1. General Provisions

1.1. This Policy explains what data is processed when using the CourierCloud website and mobile application (hereinafter referred to as the «Service») and how we protect it. 1.2. The Service may use device location data, technical data, and in-app activity data to provide functionality for route building, navigation, and delivery tracking. 1.3. As part of the regular operation of the Service, we do not require registration, the creation of a public user profile, or the completion of forms to enter personal data such as the end user’s full name or email address, unless required by your company (employer/contractor). However, the Service may process such data if it is provided to us by your organization or entered within the corporate environment (e.g., details of the courier, sender, or recipient).

2. Data Controller and Contact Information

2.1. The Data Controller is CourierCloud. 2.2. For questions regarding data processing, you can contact the Data Protection Officer at: app@couriercloud.by.

3. What Data We Process

3.1. Location Data
We process your device’s location data if you have granted the appropriate permission in your device settings and within the application. Depending on the settings and usage scenarios, this may include:

• Location data during active use of the application (foreground).
• Location data in the background when you are logged into the Service and are «on shift» / «online» for the purposes of route and delivery tracking.

3.2. Cookies and Website/App Operation Data

• IP address, HTTP headers.
• Browser/device identifiers and advertising identifiers (if applicable).
• Software and settings information (OS, app version, language, time zone).
• Events/technical telemetry, error log files, performance data.
• Cookies and similar technologies on the website.

3.3. Delivery and Routing Data

• Addresses of pickup and delivery points.
• Internal IDs of orders, routes, barcodes, and service comments.
• Name and contact phone number of the sender/recipient, if such data is entered by your company or by you as part of the workflow.

3.4. Service Usage Data

• In-app actions (e.g., starting/ending a shift, accepting an order, changing delivery statuses, opening specific screens).
• Time and date of key events (start of the route, arrival at a point, completion of an order).

3.5. Sensitive Data
We do not process «sensitive» categories of data (e.g., health information, biometric data) as part of the regular operation of the Service.

4. Purposes and Legal Bases for Processing

4.1. Location Data
We process location data for:

• Building and optimizing delivery routes.
• Displaying your position on the map and navigating to delivery points.
• Tracking the progress of the route in real-time, including background operation, so that dispatchers and customers can receive up-to-date delivery statuses.

Legal basis:

• Your consent via the Android system prompt (location access permission) and/or internal Service settings. You can withdraw your consent at any time in your device settings; however, in this case, some of the Service’s functionality (routing and tracking) may become unavailable.

4.2. Cookies and Related Technical Data
We process cookies and technical data for:

• Ensuring the operability and security of the Service (authentication, protection against abuse, infrastructure resilience).
• Remembering technical preferences (e.g., language/region, if applicable).
• Diagnosing errors, analyzing performance, and improving the quality of the Service (if analytical tools are used).

Legal bases:

• For strictly necessary cookies and technical logs: our legitimate interest in ensuring the proper operation and security of the Service.
• For analytical and functional cookies (if used): your consent via the cookie banner/settings (if implemented on the website).

4.3. Delivery and Routing Data
We process such data for:

• Fulfilling contractual obligations to your company (employer/contractor), including planning, executing, and confirming deliveries.
• Generating internal reporting on deliveries and routes, and analyzing efficiency.

Legal basis:

• Performance of a contract with your company and/or fulfilling the legitimate interests of your company in the context of logistics processes.

5. Cookies: Types and Management

5.1. A cookie is a small piece of data stored on your device that helps the Service function correctly (e.g., remembering settings or maintaining a session). 5.2. The Service (on the website) may use:

• Strictly necessary (technical) cookies: without them, some functionality may not work properly.
• Functional cookies: help remember user choices (if such features are implemented).
• Analytical cookies: allow us to understand how the Service is used to improve it (if analytics services are connected). 5.3. You can disable or delete cookies in your browser settings; however, some features may become unavailable or unstable.

6. Data Sharing with Third Parties

6.1. We do not sell your data. 6.2. We may share a limited amount of data with contractors who help operate the Service (e.g., hosting providers, map and navigation providers, analytics, notification systems) — only to the extent necessary to provide and protect the Service, and subject to contractual confidentiality obligations and appropriate safeguards. 6.3. We may disclose data if required by applicable law, a lawful request from an authorized authority, or to protect our rights and interests. 6.4. Data on delivery execution and routes may be made available to your company (employer/contractor) and, to a limited extent, to customers/recipients for logistics and delivery confirmation purposes (e.g., the courier’s current location and order status).

7. Retention Periods

7.1. Location data is processed for as long as necessary to perform the respective function (route building and tracking). Historical route data may be stored longer for reporting, analytics, and defense against claims — for the period specified in the contract with your company and/or by law. 7.2. Cookies are stored on your device for the duration specified by the specific cookies and/or until you delete them in your browser settings.
7.3. Technical logs and telemetry (if maintained) are kept for a reasonable period necessary for security, diagnostics, and improvement of the Service, after which they are deleted or anonymized.

8. Security

8.1. We apply technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction, taking into account the nature of the data processed and the risks of processing. 8.2. Access to data is granted only to those employees and contractors who need it to support the operation of the Service, and only to the minimum extent necessary.
8.3. Despite the measures taken, no method of data transmission or storage can be absolutely secure, and we cannot guarantee the absolute security of information.

9. Your Rights and Permissions Management

9.1. Location Data
You can revoke location access at any time in your device settings (Android/iOS). In this case, the application will not be able to provide route building and location tracking features, and some functionality of the Service may be unavailable.

9.2. Cookies
You can manage cookies through your browser settings (delete or block them). If a separate cookie management interface is implemented on the website, you can change your settings via the respective banner/panel.

9.3. Other Rights
Depending on applicable law, you may have the right to:

• Request access to your personal data.
• Request the correction of inaccurate or incomplete data.
• Request the deletion of data in cases provided by law.
• Restrict processing or object to certain types of processing.
• Receive a copy of your data in a machine-readable format (right to data portability), if applicable.

To exercise these rights, you can contact us using the details in Section 2. We may request additional information to verify your identity.

10. Changes to the Policy

10.1. We may update this Policy in the event of changes to the operation of the Service, the scope of processed data, or legal requirements. 10.2. The current version of the Policy is published at: https://couriercloud.by/policy-en. In the event of material changes, we may additionally notify users through the Service or by other means, if required by law.