Privacy Policy

Last updated: April 12, 2026

1. Data Controller

EasyCurrier ("we", "us", "our") is the data controller responsible for your personal data. We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Albanian data protection laws.

2. Types of Data Collected

We collect the following categories of personal data:

Personal Information

  • Full name, email address, phone number
  • Profile picture (optional)
  • Preferred language
  • Account credentials (hashed and salted, never stored in plain text)

Location Data

  • Pickup and delivery addresses for packages
  • Real-time GPS location during active deliveries (couriers only)
  • Service radius preferences (couriers only)

Delivery Data

  • Package details (title, description, category, dimensions, weight)
  • Bid information (prices, messages, estimated delivery times)
  • Delivery status history and tracking data
  • Proof of pickup and delivery photographs
  • Delivery signatures
  • Ratings and reviews

Payment Metadata

  • Token purchase and spending history
  • Stripe payment intent identifiers (we do not store full card numbers)
  • Wallet balance information

Communication Data

  • In-app chat messages between senders and couriers
  • Notification history
  • Dispute correspondence

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract performance -- Processing necessary to provide the Platform services you have requested, including account management, package posting, bidding, and delivery tracking.
  • Legitimate interest -- Processing necessary for our legitimate interests, such as fraud prevention, platform security, service improvement, and analytics.
  • Legal obligation -- Processing required to comply with applicable laws, including tax and financial reporting obligations.
  • Consent -- Where required, such as for marketing communications and non-essential cookies. You may withdraw consent at any time.

4. How We Use Your Data

  • Providing and maintaining the Platform
  • Processing bids, matching senders with couriers, and facilitating deliveries
  • Real-time delivery tracking and notifications
  • Processing token purchases and managing wallets
  • Identity verification for couriers
  • Resolving disputes between users
  • Improving our services through anonymized analytics
  • Sending transactional emails (delivery updates, bid notifications)
  • Preventing fraud and ensuring platform security

5. Data Sharing

We do not sell your personal data. We share data with the following categories of third parties only as necessary:

  • Stripe -- Payment processing and identity verification. Stripe processes payment data under their own privacy policy.
  • Email service provider (SMTP) -- For sending transactional emails such as delivery updates and account notifications.
  • Other users -- Senders and couriers can see each other's display names, ratings, and delivery-related information as part of the matching process.
  • Law enforcement -- When required by law, court order, or government request.

6. Data Retention

We retain your data for the following periods:

  • Account data -- Retained while your account is active and for 30 days after deletion request.
  • Delivery records -- Retained for 3 years for dispute resolution and legal compliance.
  • Transaction records -- Retained for 7 years for financial and tax compliance.
  • Chat messages -- Retained for 1 year after the associated delivery is completed.
  • Location data -- Active delivery tracking data is deleted 30 days after delivery completion.
  • Audit logs -- Retained for 2 years for security purposes.

7. Your Rights

Under the GDPR and applicable law, you have the following rights:

  • Right of access -- You may request a copy of all personal data we hold about you. Use the "Export My Data" feature in your account settings.
  • Right to rectification -- You may update or correct your personal data through your profile settings.
  • Right to erasure -- You may request deletion of your account and personal data. Use the "Delete Account" feature. Note that some data may be retained for legal compliance.
  • Right to data portability -- You may export your data in a machine-readable JSON format.
  • Right to object -- You may object to processing based on legitimate interest.
  • Right to restrict processing -- You may request restriction of processing under certain circumstances.
  • Right to withdraw consent -- Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at dpo@easycurrier.al or use the self-service features in your account settings. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies to operate the Platform. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

9. Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.3) and at rest
  • Password hashing using industry-standard algorithms
  • Rate limiting and brute-force protection
  • Regular security audits and monitoring
  • Access controls and role-based authorization
  • Automatic account lockout after failed login attempts

10. International Data Transfers

Your data may be transferred to and processed in countries outside of Albania or the European Economic Area when using third-party services (such as Stripe for payments). In such cases, we ensure that adequate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the Platform and, where appropriate, sending you a notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact the Data Protection Officer

If you have questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact our Data Protection Officer:

You also have the right to lodge a complaint with the Information and Data Protection Commissioner of Albania if you believe your data protection rights have been violated.

An unhandled error has occurred. Reload X