1. Who we are
ParcelRide operates a controlled platform that arranges parcel delivery between senders, verified drivers, and receivers. For the personal data described here, ParcelRide acts as the data controller. The registered legal entity and its registered address will be confirmed in the final, counsel-reviewed version (see the review notes below).
2. Data we collect
We collect the following categories of personal data:
- Account data — name, email address, phone number, role (sender, driver, or admin), and authentication details.
- Order data — pickup and drop-off addresses, parcel size, weight, declared contents and value, and instructions.
- Receiver data — the receiver’s name, contact details, and delivery confirmation provided by the sender or receiver.
- Location data — driver location during active deliveries, used for matching, navigation, and live tracking.
- Proof artifacts — pickup and delivery photographs, timestamps, and confirmation codes used as evidence of handover.
- Communications — in-app messages between parties and support requests you submit.
- Payment metadata — limited transaction information from our payment provider; full card details are handled by the provider, not stored by us.
- Device & usage data — basic technical information needed to deliver, secure, and improve the service.
3. Why we use your data & legal bases
Under the GDPR, we rely on the following legal bases:
- Performance of a contract — to create and manage orders, match drivers, enable tracking, process payment, and complete deliveries.
- Legal obligation — to meet tax, accounting, customs (for cross-border parcels), and other legal requirements.
- Legitimate interests — to keep the platform safe and fraud-resistant, maintain event logs and proof artifacts, resolve disputes, and improve the service.
- Consent — where we ask for it, such as agreeing to the Terms & Privacy Policy at order creation. The agreed version is recorded with your order.
4. Sharing & recipients
To deliver a parcel, relevant details are shared between the parties to that delivery — for example, a Driver receives the pickup and drop-off information needed to complete the job, and a Receiver sees delivery status. We share data with service providers (sub-processors) that operate the platform on our behalf, including:
- Supabase — database, authentication, and file storage.
- Vercel — application hosting and delivery.
- Mapbox — maps, geocoding, and routing.
- Resend — transactional email.
- Twilio — SMS notifications.
- Stripe — payment processing.
- Web push notification delivery for status updates.
We may also disclose data where required by law or to protect the rights, safety, and security of users and the platform. We do not sell your personal data.
5. International transfers
The service operates across Sweden and Denmark, and we aim to host and process personal data within the EU/EEA. Where a provider processes data outside the EU/EEA, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses). The provider list and safeguards will be confirmed in the final version.
6. Retention
We keep personal data only as long as needed for the purposes above. Order records, proof artifacts, and event logs are retained to support delivery, disputes, safety, and legal obligations. Granular location data collected during deliveries is kept for a limited period and then removed or minimised. Exact retention periods per data category will be confirmed in the final version.
7. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of your data, where applicable.
- Restrict or object to certain processing.
- Receive your data in a portable format, where applicable.
- Withdraw consent at any time, without affecting processing already carried out.
- Lodge a complaint with your supervisory authority — in Sweden, IMY (Integritetsskyddsmyndigheten); in Denmark, Datatilsynet.
8. Security
We use technical and organisational measures to protect personal data, including row-level access controls, scoped tokenized links for receiver access, encryption of data in transit, and restricted administrative access. No system is perfectly secure, but we work to protect your data and to respond appropriately to incidents.
9. Cookies & local storage
We use only the storage necessary to run the service — for example, to keep you signed in and to maintain your session. We do not use the platform for advertising tracking.
10. Children
ParcelRide is intended for adults. It is not directed at children, and we do not knowingly collect personal data from anyone under 18.
11. Changes to this policy
We may update this policy as the service evolves. Material changes are reflected by a new version number, shown with the effective date at the top of this page. Because consent is captured at order creation, an updated version means you will be asked to agree again before placing your next order.
12. Contact
For privacy questions or to exercise your rights, contact privacy@parcelride.eu or use the in-app support channel. A monitored privacy contact mailbox will be confirmed before public launch.