UpDash Technologies Ltd

UpDash is a technology company building a next-generation food delivery platform in Mauritius. We are currently preparing for public launch.

Contact: support@updash.mu | © 2026 UpDash Technologies Ltd. All rights reserved.

Version 1.0

UPDASH PRIVACY POLICY

This Privacy Policy explains how UpDash collects, uses, processes, stores, discloses, and protects personal data in Mauritius.

Effective Date: 26 February 2026

Jurisdiction: Republic of Mauritius

1. INTRODUCTION

UpDash ("UpDash", "we", "us", "our") is committed to protecting your personal data in accordance with the Data Protection Act 2017 of Mauritius.

This Privacy Policy explains how we collect, use, process, store, disclose, and protect personal data when you use our website, mobile applications, and related services (the "Platform").

Contact: legal@updash.mu

2. DATA CONTROLLER

UpDash Technologies Ltd Republic of Mauritius Email: legal@updash.mu

UpDash acts as Data Controller for customer and driver personal data processed through the Platform.

3. CATEGORIES OF PERSONAL DATA COLLECTED

3.1 Customer Data

  • Name
  • Email address
  • Phone number
  • Delivery addresses (manually entered by you)
  • Order history
  • Wallet transactions
  • Complaint submissions and customer support data
  • Uploaded complaint photos
  • IP address and device/session data (for security/fraud purposes)
  • Session metadata (e.g., IP address and user agent stored temporarily in Redis for session/audit tracking)

3.2 Payment Data

UpDash does not store card numbers or bank account details. Payments are processed via Peach Payments secure embedded checkout (PCI DSS Level 1 compliant).

UpDash may store limited payment metadata such as:

  • Transaction identifiers
  • Payment status
  • Refund status

3.3 Driver Data

  • Name
  • Contact details
  • Driver license copy
  • Vehicle registration documents
  • Background/compliance documentation
  • Last active GPS location (during active delivery only)
  • IP address (for security/fraud purposes)

3.4 Age Verification Data (If Applicable)

For restricted goods (e.g., alcohol/tobacco), government-issued ID copies may be temporarily collected and stored for age verification and compliance purposes.

4. PURPOSES OF PROCESSING AND LAWFUL BASIS

UpDash processes personal data for the following purposes and lawful bases:

Data CategoryPurposeLawful Basis
Account dataCreate/manage account; provide Platform accessContract
Order & delivery dataFulfil Orders; provide delivery servicesContract
Payment metadataProcess payments/refunds; manage disputesContract
Security logs (IP/session/user agent)Security monitoring; fraud prevention; abuse detection; rate limitingLegitimate Interests
Complaint & support dataInvestigate issues/disputes; customer serviceLegitimate Interests
Driver onboarding documentsVerify eligibility; regulatory compliance; safety controlsLegal Obligation / Legitimate Interests
Marketing communicationsOffers and promotionsConsent
Fraud profilingDetect/refuse abuse; protect Platform integrityLegitimate Interests

5. PROFILING AND AUTOMATED PROCESSING

UpDash may use automated analysis and profiling to detect fraudulent or abusive behavior, including repeated refund abuse, suspicious complaint patterns, or other activity that may indicate misuse of the Platform.

Where fraud or serious abuse is confirmed following investigation, UpDash may permanently restrict an account.

Users may contact UpDash Support to request review of a restriction decision.

6. DATA RETENTION

UpDash retains personal data only as long as necessary for the purposes described in this Policy, and as required for compliance, tax, audit, and fraud prevention.

Data TypeRetention Period
Customer account dataUntil deletion request
Customer PII after deletion requestAnonymized within 5 days
Order recordsRetained for legal/tax/audit/fraud purposes (anonymized if account deleted)
Wallet recordsRetained for financial audit and fraud prevention (anonymized if account deleted)
IP/security logs stored in databasesUp to 6 months
Session metadata stored in RedisTemporary (session/audit purposes)
Support chat recordsDeleted 30 days after resolution
Complaint photosArchived for dispute handling and audit, then retained as required for legitimate purposes
Age-verification ID copies (restricted goods)30 days, then permanently deleted
Driver onboarding/compliance documents1 year after termination, then permanently deleted

7. ACCOUNT DELETION AND ANONYMIZATION

Upon a verified account deletion request:

  • The account is deactivated (soft deleted).
  • Personally identifiable information (PII) is anonymized within five (5) days.
  • Order and wallet records may be retained in anonymized form for legal, tax, audit, and fraud prevention purposes.

Anonymization is intended to be irreversible.

8. LOCATION DATA

8.1 Customers

UpDash does not track live customer GPS location. We store delivery addresses that you manually add to your profile for delivery purposes.

8.2 Drivers

UpDash tracks driver GPS location during active delivery and dispatch operations to provide accurate order tracking and to assign Orders efficiently. UpDash does not store driver historical GPS trails. UpDash stores only the driver's last active location and deletes it when the driver goes offline/logs out.

9. CROSS-BORDER DATA TRANSFERS

UpDash uses secure cloud infrastructure providers, including Microsoft Azure (Central India region) and Firebase services, to host and operate parts of the Platform.

Accordingly, personal data may be processed outside Mauritius in jurisdictions where these providers (or their subprocessors) operate.

Where cross-border processing occurs, UpDash implements appropriate technical and contractual safeguards intended to protect personal data in accordance with applicable data protection laws.

10. SECURITY MEASURES

UpDash implements industry-standard safeguards, which may include:

  • Encryption in transit (TLS)
  • Role-based access controls
  • Secure cloud infrastructure configuration
  • Audit logging and monitoring
  • Tokenized payment processing via third-party PCI-compliant providers
  • Rate limiting and abuse detection

No system can guarantee absolute security. You are responsible for keeping your credentials confidential.

11. DISCLOSURE OF PERSONAL DATA

UpDash may disclose personal data:

We share limited personal data (first name, last initial, phone number, and delivery address) with the assigned Vendor and Driver solely for the purpose of preparing and delivering your Order. Vendors and Drivers are required to use this data strictly for operational purposes and not for marketing or independent use.

  • To payment processors to complete payment/refund processing.
  • To cloud/technical service providers for hosting, analytics, messaging, and platform operations.
  • Where required by law or valid government/court requests.
  • In corporate transactions (e.g., merger, acquisition), subject to appropriate protections.

UpDash does not sell personal data.

12. COOKIES AND TRACKING TECHNOLOGIES

UpDash may use cookies and similar technologies on the web Platform for functionality, security, analytics, and performance. You can control cookies via your browser settings. Some features may not function properly if cookies are disabled.

13. YOUR RIGHTS

Under the Data Protection Act 2017 (Mauritius), you may have rights to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (deletion)
  • Restrict processing
  • Object to processing
  • Request data portability (where applicable)
  • Lodge a complaint with the Mauritius Data Protection Office

Requests may be sent to: legal@updash.mu. UpDash may verify your identity before processing requests.

14. MARKETING COMMUNICATIONS

UpDash sends promotional communications (email and push notifications) only where you have enabled/consented to such communications. You may opt out at any time via unsubscribe links or device settings.

Transactional communications (e.g., order confirmations, cancellations, refunds) may be sent as required to provide the service.

15. AGE VERIFICATION (FUTURE RESTRICTED GOODS)

If restricted goods are offered in the future:

  • UpDash may require age verification and collection of government-issued ID.
  • ID copies are stored securely for 30 days for compliance/dispute purposes.
  • ID copies are permanently deleted after the retention period.
  • Access is restricted to authorized personnel on a need-to-know basis.

16. DRIVER DATA PROCESSING

Driver personal data is processed for:

  • Identity verification and onboarding
  • Regulatory and compliance requirements
  • Delivery operations and performance
  • Safety and fraud prevention

Driver license and vehicle registration documents are retained for one (1) year after termination, then permanently deleted.

17. CHANGES TO THIS POLICY

UpDash may update this Privacy Policy from time to time. The most current version will be made available on the Platform. Material changes may be communicated through the Platform.

18. CONTACT

For privacy-related inquiries:

Email: legal@updash.mu Republic of Mauritius

END OF DOCUMENT