Skip to content
Zuta
Legal

Privacy Policy

This policy describes how Zuta Technologies, LLC ("Zuta", "we", "us", or "our") collects, uses, and protects information when you use the Zuta mobile application — available on the Apple App Store and Google Play under the package identifier "com.zota.zota" — and our website at thezuta.com. It applies equally to the app and the site, and is the policy linked to from within the app.

Last updated: April 20, 2026

Information we collect

We collect only what is needed to operate the Zuta marketplace and support you as a customer, merchant, or delivery agent.

  • Account & profile information — first name, last name, email address, phone number, password (stored encrypted), country, and preferred currency.
  • Shipping & delivery information — shipping address, delivery coordinates, and contact details used to fulfill your orders.
  • Transaction information — order history, cart contents, and references returned by our payment processors. Full payment-card numbers are handled by Stripe and Paystack and are not stored on Zuta servers.
  • Device & technical information — device model, operating system and version, unique device identifiers, app version and build, language, time zone, and IP address.
  • Usage information — screens viewed, features used, in-app events, search queries, and crash diagnostics.
  • Location information — approximate and precise location, collected only with your permission. Delivery agents may also share background location while actively performing a delivery.
  • Camera & photo input — images you choose to upload (e.g. profile photo, product images) and live camera frames processed on-device for QR scanning. QR frames are not captured, stored, or transmitted.
  • Biometric authentication signal — a success or failure result from Face ID or fingerprint verification that is performed entirely on your device. We never receive or store your biometric data itself.
  • Push-notification token — issued by Apple Push Notification service or Firebase Cloud Messaging, used to deliver order and account notifications.

Mobile app permissions

The Zuta app requests the following device permissions. Each is requested at the moment the related feature is used and can be revoked at any time through your device’s system settings.

  • Camera — to scan QR codes on packages (for delivery agents) and to let you take profile or product photos. QR frames are processed in real time and are not stored.
  • Photos and media library (read and add) — to let you select images for your profile or product listings and to save receipts or order images when you request it.
  • Location (foreground and background) — to determine delivery addresses, estimate shipping, and enable live delivery tracking for delivery agents while a delivery is active. Background location is not used outside of an active delivery.
  • Face ID or fingerprint — to verify your identity for sensitive actions such as logging in or confirming payment. Biometric matching takes place entirely on your device.
  • Notifications — to deliver order status, delivery updates, and account alerts.
  • Internet, network state, wake lock, foreground service, vibrate, full-screen intent — required for ordinary operation, timely notifications, and keeping delivery tracking alive while it is active.

How we use information

  • Create and maintain your account and authenticate you.
  • Process orders, shipping, and delivery tracking, and route payments through our payment processors.
  • Send transactional notifications (order confirmations, shipping updates, delivery status, security alerts).
  • Provide customer support and respond to your inquiries.
  • Improve the services, debug issues, and measure feature performance using aggregated analytics and crash reports.
  • Detect, prevent, and address fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.

Sharing and sub-processors

We do not sell or rent your personal information, and we do not use it for third-party advertising. We share limited personal data with the following service providers solely to operate the services. Each provider is bound by contractual confidentiality and data-protection obligations.

  • Google Firebase (Analytics, Crashlytics, Cloud Messaging) — app analytics, crash diagnostics, and push notifications.
  • PostHog — product analytics (events, screen views, aggregated usage metrics, and a hashed user identifier), hosted in the United States.
  • Stripe and Paystack — payment processing. Card details are entered into their secure fields and are not accessible to Zuta servers.
  • Apple Push Notification service and Google Firebase Cloud Messaging — delivery of push notifications.
  • Delivery partners — order details and delivery coordinates, strictly to fulfill your order.
  • Cloud hosting and email providers — for hosting the Zuta backend and sending transactional email.

Legal bases for processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or a jurisdiction with comparable law, we process your personal data on the following bases:

  • Performance of a contract — to create your account and fulfill your orders.
  • Legitimate interests — to secure the services, prevent fraud, and improve features, balanced against your rights.
  • Consent — for location, camera, photo library, notifications, and optional analytics. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other legal requirements.

Data retention

We retain personal information only for as long as necessary to provide the services, comply with legal and tax obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it.

Your rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated personal data.
  • Object to or restrict certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time where consent is the basis.
  • Lodge a complaint with your local data-protection authority.

Account deletion

You can delete your Zuta account at any time from within the mobile app under Account → Delete Account. You can also request account deletion from the web by emailing [email protected] from the address on file. We will delete your personal data within a reasonable period, except where retention is required by law (for example, tax and accounting records) or to resolve an active dispute.

Security

We apply industry-standard administrative, technical, and physical safeguards, including TLS encryption in transit, encrypted storage of sensitive fields such as passwords (kept in the device’s secure keystore via flutter_secure_storage), access controls, audit logging, and regular security reviews. No system is perfectly secure, so we encourage you to use a strong password and keep your device up to date.

Children’s privacy

The services are not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us at [email protected] and we will promptly delete it.

International data transfers

Zuta operates internationally, and our providers (including Firebase and PostHog) may process data in the United States and other countries. Where required, we rely on Standard Contractual Clauses and other approved transfer mechanisms to protect your information.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above, post the updated policy in the app and on this page, and, where the change is material, notify you by email or in-app notice.

Contact & Legal Notices

For privacy questions, to exercise your rights, or to send legal notices, please contact our data controller at:

Zuta Technologies, LLC
1060 Lincoln Avenue, Suite 20 #1058
San Jose, CA 95125
United States
[email protected]

You may also reach our privacy team directly at [email protected].