline/logs out.

Section 09

9. CROSS-BORDER DATA TRANSFERS

UpDash uses secure cloud infrastructure providers, including Microsoft Azure (Central India region) and Firebase services, to host and operate parts of the Platform.

Accordingly, personal data may be processed outside Mauritius in jurisdictions where these providers (or their subprocessors) operate.

Where cross-border processing occurs, UpDash implements appropriate technical and contractual safeguards intended to protect personal data in accordance with applicable data protection laws.

Section 10

10. SECURITY MEASURES

UpDash implements industry-standard safeguards, which may include:

  • Encryption in transit (TLS)
  • Role-based access controls
  • Secure cloud infrastructure configuration
  • Audit logging and monitoring
  • Tokenized payment processing via third-party PCI-compliant providers
  • Rate limiting and abuse detection

No system can guarantee absolute security. You are responsible for keeping your credentials confidential.

Section 11

11. DISCLOSURE OF PERSONAL DATA

UpDash may disclose personal data:

We share limited personal data (first name, last initial, phone number, and delivery address) with the assigned Vendor and Driver solely for the purpose of preparing and delivering your Order. Vendors and Drivers are required to use this data strictly for operational purposes and not for marketing or independent use.

  • To payment processors to complete payment/refund processing.
  • To cloud/technical service providers for hosting, analytics, messaging, and platform operations.
  • Where required by law or valid government/court requests.
  • In corporate transactions (e.g., merger, acquisition), subject to appropriate protections.

UpDash does not sell personal data.

Section 12

12. COOKIES AND TRACKING TECHNOLOGIES

UpDash may use cookies and similar technologies on the web Platform for functionality, security, analytics, and performance. You can control cookies via your browser settings. Some features may not function properly if cookies are disabled.

Section 13

13. YOUR RIGHTS

Under the Data Protection Act 2017 (Mauritius), you may have rights to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (deletion)
  • Restrict processing
  • Object to processing
  • Request data portability (where applicable)
  • Lodge a complaint with the Mauritius Data Protection Office

Requests may be sent to: legal@updash.mu.

App-specific request paths may also be available on the relevant mobile app privacy page.

UpDash may verify your identity before processing requests.

Section 14

14. MARKETING COMMUNICATIONS

UpDash sends promotional communications (email and push notifications) only where you have enabled/consented to such communications. You may opt out at any time via unsubscribe links or device settings.

Transactional communications (e.g., order confirmations, cancellations, refunds) may be sent as required to provide the service.

Section 15

15. AGE VERIFICATION (FUTURE RESTRICTED GOODS)

If restricted goods are offered in the future:

  • UpDash may require age verification and collection of government-issued ID.
  • ID copies are stored securely for 30 days for compliance/dispute purposes.
  • ID copies are permanently deleted after the retention period.
  • Access is restricted to authorized personnel on a need-to-know basis.

Section 16

16. DRIVER DATA PROCESSING

Driver personal data is processed for:

  • Identity verification and onboarding
  • Regulatory and compliance requirements
  • Delivery operations and performance
  • Safety and fraud prevention

Driver license and vehicle registration documents are retained for one (1) year after termination, then permanently deleted.

Section 17

17. CHANGES TO THIS POLICY

UpDash may update this Privacy Policy from time to time. The most current version will be made available on the Platform. Material changes may be communicated through the Platform.

Section 18

18. CONTACT

For privacy-related inquiries:

Email: legal@updash.mu

Republic of Mauritius