Your privacy on ShopDesk

This Privacy Policy describes how ShopDesk(“ShopDesk”, “we”, “us” or “our”) collects, uses, shares and protects personal information when you use the ShopDesk websites, mobile applications, shop owner portal, delivery partner application, and related services (collectively, the “Service”).

ShopDesk operates a hyperlocal commerce platform that connects independent shops, customers and delivery partners in Ghana and other countries where the Service is offered. ShopDesk is the operator of the platform; the shops listed on the Service are independent businesses, not employees, agents or representatives of ShopDesk.

By creating an account or using the Service, you confirm that you have read and understood this Privacy Policy and our Terms of Service.

This Policy covers personal information that ShopDesk processes as a data controller in connection with the Service. It applies to:

• Customers who browse, register, place orders, chat, leave reviews, or otherwise use the customer-facing apps and website.
• Shop owners and their staff who register a shop on ShopDesk, list products, and process orders.
• Delivery partners who sign up to fulfil deliveries through ShopDesk.
• Visitors who interact with our public pages without creating an account.

Independent shops. When you interact with a shop on ShopDesk (for example, by placing an order), the shop also processes your personal information for its own purposes, such as preparing your order, issuing receipts, complying with tax law, and operating its own customer relationship. Each shop is an independent data controllerfor those activities and is responsible for its own compliance with applicable privacy and consumer protection laws. ShopDesk is not responsible for the privacy practices of individual shops outside the scope of the platform.

A. Information you give us directly.

• Name, phone number, email address, and password.
• Delivery addresses, including coordinates if you choose to pin a location.
• Profile information such as profile photo and preferences.
• For shop owners: business name, registration details, owner identification, bank or mobile money payout account, shop location, opening hours, and product catalogue.
• For delivery partners: identification documents, photograph, vehicle and licence details, and bank or mobile money payout account.
• Communications you send to us, including messages to support, in-app chats, and reviews.

B. Information we collect automatically.

• Device information (model, operating system, app version, language, time zone).
• Approximate or precise location, when you grant permission, to show nearby shops or route deliveries.
• IP address and connection information.
• Service usage data: pages or screens viewed, products opened, search terms, cart events, order timeline, app crashes and performance metrics.
• Cookies and similar technologies on our websites — see "Cookies and tracking" below.

C. Information from third parties.

• Payment information from our payment partners (e.g. Hubtel, Paystack), such as the result of a transaction. Full card numbers and similar credentials are processed by the payment partner directly and are not stored by ShopDesk.
• Identity verification results from KYC/AML providers used for shop and delivery partner onboarding.
• Authentication providers if you choose to sign in with a third-party account.
• Maps and routing providers used to display addresses and estimate delivery distance and time.

We use personal information to:

• Create and manage your account, authenticate you, and operate your sessions.
• Process and fulfil orders, including sharing the order with the shop and the delivery partner.
• Process payments and refunds via our payment partners.
• Display nearby shops, products and delivery estimates relevant to your location.
• Communicate with you about your account, orders, deliveries and service updates.
• Provide customer, shop, and delivery partner support.
• Detect and prevent fraud, abuse, restricted-item listings, and other safety issues.
• Comply with legal, regulatory, tax and accounting obligations.
• Measure and improve the Service, including troubleshooting, analytics and product development.
• Send promotional messages where permitted by law and your communication preferences.

We rely on different lawful bases for these activities depending on your country, including performance of a contract with you, legitimate interests in running and securing the Service, consent (where required), and compliance with legal obligations.

We share personal information only where necessary, and only with:

• Shops you order from. When you place an order, we share the information needed to fulfil it — your name, delivery address, contact number, the order details, and any chat messages you send to the shop.
• Delivery partners assigned to your order. They receive the pickup and drop-off addresses, your name and contact number, and live order status. Their access ends when the delivery is completed or reassigned.
• Service providers who help us run the platform — including hosting, payment processing, KYC, maps and routing, communications (SMS / email / push), analytics, customer support tooling, and fraud prevention. They are bound by contractual confidentiality obligations and may only process data on our instructions.
• Regulators, law enforcement and other authorities where we are required to do so by law, court order or other valid legal process, or where we believe disclosure is necessary to protect the safety of a person or to investigate fraud or abuse.
• Professional advisers such as auditors, lawyers and insurers, where strictly necessary.
• Successors in the event of a merger, acquisition, financing or sale of all or part of ShopDesk, subject to the same protections set out here.

We do not sell personal information. We do not share it with third parties for their own independent marketing.

Each shop on ShopDesk processes information about its customers in order to run its own business — for example, to fulfil orders, issue invoices, handle returns, comply with tax law, and respond to customer enquiries. For these activities, the shop acts as an independent data controller, not as a processor for ShopDesk.

ShopDesk requires every shop to:

• Use customer information only for the purpose of fulfilling and supporting the order, and for any lawful follow-up such as receipts and tax reporting.
• Comply with all applicable privacy, consumer protection and electronic communication laws in the country where the shop operates.
• Keep customer information confidential and protect it with reasonable technical and organisational measures.
• Honour customer requests to access, correct or delete information that the shop holds about them, in accordance with applicable law.
• Not contact customers for unsolicited marketing or sell customer data to third parties.

If you have a question about how a specific shop is using your data, please contact the shop directly. You can also contact us at privacy@shopdesk.online and we will help where we can.

We keep personal information for as long as it is needed to provide the Service and to meet the purposes set out in this Policy. Retention periods depend on the type of data and the applicable legal obligation.

• Account information is retained while your account is active and for a reasonable period after closure to handle queries, disputes and regulatory requests.
• Order, payment and tax records are retained for the period required by tax and accounting law in the country of operation (typically several years).
• KYC and identity verification records are retained as required by anti-money-laundering and consumer protection laws.
• Support correspondence is retained for as long as it is useful for quality, audit and dispute purposes.
• Marketing preferences are retained until you change them or close your account.

When data is no longer needed, we delete or anonymise it.

Subject to the laws that apply to you, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your data, where there is no overriding legal reason for us to keep it.
• Restrict or object to certain processing, including direct marketing.
• Receive a copy of your data in a portable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@shopdesk.online from the email address on your account. We may need to verify your identity before we can respond. We will reply within the timeframe required by law in your country.

Our websites use cookies and similar technologies (such as local storage and pixels) to operate the service, remember your preferences, keep you signed in, measure usage and improve performance. We use:

• Strictly necessary cookies that are required to deliver the Service (e.g. session, authentication, cart, language).
• Functional cookies that remember your settings.
• Analytics cookies and similar tools that help us understand how the Service is used in aggregate.

You can manage cookies through your browser settings. Blocking strictly necessary cookies may prevent parts of the Service from working.

We use industry-standard technical and organisational measures to protect personal information, including encryption in transit, access controls, monitoring, and regular reviews. Payment data is handled by our PCI-DSS compliant payment partners and is never stored in plaintext on our systems.

No method of transmission or storage is completely secure. You play an important role too: choose a strong, unique password, keep your OTP confidential, and tell us immediately if you suspect any unauthorised access to your account.

ShopDesk operates infrastructure and service providers in multiple countries. Where we transfer personal information across borders, we use appropriate safeguards (such as contractual data protection clauses) to ensure that the data continues to be protected to a level consistent with this Policy and applicable law.

The Service is intended for users who are at least the age of majority in their country (and in any event, at least 16 years old). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this Privacy Policy from time to time to reflect changes to the Service, our practices or applicable law. When we make material changes, we will notify you through the Service or by email before the change takes effect. The “Effective date” at the top of this page indicates when the latest version came into force.

If you have any questions about this Privacy Policy or our handling of personal information, please contact us at:

• Email — privacy: privacy@shopdesk.online
• Email — general support: support@shopdesk.online
• Email — legal: legal@shopdesk.online
• Country of operation: Ghana