🔒 Privacy Policy

Last Updated: December 10, 2025

📋 Introduction

Welcome to Maa Express ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our peer-to-peer luggage space marketplace platform ("Service").

By accessing or using Maa Express, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

🌐 Our Commitment

Your trust is paramount. We implement industry-standard security measures to protect your data and only collect information necessary to provide our peer-to-peer marketplace services.

📑 Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Information Sharing & Disclosure
  4. Data Storage & Security
  5. Your Privacy Rights
  6. Cookies & Tracking Technologies
  7. Third-Party Services
  8. Children's Privacy
  9. International Data Transfers
  10. Changes to This Policy
  11. Contact Us

📊 1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide when using our Service:

Data Category Examples Purpose
Account Information Full name, email address, phone number, password Account creation, login, communication
Profile Details Profile photo, bio, preferred language, payout preferences Profile customization, payment processing
Identity Documents Passport photo, driver's license, NID, age proof card Identity verification, fraud prevention
Travel Details Origin/destination cities, travel dates, flight tickets Listing creation, matching buyers/sellers
Financial Information Bank account details, PayID, Wise account, bKash number Payout processing, payment verification
Parcel Information Parcel photos, sender/receiver details, delivery addresses Order fulfillment, delivery verification
Communication Data Messages, reviews, ratings, support tickets Customer support, dispute resolution

1.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, clicks, search queries
  • Location Data: Approximate location based on IP address (not precise GPS)
  • Cookies: Session cookies, authentication tokens, preference cookies

1.3 Information From Third Parties

  • Payment Processors: Stripe, PayPal transaction data
  • Firebase Services: Authentication logs, file storage metadata
  • Social Media: Public profile data (if you link social accounts)
⚠️ Sensitive Data Collection

Identity documents (passport, driver's license) are only visible to authorized Maa Express administrators for verification purposes. Sellers and buyers never see each other's identity documents.

🔧 2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Core Service Delivery

  • ✅ Creating and managing your account
  • ✅ Processing transactions and payments
  • ✅ Matching travelers (sellers) with senders (buyers)
  • ✅ Generating handover and delivery verification codes
  • ✅ Facilitating communication between users
  • ✅ Displaying your listings to potential buyers

2.2 Identity Verification & Security

  • 🔐 Verifying identity documents (passport, driver's license, NID)
  • 🔐 Preventing fraud, scams, and unauthorized access
  • 🔐 Enforcing our Terms of Service
  • 🔐 Resolving disputes between buyers and sellers
  • 🔐 Complying with legal obligations (KYC, anti-money laundering)

2.3 Communication

  • 📧 Sending transactional emails (order confirmations, payment receipts)
  • 📧 Notifying you about account activity (password changes, suspicious login)
  • 📧 Responding to support requests and inquiries
  • 📧 Sending marketing communications (with your consent)

2.4 Platform Improvement

  • 📊 Analyzing usage patterns and trends
  • 📊 Conducting research and data analysis
  • 📊 Testing new features and improvements
  • 📊 Generating anonymized statistics
💡 Legal Basis for Processing (GDPR Compliance)

We process your data based on: (1) Contractual Necessity (to provide our Service), (2) Legitimate Interests (fraud prevention, analytics), (3) Legal Obligation (KYC, tax reporting), and (4) Your Consent (marketing emails, optional features).

🔄 3. Information Sharing & Disclosure

We share your information in the following circumstances:

3.1 Between Buyers & Sellers (Conditional Visibility)

Contact details (phone, email, address) are shared between buyer and seller ONLY when all 5 conditions are met:

  1. ✅ Payment verified (payment_status == 'paid')
  2. ✅ Buyer uploaded documents (parcel photo + sender ID)
  3. ✅ Handover & delivery codes generated
  4. ✅ Buyer's identity verified by admin
  5. ✅ Seller's identity verified by admin
⚠️ Before Conditions Met

Contact details are masked (e.g., phone: +61 41****48, email: j***@example.com) until all 5 conditions are satisfied. This protects both parties from spam and fraud.

3.2 Service Providers

We share data with trusted third-party providers who assist in operating our platform:

  • Payment Processors: Stripe (card payments), PayPal (PayPal checkout)
  • Cloud Storage: Firebase Storage (document uploads), Google Cloud Platform
  • Authentication: Firebase Auth (phone verification, email authentication)
  • Email Service: SendGrid / AWS SES (transactional emails)
  • Analytics: Google Analytics (anonymized usage data)

All service providers are contractually obligated to protect your data and use it only for providing their services to us.

3.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • 🏛️ Court orders, subpoenas, or legal processes
  • 🏛️ Government or regulatory requests
  • 🏛️ Law enforcement investigations
  • 🏛️ Protection of our legal rights or safety of others

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change via email.

✅ We DO NOT Sell Your Data

Maa Express never sells, rents, or trades your personal information to third parties for marketing purposes.

🔐 4. Data Storage & Security

4.1 Where We Store Your Data

  • Primary Database: MySQL (encrypted at rest)
  • File Storage: Firebase Storage (TLS/SSL encrypted)
  • Session Data: Flask sessions (server-side, encrypted)
  • Geographic Location: Servers located in Australia and USA (Google Cloud Platform)

4.2 Security Measures

We implement industry-standard security practices:

  • 🔒 Encryption: All data transmitted via HTTPS/TLS 1.3
  • 🔒 Password Security: Bcrypt hashing with salts (never stored in plain text)
  • 🔒 Access Controls: Role-based access (admin, user, guest)
  • 🔒 Firebase Rules: Strict storage security rules (authenticated users only)
  • 🔒 Code Verification: Handover/delivery codes with 5-attempt limits
  • 🔒 Regular Audits: Periodic security reviews and penetration testing
  • 🔒 Fraud Detection: Automated monitoring for suspicious activity

4.3 Data Retention

Data Type Retention Period Reason
Account Information Active account + 3 years after deletion Legal obligations, dispute resolution
Identity Documents 5 years after last transaction KYC compliance, fraud prevention
Transaction Records 7 years Tax reporting, financial audits
Chat Logs 2 years Dispute resolution, customer support
Analytics Data Anonymized indefinitely Platform improvement
⚠️ No System is 100% Secure

While we strive to protect your personal information, no internet transmission or electronic storage method is completely secure. We cannot guarantee absolute security but employ reasonable measures to protect your data.

⚖️ 5. Your Privacy Rights

Depending on your location, you may have the following rights:

5.1 GDPR Rights (EU Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive data in machine-readable format
  • Right to Object: Opt-out of certain processing activities
  • Right to Withdraw Consent: Revoke consent for data processing

5.2 CCPA Rights (California Users)

  • Right to Know: What personal data we collect and how it's used
  • Right to Delete: Request deletion of personal data
  • Right to Opt-Out: Opt-out of sale (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

5.3 How to Exercise Your Rights

To submit a privacy request:

  1. Email us at privacy@maaexpress.com
  2. Include your full name, email, and specific request
  3. We will respond within 30 days
  4. Identity verification may be required (for security)
💡 Account Management

You can update most personal information directly in your Account Dashboard → Profile Tab. For sensitive requests (deletion, data export), contact our support team.

🍪 6. Cookies & Tracking Technologies

6.1 What Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Session management, authentication, security Session (deleted when browser closes)
Preference Cookies Language, currency, country code preferences 1 year
Analytics Cookies Google Analytics (anonymized usage data) 2 years
Payment Cookies Stripe, PayPal session tracking Session

6.2 Managing Cookies

You can control cookies through:

  • 🔧 Browser Settings: Most browsers allow blocking/deleting cookies
  • 🔧 Opt-Out Tools: Google Analytics opt-out extension
  • 🔧 Do Not Track: We respect DNT browser signals
⚠️ Note

Disabling essential cookies may prevent you from logging in or using core features of the Service.

🔗 7. Third-Party Services

Our platform integrates with third-party services. Each has its own privacy policy:

7.1 Payment Processors

7.2 Firebase Services (Google)

7.3 Analytics

💡 No Liability for Third Parties

We are not responsible for the privacy practices of third-party services. Please review their privacy policies before using their services through our platform.

👶 8. Children's Privacy

Maa Express is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@maaexpress.com.

⚠️ Age Verification

Our Terms of Service require users to be at least 18 years old. Identity documents submitted during verification must show a birth date confirming legal age.

🌍 9. International Data Transfers

Maa Express operates globally. Your information may be transferred to and maintained on servers located in countries outside your jurisdiction, including:

  • 🌏 Australia (primary servers)
  • 🌎 United States (Google Cloud Platform, Firebase)
  • 🌍 European Union (backup servers)
🛡️ Adequacy & Safeguards

We comply with EU-US Privacy Shield principles and use Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to non-EEA countries.

By using Maa Express, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

📝 10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • ✉️ Notify you via email (if you have an account)
  • 📢 Display a prominent notice on the website
  • 📅 Update the "Last Updated" date at the top of this policy
💡 Your Continued Use = Acceptance

Your continued use of Maa Express after changes to this Privacy Policy constitutes your acceptance of the updated terms. Please review this page periodically.

Previous versions: Available upon request at privacy@maaexpress.com

📧 Contact Us

For questions about this Privacy Policy or to exercise your privacy rights:

Email: privacy@maaexpress.com

Support: support@maaexpress.com

Mail: Maa Express Privacy Team
Sydney NSW 2000, Australia

Phone: +61 414 446 248

Response Time: Within 30 days of receiving your request