01 Introduction
Pakiter respects users’ privacy and is committed to protecting their personal data.
This Privacy Policy explains how we collect, use, store, share and protect personal data when a user uses Pakiter.
This Policy applies to senders, travellers, recipients, website visitors, app users, partners and any person who interacts with Pakiter’s services.
By using Pakiter, the user confirms that they have read and understood this Privacy Policy.
02 Who we are
Pakiter is a digital intermediation platform that connects people who wish to send small items with travellers who already have a planned trip and available space to carry an item compatible with that route.
For data protection purposes, Pakiter LLC acts as the data controller when it determines which data is collected, for which purposes and for how long.
Data controller: Pakiter LLC
Email: info@pakiter.com
03 Personal data we collect
We may collect different categories of personal data depending on how the user uses the platform.
Account data
- full name;
- email address;
- phone number;
- encrypted password;
- date of birth;
- profile photo;
- language;
- country of residence;
- account preferences.
Identification and verification data
When the identity verification feature is available, or when necessary for security, fraud prevention, payments, KYC or AML purposes, we may collect:
- identification document;
- passport, national ID card, driving licence or residence permit;
- selfie;
- liveness check;
- address;
- proof of address;
- tax identification number;
- country of tax residence;
- IBAN in the user’s name;
- results of checks carried out by external providers.
In the current version of Pakiter, some of these features may not yet be available. When they are activated, the collection and processing of this data will be clearly communicated to the user.
Trip and delivery data
We may collect:
- trip origin and destination;
- dates and times;
- means of transport;
- approximate route;
- available space;
- maximum accepted detour;
- package data;
- item description;
- weight, dimensions and declared value;
- pick-up location;
- delivery location;
- recipient data;
- proof of pick-up;
- proof of delivery;
- request status.
Location data
With the user’s permission or when necessary for the operation of the platform, we may collect:
- approximate location;
- real-time location during pick-up or delivery;
- history of pick-up and delivery events;
- GPS data associated with proof of delivery.
Payment data
Payments may be processed by regulated payment service providers. We may process or receive data such as:
- transaction identifier;
- amount paid;
- amount received;
- fees applied;
- payment status;
- partial payment method details;
- bank details required for withdrawals;
- chargeback, refund or dispute data.
Pakiter does not intend to store full bank card details when these are processed directly by the payment service provider.
Tax data
When necessary, we may collect:
- tax identification number;
- country of tax residence;
- tax address;
- amounts received through the platform;
- number of transactions;
- user category;
- documentation relating to professional activity, where applicable.
Communication and support data
We may process:
- messages between users;
- messages sent to support;
- complaints;
- disputes;
- reviews;
- photos or documents sent in support processes;
- records of communication with Pakiter.
Technical data
We may collect:
- IP address;
- device type;
- operating system;
- device identifiers;
- browser;
- access logs;
- cookies;
- security events;
- app or website usage data;
- diagnostic and error information.
04 Purposes of processing
We use personal data to:
- create and manage accounts;
- verify identity, where applicable;
- enable the sending and carrying of packages;
- match senders with travellers;
- process payments;
- enable withdrawals;
- confirm pick-ups and deliveries;
- prevent fraud;
- prevent money laundering;
- protect users;
- resolve disputes;
- provide support;
- comply with legal, tax and regulatory obligations;
- improve the platform;
- calculate sustainability statistics;
- send operational communications;
- send commercial communications, where permitted;
- maintain the technical security of the platform;
- enforce Terms and Conditions.
05 Legal bases for processing
We process personal data on different legal bases.
| Purpose | Legal basis |
|---|---|
| Creating an account and providing the service | Performance of a contract |
| Processing shipments and deliveries | Performance of a contract |
| Payments and withdrawals | Performance of a contract / legal obligation |
| KYC and fraud prevention | Legitimate interest / legal obligation |
| AML and platform security | Legitimate interest / legal obligation |
| Tax data and reporting | Legal obligation |
| Location during delivery | Performance of a contract / consent, as applicable |
| Marketing | Consent or legitimate interest, where permitted |
| Non-essential cookies | Consent |
| Biometric selfie/liveness | Explicit consent or another applicable legal basis |
Where we rely on legitimate interest, we assess whether that interest does not disproportionately affect users’ rights and freedoms.
06 Biometric data and facial verification
Pakiter may use a selfie, liveness check or facial comparison to verify that a document belongs to the user.
Where this processing involves biometric data for the purpose of uniquely identifying a person, we may request explicit consent or rely on another legal basis permitted by applicable law.
Refusing to complete verification may limit access to features such as carrying packages, receiving payments, withdrawing funds, increasing usage limits or operating as a recurring or professional traveller.
07 Sharing data with third parties
We may share personal data with:
- payment service providers;
- KYC and identity verification providers;
- AML and fraud prevention providers;
- cloud and hosting services;
- email, SMS and notification services;
- analytics providers;
- mapping services;
- support tools;
- insurers, where applicable;
- tax authorities;
- judicial, police or regulatory authorities, where required by law;
- legal, tax and accounting advisers;
- other users, only where necessary to carry out the delivery.
Example: the traveller may receive the data necessary for pick-up and delivery, and the sender may receive information about trip status and proof of delivery.
08 Data visible between users
To enable the platform to operate, certain data may be visible between users.
The sender may see
- the traveller’s name or public identifier;
- rating;
- approximate route;
- expected time;
- delivery status;
- confirmation of pick-up and delivery.
The traveller may see
- the sender’s name;
- pick-up location;
- delivery location;
- recipient’s name or contact details, where necessary;
- package description;
- delivery instructions.
The recipient may see
- information necessary to receive the package;
- traveller’s name or identifier;
- delivery code, where applicable.
We do not show identity documents, tax data, IBANs or sensitive data to other users.
09 International data transfers
Some providers may be located outside the European Economic Area.
Where there is an international transfer of data, Pakiter will adopt appropriate safeguards, such as adequacy decisions, standard contractual clauses, additional security measures and data processing agreements.
10 Data retention
We retain data only for as long as necessary to fulfil the purposes of this Policy, comply with legal obligations, defend legal claims, maintain security, prevent fraud and meet tax obligations.
| Type of data | Suggested period |
|---|---|
| Active account | while the account exists |
| Delivery data | 5 years |
| Tax/payment data | 5 to 10 years, depending on country |
| KYC data | as long as necessary for legal obligations and fraud prevention |
| Technical logs | 6 to 24 months |
| Support messages | 2 to 5 years |
| Marketing data | until consent is withdrawn or an objection is made |
| Closed account | deletion or anonymisation after legal obligations |
These periods should be adjusted according to the country where Pakiter is registered and where it operates.
11 Data security
Pakiter adopts technical and organisational measures to protect personal data, including:
- encryption in transit;
- encryption at rest where appropriate;
- access controls;
- strong authentication;
- audit logs;
- segregation of sensitive data;
- limitation of internal access;
- monitoring of suspicious activity;
- secure backups;
- provider review;
- incident response procedures.
Despite security measures, no system is completely free from risk.
12 User rights
Under applicable law, the user may have the right to:
- access their data;
- correct inaccurate data;
- erase data;
- restrict processing;
- object to processing;
- withdraw consent;
- request data portability;
- lodge a complaint with a data protection authority.
To exercise rights, the user may contact info@pakiter.com.
We may request identity verification before responding to a request.
Some rights may be limited where there are legal, tax or AML obligations, fraud prevention needs, pending disputes or a need to defend legal claims.
13 Account deletion
The user may request the closure or deletion of their account.
However, Pakiter may retain certain data where necessary to comply with legal obligations, meet tax obligations, prevent fraud, resolve disputes, protect other users, respond to authorities or defend legal claims.
After the applicable period, the data will be deleted or anonymised.
14 Cookies and similar technologies
Pakiter may use cookies and similar technologies to keep users signed in, ensure security, store preferences, analyse platform usage, improve features and carry out marketing, where permitted.
Essential cookies may be necessary for the platform to function.
Non-essential cookies, such as analytics or marketing cookies, will be used in accordance with applicable law and, where necessary, with consent.
More information is available at pakiter.com/legal/cookies.
15 Communications
We may send communications relating to account creation, identity verification, deliveries, payments, security, changes to the Terms, support, legal notices and operational messages.
We may also send commercial communications, news or campaigns where permitted by law.
The user may opt out of marketing communications at any time.
16 Automated decisions and risk profiling
Pakiter may use automated systems to assess risk, prevent fraud, detect suspicious behaviour, calculate usage limits and protect the platform.
These systems may consider factors such as transaction volume, delivery frequency, repeated routes, amounts received, data inconsistencies, multiple accounts, attempts to bypass limits, complaints or disputes and technical fraud signals.
Where an automated decision produces significant effects on the user, Pakiter will seek to provide human review where required by law.
17 Fraud prevention, AML and security
Pakiter may process data to prevent fraud, money laundering, illicit financing, use of false documents, prohibited packages, tax evasion, fake accounts and abuse of the platform.
We may block accounts, retain payments, require additional checks or report to competent authorities where necessary or required by law.
18 Minors’ data
Pakiter is not intended for persons under 18 years of age.
We do not knowingly collect data from minors.
If we identify that an account belongs to a minor, we may close it and delete the data, unless a legal obligation requires otherwise.
19 Sustainability and aggregated data
Pakiter may use aggregated or anonymised data to calculate estimated emissions avoided, optimised kilometres, most-used routes, environmental impact, logistics efficiency and usage statistics.
Where possible, this data will be anonymised or aggregated so that individual users cannot be directly identified.
20 External providers
To make Pakiter available, protect it and improve it, we may use external providers that process personal data on our behalf or as independent controllers, as applicable.
These providers may help us with infrastructure, authentication, databases, payments, maps, communications, identity verification, fraud prevention, support, analytics, notifications and other features necessary for the operation of the platform.
Providers currently used or planned
| Category | Provider or example | Purpose | Data that may be processed |
|---|---|---|---|
| Infrastructure, authentication and database | Supabase | Creating accounts, authenticating users, storing profiles, requests, trips, messages, files and technical data | name, email, profile, requests, trips, messages, files, technical logs and internal identifiers |
| Payments | Stripe or equivalent provider | Processing payments, holding funds, refunds, transfers, financial fraud prevention and compliance with legal obligations | payment data, transactions, country, payment status, required bank data and legally required information |
| Maps and places | Google Maps / Google Places API or equivalent provider | Place search, origin, destination, autocomplete and support for route creation | searched locations, origin, destination, addresses, approximate coordinates and technical data related to map usage |
| Identity verification/KYC | Didit or equivalent provider | Verifying identity, document, selfie/liveness and preventing fraud, when this feature is available | identity document, selfie, identity data, verification result and technical session data |
| Phone verification | Twilio or equivalent provider | Sending OTP codes by SMS, WhatsApp or call to confirm a phone number, when this feature is available | phone number, verification status, technical sending records and validation attempts |
| Communications | Email, SMS or push notification services | Sending operational messages, notifications, security alerts, legal communications and permitted communications | email, phone number, push token, communication content and delivery status |
| Analytics and diagnostics | Analytics/crash reporting tools, if used | Improving the app, fixing errors, analysing performance and understanding aggregated usage | usage events, device, operating system, crash logs and technical data |
| Support and customer service | Support tools, if used | Responding to support requests, complaints and disputes | name, email, messages, attachments, support history and case-related data |
Features not yet available
Some features, such as advanced identity verification/KYC or phone verification by OTP, may not be available in the current version of Pakiter.
When these features are activated, Pakiter may use providers such as Didit, Twilio or equivalents. In such cases, this Privacy Policy will be updated, where necessary, to reflect the data processed, the purposes and the applicable providers.
Provider responsibility
We select providers that adopt appropriate technical and organisational measures to protect personal data. Where applicable, we enter into data processing agreements and require providers to process data only in accordance with our instructions, applicable law and the purposes described in this Policy.
Some providers may act as independent controllers for certain data, for example in relation to payments, fraud prevention, legal obligations or regulatory compliance. In such cases, processing may also be subject to those providers’ privacy policies.
21 Changes to this Policy
We may amend this Privacy Policy to reflect legal, technical, operational or commercial changes.
Where a change is material, we will notify users by email, in-app message or another appropriate means.
The updated version will be published on the platform with the date of the latest update.
22 Short consent texts
The texts below may be used on specific app screens when these features are available. They should not be shown to the user before the corresponding feature is active.
KYC
I authorise Pakiter and its verification providers to process my identification data, official document, selfie and liveness check to confirm my identity, prevent fraud and protect the security of the platform.
Location
I authorise Pakiter to use my location during package pick-up and delivery to confirm the route, improve security, resolve disputes and provide proof of delivery.
Tax
I acknowledge that amounts received through Pakiter may constitute taxable income. Pakiter may collect and report tax data where required by law.
AML/fraud
Pakiter may monitor transactions and request additional checks to prevent fraud, money laundering, misuse of the platform and comply with legal obligations.
23 Contact
For questions about privacy, personal data or the exercise of rights, contact us at info@pakiter.com with the subject “Terms”, or through our contact page.