Privacy Policy

Last Updated: November 2025

Welcome to Sahla ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our food delivery application ("App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.

By using Sahla, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our App.

1. Information We Collect

1.1 Personal Information

We collect information that you provide directly to us, including:

Account Information: Name, email address, phone number, profile image, date of birth, and authentication credentials
Location Data: Your current location, delivery addresses, and location preferences (wilaya, city, etc.)
Order Information: Order history, preferences, restaurant selections, and payment information
Profile Data: User role (customer, restaurant owner, delivery person, or admin), preferences, and settings

1.2 Automatically Collected Information

When you use our App, we automatically collect certain information, including:

Device Information: Device type, operating system version, device model, unique device identifiers (Android ID, iOS identifierForVendor), device language/locale settings, mobile network information, and device screen resolution
Usage Data: How you interact with our App, including pages visited, features used, time spent, user behavior patterns, form interactions, button clicks, navigation paths, and feature usage statistics
Location Data: Real-time location information when you use location-based features (with your permission), including GPS coordinates, location accuracy, and location history for delivery tracking
Technical Data: IP address, network type, access times, error logs, crash reports, performance metrics (app load times, response times), and system performance data
Analytics Data: User journey tracking, session information (session duration, session start/end times), form completion analytics, form abandonment data, performance metrics, and user interaction events
Error and Debug Data: Application errors, crash reports, stack traces, device screenshots (for error context), view hierarchy information (for debugging), and technical logs to help us diagnose and fix issues
Push Notification Data: Firebase Cloud Messaging (FCM) tokens, device tokens for push notifications, notification preferences, and notification interaction data
Session Data: Session identifiers, session duration, last activity timestamps, and session-related performance metrics

1.3 Information from Third-Party Services

If you choose to sign in using third-party services, we may collect:

Google Sign-In: Your Google account information (name, email, profile picture)
Apple Sign-In: Your Apple ID information (name, email, if provided)
Phone Verification: Phone number verification through SMS OTP

2. How We Use Your Information

We use the information we collect for various purposes, including:

Service Delivery: To process and fulfill your orders, connect you with restaurants and delivery partners, and provide customer support
Location Services: To determine your delivery location, show nearby restaurants, and optimize delivery routes
Account Management: To create and manage your account, verify your identity, and maintain your profile
Personalization: To personalize your experience, recommend restaurants and menu items based on your preferences and order history
Analytics and Improvement: To analyze app usage, track user behavior patterns, improve our services, and develop new features
Communication: To send you order updates, promotional messages, and important notifications (with your consent)
Security and Fraud Prevention: To detect, prevent, and address technical issues, security threats, and fraudulent activities
Legal Compliance: To comply with applicable laws, regulations, and legal processes

3. Third-Party Services and Data Sharing

3.1 Service Providers

We share your information with trusted third-party service providers who assist us in operating our App, including:

Supabase: Database and authentication services for user accounts and data storage
Firebase: Analytics, crash reporting, push notification services (Firebase Cloud Messaging), and app performance monitoring
Sentry: Error tracking, performance monitoring, crash reporting, and debugging services. Sentry may collect device screenshots and view hierarchy information when errors occur to help us diagnose and fix issues. This data is collected only when errors occur and is used solely for debugging purposes.
Google Maps: Location services and mapping functionality
Payment Processors: To process payments for orders (if applicable)
Delivery Partners: To coordinate and fulfill deliveries
Restaurant Partners: To process and prepare your orders

3.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

3.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

4. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

Encryption of data in transit and at rest
Secure authentication and authorization mechanisms
Regular security audits and vulnerability assessments
Access controls and employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Location Data

Our App collects and uses location data to:

Show you nearby restaurants and delivery options
Calculate accurate delivery times and distances
Enable location-based search and filtering
Track delivery progress (for delivery partners)

You can control location permissions through your device settings. Note that disabling location services may limit certain features of the App.

            Background Location: We may request background location access to provide location-based notifications and improve delivery tracking. This permission is only requested when necessary and with your explicit consent.
        

6. Your Rights and Choices

6.1 Access and Correction

You have the right to access, update, or correct your personal information through the App's settings or by contacting us directly.

6.2 Data Deletion

You can request deletion of your account and associated data by:

Using the account deletion feature in the App settings (Profile → Edit Profile → Delete Account)
Requesting deletion online: Request Account Deletion
Contacting us directly via email at privacy@sahla-delivery.com

We will delete your information within a reasonable timeframe (typically within 30 days), except where we are required to retain it for legal, regulatory, or legitimate business purposes.

Quick Link: Request Account Deletion →

6.3 Data Export

You have the right to receive a copy of your personal data in a structured, commonly used format. Contact us to request your data export.

6.4 Opt-Out Options

Push Notifications: You can disable push notifications through your device settings or App preferences
Location Tracking: You can disable location services through your device settings
Analytics: Some analytics may be collected automatically, but you can limit tracking through your device settings

6.5 GDPR and CCPA Rights

If you are located in the European Economic Area (EEA) or California, you have additional rights under GDPR and CCPA, including:

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent

7. Children's Privacy

Our App is not intended for children under the age of 13 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

8. Data Retention

We retain your personal information for as long as necessary to:

Provide our services to you
Comply with legal obligations
Resolve disputes and enforce our agreements
Maintain business records for legitimate purposes

When you delete your account, we will delete or anonymize your personal information, except where retention is required by law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date at the top of this policy
Sending you a notification through the App (for material changes)

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

11. Cookies and Tracking Technologies

While our mobile App does not use traditional web cookies, we use similar technologies such as:

Device Identifiers: Unique device identifiers including Android ID (for Android devices) and identifierForVendor (for iOS devices) to identify your device for authentication, security, and service delivery purposes
Local Storage: Local storage and caching on your device to improve app performance and store preferences
Analytics SDKs: Firebase Analytics for app usage analytics, user behavior tracking, and feature usage statistics
Error Tracking: Sentry for crash reporting, error tracking, performance monitoring, and debugging. This may include device screenshots and view hierarchy information when errors occur to help us diagnose issues
Form Analytics: Tracking of form interactions, form completion rates, form abandonment, validation errors, and form performance metrics to improve user experience
User Journey Tracking: Tracking of user navigation paths, screen visits, feature usage, and interaction patterns to understand how users engage with our App
Performance Metrics: Collection of app performance data including load times, response times, and system performance metrics

These technologies help us understand how you use our App, diagnose technical issues, improve our services, and provide you with a better user experience. You can limit some tracking through your device settings, though this may affect certain app features.

12. SMS and Phone Permissions

Our App may request SMS permissions for phone number verification purposes. We use SMS to:

Send one-time passwords (OTP) for account verification
Verify phone numbers during registration and login

We do not read, store, or share your SMS messages beyond what is necessary for verification purposes. SMS permissions are only requested on Android devices running Android 12 and below (API level 32 and below), as newer Android versions handle SMS verification automatically without requiring these permissions.

12.5 Push Notifications and FCM Tokens

To send you push notifications, we collect and store:

Firebase Cloud Messaging (FCM) Tokens: Unique device tokens that allow us to send push notifications to your device
Device Tokens: Platform-specific tokens (Android FCM tokens, iOS APNS tokens) associated with your device
Notification Preferences: Your notification settings and preferences, including which types of notifications you want to receive
Notification Interaction Data: Data about how you interact with notifications (e.g., whether you open notifications, dismiss them, or take actions based on them)
Device Platform Information: Your device platform (Android or iOS), device locale/language settings, and device identifier (for authentication and security purposes)

FCM tokens are stored securely and are used solely for the purpose of delivering push notifications to your device. You can disable push notifications at any time through your device settings or App preferences. When you disable notifications, we will stop sending push notifications, but your token may remain stored until you delete your account.

13. Camera and Photo Permissions

Our App may request access to your device's camera and photo library for the following purposes:

Profile Photos: To allow you to upload and update your profile picture
Review Photos: To enable you to share photos with your restaurant and menu item reviews
Restaurant Images: For restaurant owners to upload menu item images and restaurant photos

We only access your camera and photos when you explicitly choose to upload an image. We do not access your entire photo library or monitor your camera usage. You can revoke these permissions at any time through your device settings.

Storage Permissions: On older Android devices (Android 10 and below), we may request storage permissions to save images you create or edit. On newer Android devices (Android 11+), we use scoped storage and do not require broad storage permissions. We only access storage when you explicitly choose to save or upload images.

14. Payment Data and Security

14.1 Payment Information

When you make a purchase through our App, we collect payment information, including:

Payment method details (cash on delivery, card payment, wallet payment)
Transaction history, amounts, and timestamps
Billing information if provided

14.2 PCI Compliance

We comply with Payment Card Industry Data Security Standard (PCI DSS) requirements. Credit card information is processed securely through certified payment processors. We do not store full credit card numbers on our servers. All payment data is encrypted during transmission and storage.

14.3 Payment Processors

Payment processing is handled by third-party payment processors who are PCI DSS compliant. These processors have their own privacy policies governing the use of your payment information.

15. Marketing and Promotional Communications

We may use your contact information to send you promotional materials, special offers, and marketing communications. You have the right to opt-out of these communications at any time by:

Using the unsubscribe link in promotional emails
Adjusting your notification preferences in the App settings
Contacting us directly to request removal from marketing lists

Please note that even if you opt-out of marketing communications, we may still send you important service-related messages, such as order confirmations, delivery updates, and account notifications.

16. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

Investigate the breach immediately and take steps to contain it
Notify affected users within 72 hours of becoming aware of the breach (as required by GDPR) or as soon as reasonably possible
Provide information about the nature of the breach, the data affected, and steps we are taking to address it
Implement additional security measures to prevent future breaches
Notify relevant data protection authorities when required by law

We will notify you through the App, email, or other appropriate means based on the severity and nature of the breach.

17. Review and Rating Data

When you submit reviews, ratings, or photos for restaurants or menu items:

Public Display: Your reviews, ratings, and photos may be displayed publicly on the App, including your username and profile picture
Restaurant Access: Restaurant owners can view reviews and ratings for their establishments, but not your personal contact information
Analytics: We may use aggregated review data for analytics and service improvement
Deletion: You can delete your reviews at any time through the App, which will remove them from public display

18. Customer Support Interactions

When you contact our customer support team, we may collect and store:

Conversation transcripts and communication history
Order-related information to assist with your inquiry
Account information relevant to your support request
Feedback and survey responses

This information is used to provide customer support, improve our services, and train our support team. Support interactions are retained for a reasonable period to assist with future inquiries and quality assurance.

19. Automated Decision-Making and Profiling

19.1 Automated Processing

We may use automated decision-making and profiling to:

Provide personalized restaurant and menu item recommendations based on your order history and preferences
Calculate delivery fees and estimated delivery times based on location and distance
Detect and prevent fraudulent activities and security threats
Match delivery orders with available delivery partners

19.2 Your Rights

You have the right to:

Request human review of any automated decision that significantly affects you
Object to profiling that is used for direct marketing purposes
Opt-out of certain automated processing where legally permitted

20. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

Consent: When you have given clear consent for specific processing activities (e.g., marketing communications)
Contract Performance: To fulfill our contractual obligations to provide delivery services
Legal Obligation: To comply with applicable laws and regulations
Vital Interests: To protect your vital interests or those of another person
Public Task: For tasks carried out in the public interest
Legitimate Interests: For our legitimate business interests, such as improving our services, fraud prevention, and analytics (where your rights do not override these interests)

21. Specific Data Retention Periods

We retain different types of data for varying periods:

Account Data: Retained while your account is active and for 3 years after account deletion for legal and business purposes
Order History: Retained for 7 years for tax, accounting, and legal compliance purposes
Reviews and Ratings: Retained until you delete them or for 5 years after account deletion
Support Interactions: Retained for 3 years for quality assurance and dispute resolution
Marketing Data: Retained until you opt-out or for 2 years after last interaction
Analytics Data: Aggregated and anonymized data may be retained indefinitely
Payment Data: Retained as required by financial regulations (typically 7 years)

After the retention period expires, we will securely delete or anonymize your personal data, except where retention is required by law.

22. Cross-Device Tracking

We may use technologies to recognize you across different devices to provide a consistent experience. This allows us to:

Sync your preferences and settings across devices
Analyze usage patterns across devices for service improvement
Enhance security by detecting suspicious activity across devices

You can limit cross-device tracking through your device settings and App preferences.

23. Do Not Track Signals

Some browsers and devices support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. We continue to monitor developments in this area. However, you can control tracking through your device settings and App preferences.

24. Enhanced California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights under the CCPA:

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
Right to Delete: Request deletion of your personal information (subject to certain exceptions)
Right to Opt-Out: Opt-out of the sale of your personal information (we do not sell personal information, but you have this right)
Right to Non-Discrimination: Exercise your privacy rights without discrimination
Right to Disclosure: Request information about data sharing practices

To exercise your CCPA rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within 45 days.

25. Enhanced GDPR Rights for EU Users

If you are located in the European Economic Area (EEA), you have enhanced rights under GDPR:

Right of Access: Obtain confirmation of whether we process your data and access to that data
Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of your data under certain circumstances
Right to Restrict Processing: Limit how we use your data in certain situations
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise your GDPR rights, please contact us or use the App's privacy settings. We will respond within one month (may be extended to two months for complex requests).

26. Complaints and Supervisory Authorities

26.1 Filing a Complaint

If you have concerns about how we handle your personal data, you have the right to file a complaint with:

Our privacy team (contact information provided below)
Your local data protection authority (for EU users) or relevant privacy regulator in your jurisdiction

26.2 EU Supervisory Authorities

EU users can find their local data protection authority at: https://edpb.europa.eu/about-edpb/board/members_en

26.3 California Privacy Rights

California residents can file complaints with the California Attorney General's Office.

27. Third-Party Links and Services

Our App may contain links to third-party websites, services, or applications that are not operated by us. These include:

Restaurant websites and menus
Payment processor websites
Social media platforms
Mapping services (Google Maps)

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

28. User Responsibilities

To help protect your personal information, we recommend that you:

Use a strong, unique password for your account
Keep your login credentials confidential and do not share them with others
Log out of your account when using shared devices
Keep your App and device operating system updated
Report any suspicious activity or security concerns immediately
Review your account settings and privacy preferences regularly

29. Restaurant and Delivery Partner Data Sharing

29.1 Restaurant Partners

When you place an order, we share necessary information with restaurant partners, including:

Order details (items, quantities, special instructions)
Delivery address and contact information
Your name (for order identification)
Phone number (for delivery coordination)

Restaurant partners do not have access to your payment information, full account details, or order history beyond the specific order.

29.2 Delivery Partners

When your order is assigned to a delivery partner, we share:

Restaurant pickup location
Delivery address and location
Your name and phone number (for delivery coordination)
Order information necessary for delivery

Delivery partners do not have access to your payment information, email address, or full account details.

30. Analytics and Advertising

30.1 Analytics Services

We use analytics services (such as Firebase Analytics and Sentry) to understand how users interact with our App. This includes:

Usage Statistics: App usage statistics, user behavior patterns, screen visits, navigation paths, and feature usage frequency
Performance Metrics: App performance metrics, crash reports, error rates, response times, load times, and system performance data
Feature Engagement: Feature usage and engagement data, form completion rates, form abandonment patterns, and user interaction events
Session Analytics: Session duration, session start/end times, session activity patterns, and user journey tracking
Error Analytics: Application errors, crash reports, stack traces, device information at time of error, screenshots (for error context), and view hierarchy data (for debugging purposes)
Device Analytics: Device type, operating system version, device model, device identifiers (for authentication and security), and device capabilities

30.2 Advertising

We may use your data to show you relevant advertisements within the App. We do not sell your personal information to third parties for advertising purposes. You can opt-out of personalized advertising through your device settings.

31. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@sahla-delivery.com

Website: https://sahla-delivery.com

Address: Sahla Delivery Team

32. Consent

By using Sahla, you consent to our Privacy Policy and agree to its terms. If you do not agree to this policy, please do not use our App.

This Privacy Policy is effective as of November 2025 and applies to all users of the Sahla Delivery App.