This Privacy Policy explains what personal information Pocket Shop collects, why we collect it, and how we use and protect it. It applies to the Pocket Shop website (mypocketshop.store) and the Pocket Shop mobile application.
Short version: We collect only what is needed to run the marketplace. We do not sell your data. Identity documents submitted for verification are seen only by our admin team. You can contact us at any time to access, correct, or delete your data.
1. What Information We Collect
Information you give us
| Who |
Data collected |
| All users |
Phone number, full name, gender, email address (optional), date of birth, profile photo |
| Buyers |
Delivery addresses, saved mobile money wallet numbers (MTN / Airtel / Zamtel) |
| Sellers |
Shop name & GPS location, NRC number, NRC front & back photos, live verification selfie, business license image, business name & registration number |
| Delivery agents |
Driver's license number, license front & back photos, live verification selfie, vehicle type, province / town / area |
Information collected automatically
- Device push token (FCM): A Firebase token so we can send you order notifications. You can disable notifications in your phone settings at any time.
- Real-time location: If you are a delivery agent on an active delivery, your GPS coordinates are shared with the buyer and the seller for that delivery only. Location sharing stops when the delivery is completed.
- Transaction records: Every payment, payout, and refund processed through the platform is recorded — including amount, currency, provider, and timestamps.
- Order history: Items ordered, order status changes, delivery addresses used per order.
- Reviews: Star ratings and text comments you submit on products.
Information from third parties
- PawaPay confirms to us whether your mobile money payment succeeded or failed. We do not receive your mobile money PIN.
- Africa's Talking delivers OTP codes to your phone number on our behalf.
2. Why We Collect This Information
| Purpose |
Legal basis |
| Verify your phone number via OTP when you register or log in |
Necessary to provide the service |
| Process mobile money payments for orders |
Necessary to provide the service |
| Verify sellers and delivery agents before approving their accounts |
Legal obligation — fraud prevention and marketplace safety |
| Share delivery agent location during active deliveries |
Necessary to provide the service (you consent by accepting a delivery assignment) |
| Send push notifications about your orders |
Consent — disable notifications in your phone settings at any time |
| Investigate disputes and prevent fraud |
Legitimate interest |
| Improve the platform and fix issues |
Legitimate interest |
3. Who We Share Your Information With
We do not sell your personal data to anyone. We share data only as described below:
- PawaPay — receives your mobile money number and the transaction amount to process payments and payouts. PawaPay is a regulated payment service provider.
- Africa's Talking — receives your phone number to deliver OTP SMS messages on our behalf.
- Firebase (Google) — receives your device token to deliver push notifications about your orders.
- OpenStreetMap / OSRM — delivery routing is computed using open map data. No personal data is transmitted to these services.
- DigitalOcean — our servers and database are hosted on DigitalOcean infrastructure in London, UK. Your data is stored there under DigitalOcean's data processing agreement.
- Other users (limited): When you place an order, your first name and delivery address are shared with the assigned seller and delivery agent for fulfilment purposes only. Sellers can see product reviews left by buyers.
- Law enforcement / regulators: We may disclose data to Zambian authorities if required by law.
4. Identity Documents
Sellers and delivery agents submit identity documents (NRC, driver's license, live verification photos) during the verification process. These documents are:
- Stored securely on our servers with access restricted to Pocket Shop administrators only
- Never shared with other users, sellers, or third-party advertisers
- Used solely to verify your identity before approving your account
- Retained for the duration of your account and for a period afterward as required by Zambian law
5. Your Rights
Under Zambia's Data Protection Act No. 3 of 2021, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or out-of-date information on your account
- Delete your account and associated personal data (financial records may be retained as required by law)
- Withdraw consent for push notifications at any time via your phone's notification settings
- Complain to Zambia's Data Protection Commissioner if you believe your rights have been violated
To exercise any of these rights, email us at pocketshopmarket@gmail.com. We will respond within 14 days.
6. Data Retention
| Data type | How long we keep it |
|---|
| Account and profile data | As long as your account is active; deleted within 30 days of account deletion request |
| Transaction and order records | 7 years — required for financial and tax compliance |
| OTP codes | Deleted immediately after use, or automatically after 10 minutes if unused |
| Verification documents (NRC, license, selfie) | For the life of your seller or delivery account, plus 3 years after closure |
| Push notification tokens | Until you log out or uninstall the app |
| Error logs | 90 days |
7. Security
- All data is transmitted over HTTPS (TLS encryption).
- Your password and mobile money PIN are never stored by Pocket Shop.
- Payments are processed entirely through PawaPay's secure payment infrastructure — we never handle raw card or wallet credentials.
- We use short-lived JWT tokens for authentication. Tokens expire regularly and are refreshed securely.
- Our database is a managed PostgreSQL instance on DigitalOcean with SSL-only connections and no public internet access.
8. Children
Pocket Shop is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has registered on our platform, please contact us immediately at pocketshopmarket@gmail.com and we will delete the account.
9. Changes to This Policy
We will notify you of material changes to this Privacy Policy via push notification or SMS at least 7 days before they take effect. The updated policy will always be available at mypocketshop.store/privacy.
10. Contact Us
For any questions, data access requests, or privacy concerns: