Privacy Policy for ZUVEES Operations Team App

Last updated: March 13, 2026

Version: 1.0

Zuvees Delivery Services ("Company," "we," "our," or "us") operates the ZUVEES Operations Team App ("App"), a mobile application built for internal warehouse operations staff — specifically order pickers and florists — within the Zuvees supply chain. This Privacy Policy explains how we collect, use, process, store, and protect your personal information when you use our App.

By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the App immediately.

1. INFORMATION WE COLLECT

The App collects only the information necessary to perform warehouse operations and fulfil orders:

1.1 Account and Identity Information

  • Email address — used for login authentication only
  • Password — transmitted securely over HTTPS and never stored locally on the device
  • Full name and phone number — received from the backend after successful login
  • Assigned role(s) — Picker, Florist, or both — received from the backend and stored locally for session management
  • Internal user ID and picker/florist identifiers assigned by Zuvees

1.2 Operational Work Data

  • Order picking activity — which order items and DRS (Delivery Route Sheets) you pick, mark, or scan during a shift
  • QR code values scanned during the picking process for order item verification (not stored on device)
  • Florist SKU assignments — items assigned to you and quantities submitted for QC
  • Picker preferences such as sort order (by orders or items) and order source filter (Shopify or Marketplace), stored locally on the device
  • DRS and order status updates transmitted in real time via WebSocket

1.3 Camera Usage

  • Camera permission is requested exclusively for QR code scanning during the picking and florist workflows
  • Camera frames are processed in real time on-device and are not stored, uploaded, or transmitted
  • No photos are captured or saved by the App

1.4 Session and Connectivity

  • Authentication token — issued by the Zuvees backend upon login and stored securely on your device using Expo SecureStore (encrypted platform keychain)
  • Real-time connection status via Socket.IO to api.zuvees.ae for live order and DRS updates

2. INFORMATION WE DO NOT COLLECT

The App does not collect or request access to any of the following:

  • Location or GPS data
  • Microphone or audio
  • Contacts, calendar, or messages
  • Storage or media library
  • Third-party account credentials (no Google Sign-In or OAuth)
  • Advertising identifiers or behavioural tracking data
  • Crash reports or analytics via any third-party SDK

3. LEGAL BASIS FOR PROCESSING

We process your information based on:

  • Contractual Necessity: To enable your role as a picker or florist within our operations platform
  • Legitimate Business Interests: For warehouse efficiency, operational accuracy, and supply chain management
  • Legal Compliance: To meet record-keeping and regulatory requirements in jurisdictions where we operate

4. HOW WE USE YOUR INFORMATION

4.1 Core Operations

  • Authenticating your identity and maintaining your session securely
  • Displaying your assigned DRS sheets, order items, and SKU tasks
  • Recording picking confirmations and florist SKU submissions to the backend
  • Enabling real-time status synchronisation across the operations team

4.2 Quality and Performance

  • Tracking fulfilment accuracy for QC review by operations managers
  • Maintaining picker and florist activity records for operational oversight

4.3 Security and Access Control

  • Verifying identity via secure token-based authentication on every API request
  • Restricting access to role-specific data (picker vs. florist endpoints)
  • Automatically clearing session data upon logout

5. DATA SHARING AND DISCLOSURE

5.1 We DO NOT sell, rent, or trade your personal information to third parties for any purpose.

5.2 We may share information with:

Internal Operations:

  • Authorised Zuvees operations supervisors and managers who oversee picker and florist workflows
  • Zuvees backend systems at api.zuvees.ae for processing orders and DRS data

Infrastructure:

  • Cloud hosting providers that serve the Zuvees backend with enterprise-grade security

Legal and Regulatory Requirements:

  • Law enforcement agencies when legally required
  • Regulatory bodies for compliance reporting
  • Legal proceedings where disclosure is mandated by court order

6. DATA STORAGE AND SECURITY

6.1 On-Device Storage

  • Authentication token and session data are stored using Expo SecureStore — backed by the iOS Keychain and Android Keystore, which provide hardware-backed encryption
  • Non-sensitive preferences (sort order, source filter) are stored in AsyncStorage and contain no personal data
  • No passwords, QR codes, or order content are ever persisted on-device

6.2 Network Security

  • All API communication with api.zuvees.ae is conducted over HTTPS (TLS encrypted)
  • WebSocket (Socket.IO) connections are also established over secure transport
  • All requests are authenticated using Bearer token authorisation headers

6.3 Access Controls

  • Role-based API endpoints ensure pickers only access picker data and florists only access florist data
  • Session is automatically invalidated and all local data cleared upon logout

7. DATA RETENTION AND DELETION

7.1 Retention Periods

  • Active operational records (picking history, SKU assignments): retained during employment and up to 3 years after termination for audit purposes
  • Financial and compliance records: retained for 7 years per applicable tax and accounting regulations
  • Support communications: retained for 2 years for quality assurance

7.2 Data Deletion

  • Automatic deletion of expired data per retention schedules
  • Manual deletion available upon valid user request, subject to legal obligations
  • Secure data destruction using industry-standard methods

8. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

8.1 Access and Portability

  • Request a copy of all personal data we hold about you
  • Receive data in a structured, machine-readable format

8.2 Correction and Updates

  • Request correction of inaccurate or incomplete personal information

8.3 Deletion and Restriction

  • Request deletion of personal data (right to be forgotten), subject to legal retention obligations
  • Restrict processing for specific purposes
  • Object to data processing based on legitimate interests

To exercise these rights, contact us at privacy@zuvees.ae with your request and identity verification.

9. INTERNATIONAL DATA TRANSFERS

  • Data may be processed in countries outside your jurisdiction
  • We ensure adequate protection through appropriate contractual and technical safeguards
  • Standard Contractual Clauses apply where required with international data processors

10. CHILDREN'S PRIVACY

This App is exclusively intended for Zuvees employees and operations staff who must be at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If such data is discovered, it will be deleted immediately and the associated account will be terminated.

11. UPDATES TO THIS POLICY

  • Material changes will be communicated via email and in-app notifications
  • Minor updates will be posted with an updated revision date
  • Continued use of the App after changes constitutes acceptance of the updated policy
  • Previous versions are available upon request for transparency

12. CONTACT INFORMATION

For privacy-related inquiries, concerns, or to exercise your rights:

📧 General Support: hello@zuvees.ae

🏢 Zuvees Delivery Services

📞 Privacy Hotline: +971 52 919 9477

Response Time: We aim to respond to all privacy inquiries within 72 hours.

13. EFFECTIVE DATE AND JURISDICTION

This Privacy Policy is effective as of March 13, 2026, and governs your use of the ZUVEES Operations Team App (com.zuvees.operations). This policy and any disputes arising from it shall be governed by and construed in accordance with the federal laws of the United Arab Emirates.