Privacy Policy
Last Updated: December 28, 2024
1. Introduction
Razah Auto Parts ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
2. Information We Collect
2.1 Personal Information
- Full name
- Email address
- Phone number (Sri Lankan mobile number)
- Delivery addresses
- Profile picture (optional)
2.2 Order Information
- Products ordered
- Order quantities and prices
- Order history
- Payment information (processed securely)
2.3 Technical Information
- Device type and model
- Operating system version
- App version
- IP address
- Usage data and analytics
2.4 Communication Data
- Customer support messages
- Complaints and feedback
- SMS message logs (OTP and notifications)
3. How We Collect Information
3.1 Direct Collection
- Registration forms
- Profile updates
- Order placement
- Customer support interactions
3.2 Automatic Collection
- App usage analytics
- Device information
- Error logs and crash reports
3.3 Third-Party Sources
- SMS verification service (Notify.lk)
- Image hosting service (Cloudflare R2)
4. How We Use Your Information
4.1 Primary Uses
- Create and manage your account
- Process and fulfill orders
- Send order confirmations and updates
- Provide customer support
- Verify your identity (SMS OTP)
4.2 Secondary Uses
- Improve app functionality
- Analyze usage patterns
- Develop new features
- Send promotional offers (with consent)
- Comply with legal obligations
4.3 Communication
- Order status updates via SMS
- Welcome messages for new customers
- Promotional messages (opt-out available)
- Important account notifications
5. Information Sharing and Disclosure
5.1 We DO NOT Sell Your Data
Your personal information is never sold to third parties.
5.2 Service Providers
We share data with:
- SMS Provider (Notify.lk): Phone number for OTP and notifications
- Image Hosting (Cloudflare R2): Profile pictures
- Delivery Partners: Name, phone, and delivery address
- Payment Processors: Transaction details (future feature)
5.3 Legal Requirements
We may disclose information when:
- Required by law or legal process
- Protecting our rights or property
- Preventing fraud or illegal activities
- Responding to government requests
5.4 Business Transfers
In case of merger, acquisition, or sale, your data may be transferred to the new entity.
6. Data Security
6.1 Security Measures
- Password encryption using bcryptjs (10 rounds)
- SSL/TLS encryption for data in transit
- Secure database connections with SSL
- JWT tokens with 7-day expiration
- Regular security audits
- Limited employee access to data
6.2 Data Storage
- Database: DigitalOcean MySQL with SSL
- Images: Cloudflare R2 (S3-compatible storage)
- Cache: Local device storage (encrypted)
- Backups: Regular automated backups
6.3 Breach Notification
In case of a data breach:
- Affected users notified within 72 hours
- Details of breach disclosed
- Steps to mitigate harm provided
7. Your Privacy Rights
7.1 Access and Correction
- View your account information in the app
- Update profile details anytime
- Request data export (contact support)
7.2 Data Deletion
- Request account deletion via support
- Data retained for 90 days post-deletion for legal compliance
- Order history retained for tax and legal purposes
7.3 Marketing Preferences
- Opt-out of promotional SMS anytime
- Transactional messages cannot be disabled
- Update preferences through support
7.4 Do Not Track
Our app does not respond to "Do Not Track" signals as we don't track for advertising.
8. Data Retention
8.1 Active Accounts
- Account data: Retained while account is active
- Order history: Retained indefinitely for records
- Chat history: Retained for 2 years
8.2 Inactive Accounts
- Accounts inactive for 3 years may be archived
- Notification sent before archiving
- Data can be restored upon request
8.3 Deleted Accounts
- Personal data deleted within 90 days
- Order data retained for 7 years (tax compliance)
- Anonymous analytics data may be retained
9. Children's Privacy
9.1 Age Restriction
- Our app is not intended for users under 18
- We do not knowingly collect data from minors
- Contact us if you believe a minor has provided data
10. International Data Transfers
10.1 Data Location
- Primary servers: DigitalOcean (Singapore region)
- Image storage: Cloudflare R2 (distributed)
- Data may be processed outside Sri Lanka
10.2 Transfer Safeguards
- Service providers comply with GDPR standards
- Data processing agreements in place
- Encryption during transfer
11. Cookies and Tracking
11.1 Mobile App Storage
- We use AsyncStorage for local data caching
- JWT tokens stored securely
- No third-party cookies
11.2 Analytics
- We may use analytics to improve the app
- Data is anonymized and aggregated
- No personal data shared with analytics providers
12. Third-Party Services
12.1 SMS Service (Notify.lk)
- Used for OTP verification and notifications
- Subject to Notify.lk privacy policy
- Only phone numbers shared
12.2 Image Hosting (Cloudflare R2)
- Used for profile pictures
- Images publicly accessible via CDN URL
- Subject to Cloudflare privacy policy
12.3 Third-Party Links
- App may contain links to external sites
- We are not responsible for third-party privacy practices
- Review third-party policies before providing data
13. Changes to Privacy Policy
13.1 Updates
- We may update this policy periodically
- "Last Updated" date will be revised
- Material changes notified via app or SMS
13.2 Continued Use
- Continued use after changes constitutes acceptance
- Review policy regularly
14. Contact Us About Privacy
For privacy-related questions:
| privacy@razahautoparts.lk | |
| Phone | +94 XX XXX XXXX |
| In-App | "Get In Touch" feature |
| Address | [Your business address] |
Data Protection Officer
- Name: [DPO Name]
- Email: [DPO Email]