1. Who we are
GreenDrop Logistics ("GreenDrop", "we", "us", "our") operates a carbon-neutral delivery platform serving Brussels, Belgium. We are the data controller for the personal data described in this policy.
Questions about this policy or your data can be sent to contact@greendroplogistics.com.
2. Data we collect
We collect only the data we need to operate the GreenDrop platform and deliver your orders.
| Category | Examples |
|---|---|
| Identity | Full name, account password (hashed), date of birth (drivers only) |
| Contact | Email address, phone number, delivery address |
| Location | GPS location while the app is in use (drivers and customers during an active delivery), pickup and drop-off addresses |
| Payment | Card details and billing information (handled by Stripe β we never store full card numbers) |
| Driver verification | Government-issued ID, driver's licence, vehicle details (drivers only) |
| Usage | Order history, ratings, in-app messages, push-notification tokens, device model, app version, language preference |
3. How we use your data
We use your personal data to:
- Create and manage your account and authenticate you when you sign in.
- Receive, dispatch, route and complete delivery orders.
- Match drivers and customers and show real-time delivery progress on the map.
- Process payments and pay out driver earnings.
- Verify driver identity and eligibility before activation.
- Send transactional notifications (order updates, receipts, account alerts) by push and email.
- Provide customer support and resolve disputes.
- Detect, prevent and investigate fraud, abuse and security incidents.
- Comply with our legal and tax obligations in Belgium and the EU.
- Improve the service through aggregated, non-identifying analytics.
We do not sell your personal data, and we do not use it for third-party advertising.
4. Legal basis (GDPR)
Under Article 6 GDPR, we rely on the following legal bases:
- Performance of a contract β to deliver the service you signed up for (account, orders, payments).
- Legal obligation β to keep tax, accounting and driver-verification records required by Belgian and EU law.
- Legitimate interests β to keep the platform secure, prevent fraud and improve reliability.
- Consent β for optional features such as push notifications and precise location tracking. You can withdraw consent at any time in your device or app settings.
5. Third parties (sub-processors)
We share data only with vetted providers who help us run the service. Each acts as a processor on our behalf under a data-processing agreement.
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing and driver payouts | Name, email, billing address, card details (tokenised by Stripe) |
| Supabase | Database, authentication and file storage (hosted in the EU) | Account, order, location and verification data |
| Expo | Push notification delivery and app updates | Device push token, basic device metadata |
Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission to safeguard it.
6. Data retention
- Account data β kept while your account is active, and up to 30 days after deletion.
- Order and payment records β kept for 7 years to comply with Belgian tax and accounting law.
- Driver verification documents β kept for the duration of the driver relationship plus 5 years.
- Location history β retained for 90 days after the related delivery is completed, then deleted or aggregated.
- Support messages β kept for 2 years.
7. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you and receive a copy.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten") β you can delete your account from the app's Settings screen, or by emailing us.
- Restrict or object to certain processing.
- Data portability β receive your data in a machine-readable format.
- Withdraw consent at any time for processing based on consent (e.g. push notifications, precise location).
- Lodge a complaint with the Belgian Data Protection Authority (AutoritΓ© de protection des donnΓ©es) at autoriteprotectiondonnees.be.
8. Security
We protect your data with TLS encryption in transit, encryption at rest, role-based access controls, and regular security reviews of our systems and sub-processors. No system is perfectly secure β if we ever discover a breach affecting your data, we will notify you and the relevant authority within 72 hours, as required by Article 33 GDPR.
9. Children's privacy
GreenDrop is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us so we can remove it.
10. Changes to this policy
We may update this policy from time to time. When we make material changes, we will notify you in the app or by email before they take effect. The "Last updated" date at the top of this page always reflects the latest version.
11. Contact us
For privacy questions, data requests, or to exercise your GDPR rights:
- Email: contact@greendroplogistics.com
- Location: Brussels, Belgium