PassHai Vendor – Privacy Policy

This Privacy Policy explains how PassHai (“we”, “us”, “our”) collects, uses, and protects information in the PassHai Vendor Android application (the “App”). The App is intended only for registered vendors who have been onboarded into the PassHai system through invitation and verification.

This policy applies only to the PassHai Vendor app. It does not cover our household/consumer WhatsApp experience or other websites/services.

Questions? Contact us at:
Email: [email protected]

1. What the app does

The PassHai Vendor app lets registered street vendors:

• Log in using their phone number (OTP-based)
• Turn their Day ON / Day OFF status on the app
• Share their live cart location while Day is ON so nearby households who opted in can receive alerts

To do this, the app needs access to:

• Your phone number (for authentication and as your vendor account identifier)
• Your location (to send pings while you are online, so nearby households can be alerted)

2. Information we collect

2.1 Account & vendor profile

When you log in, or when we onboard you as a vendor, we may collect and store:

• Phone number (E.164 format) — used as the primary identifier for your vendor account (for example: +917XXXXXXXXX)
• Vendor name / display name
• Cart type (vegetables / fruits / household items)
• Vendor status (active / paused)
• Basic app state such as whether your Day is currently ON or OFF

We store this information in our backend (Firebase Firestore) under your vendor record. Your phone number is also used to communicate service alerts via WhatsApp where applicable.

2.2 Location data (important)

When you tap “Start Day”, the app:

• Starts a foreground location service with a persistent notification
• Receives your location using Google Play Services location APIs
• Sends location pings to our servers, typically:
  • Around every 2 minutes, and
  • Only when you have moved a certain distance (for example, ~40 meters)

The location data we collect may include:

• GPS coordinates (latitude, longitude)
• Accuracy estimate (in meters)
• Timestamp of the ping
• Your vendor identifier

We use this data to:

• Determine which nearby households should receive an alert when you are close
• Show recent activity in our internal admin dashboard for operations and support
• Help debug issues during the pilot (for example, missed alerts due to distance/accuracy)

When you tap “End Day”:

• The foreground location service stops
• The app stops sending new location pings

We do not request Android background location permission (ACCESS_BACKGROUND_LOCATION). Location collection occurs only while the foreground service is running after you start your day.

2.3 Device & diagnostics (limited)

We may collect limited technical information such as:

• App version
• Android version
• Device model/manufacturer
• Error logs for crashes or failed network calls

This is used for debugging and performance monitoring.

3. How we use your information

We use the information described above to:

1. Authenticate you as a vendor
   • Verify the phone number belongs to a registered vendor in our backend.
2. Operate your daily session
   • Track whether your day is ON or OFF.
   • Support operations and troubleshooting.
3. Send alerts to nearby households
   • Use your pings to determine which opted-in households are within the configured radius.
   • Trigger WhatsApp alerts through our backend when your cart is near them.
4. Security, abuse prevention & debugging
   • Log activity events (for example: start day, end day, ping events) for reliability and support.
   • Diagnose connectivity or accuracy issues.
5. Legal compliance
   • Comply with lawful requests and applicable legal obligations.

We do not sell your data to third parties or use your location for advertising.

4. Legal basis

We follow privacy principles such as:

• Service delivery
  We need your phone number and location (while Day is ON) to provide the nearby alert service.
• Legitimate interests
  We use limited diagnostics and activity logs to keep the system secure, reliable, and to debug issues.
• Consent (for permissions)
  You grant location permission and tap “Start Day” to begin location sharing. You can revoke permissions in system settings at any time.

5. Third-party services

We use trusted third-party services to run the app:

1. Google Firebase
   • Firebase Authentication (OTP phone login)
   • Firestore (storing vendor account data and location pings)

   These services process data on our behalf under Google’s terms and privacy policy.

2. Google Play Services (Location)
   • Used to retrieve your device location while Day is ON.
3. WhatsApp messaging delivery
   • We use messaging infrastructure to deliver WhatsApp alerts to households who opted in.
4. Crash reporting / analytics (optional)
   • If enabled later, we may use tools such as Firebase Crashlytics to understand crashes and performance issues.

We do not share your personal data with advertisers or unrelated third parties.

6. Data retention

We retain data only for as long as needed for the purposes described here.

• Vendor profile and operational history
  • Kept while your vendor account remains active in PassHai.
  • We may retain aggregated/anonymized data longer to improve service reliability and performance.
• Location pings
  • Stored to operate the service and support pilot troubleshooting.
  • We may remove or aggregate older pings as the system evolves.
• Local app data (on your device)
  • Minimal settings/cache stored locally and cleared by uninstalling or clearing app data.

If you want your vendor account to be paused or deleted, contact us using the details in the “Contact us” section. We may retain limited records where required for fraud prevention or legal obligations.

7. Your choices & controls

You have several controls:

1. Start / End Day
   • Tap “Start Day” to begin location sharing.
   • Tap “End Day” to stop location sharing.
2. Permissions
   • You can revoke location permission in device settings at any time.
   • If permissions are removed, the app may not be able to start your day or send pings.
3. Account
   • You can request pause/deletion by contacting support.
   • We may retain limited records for fraud prevention or legal compliance.
4. Uninstall
   • You can uninstall the app anytime to stop future data collection from your device.

8. Children’s privacy

The PassHai Vendor app is not intended for children. It is meant only for registered adult vendors. We do not knowingly collect personal information from children through this app.

9. Security

We take reasonable measures to protect your information, including:

• Using HTTPS for communication between the app and our servers
• Restricting access to vendor data via Firebase security rules and internal access controls
• Minimizing data stored on the device

However, no system is 100% secure, and we cannot guarantee absolute security.

10. Changes to this policy

We may update this Privacy Policy from time to time.

• We will update the “Last updated” date at the top when we make changes.
• For significant changes, we may notify you inside the app or via other appropriate channels.

11. Contact us

If you have questions, concerns, or requests about this Privacy Policy or your data, contact:

PassHai – Vendor Support
Email: [email protected]