PassHai Vendor – Privacy Policy

Last updated: 19 November 2025

This Privacy Policy explains how PassHai (“we”, “us”, “our”) collects, uses, and protects information in the PassHai Vendor Android application (the “App”). The App is intended only for registered vendors who have been onboarded into the PassHai system.

This policy applies only to the PassHai Vendor app, not to our consumer / household experience or any other websites or services.

If you have any questions, you can contact us at:
Email: [email protected]

1. What the app does

The PassHai Vendor app lets registered street vendors:

• Log in with their phone number
• Turn their “Day ON / Day OFF” status on the app
• Share their live cart location (while Day is ON) so nearby households who have opted in can receive alerts

To do this, the app needs access to:

• Your phone number (for authentication)
• Your location (to send pings to our servers while you are online)

2. Information we collect

2.1 Account & vendor profile

When you log in or when we onboard you as a vendor, we may process:

• Phone number (e.g. +91XXXXXXXXXX)
• Vendor name (e.g. “Sabji King”)
• Cart type (e.g. vegetables / fruits / household items)
• Admin status (e.g. active / paused)
• Basic app state such as whether your Day is currently ON or OFF

This information is stored in our backend (Firebase Firestore) under your vendor record.

2.2 Location data (very important)

When you tap “Start Day”, the app:

• Starts a foreground location service with a persistent notification
• Regularly receives your location (using Google Play Services location APIs)
• Sends location pings to our servers, typically:
  • Around every 2 minutes, and
  • Only when you have moved a certain distance (e.g. ~40m)

The location data we collect includes:

• GPS coordinates (latitude, longitude)
• Accuracy estimate (in meters)
• Timestamp of the ping
• Vendor identifier

This data is used to:

• Draw your trail in our internal admin dashboard
• Decide which nearby households should receive an alert when you are close
• Help debug issues during the pilot (e.g. “why didn’t this house get an alert?”)

When you tap “End Day” or close your session:

• The location foreground service is stopped
• The app stops sending new location pings

We do not request Android’s “background location” permission (ACCESS_BACKGROUND_LOCATION). Location collection happens only while the foreground service is running after you start your day.

2.3 Device & diagnostics (limited)

We may collect some basic technical information automatically, such as:

• App version and build
• Android version
• General device information (model, manufacturer)
• Error logs (for crashes or failed network calls)

This is primarily for debugging and performance monitoring.

3. How we use your information

We use the information described above to:

1. Authenticate you as a vendor
   • Verify the phone number belongs to a registered vendor in our Firestore vendors collection.
2. Operate your daily session
   • Track whether your day is ON or OFF.
   • Show status and trail in our admin dashboard (isOnline, lastOnlineAt, lastOfflineAt).
3. Send alerts to nearby households
   • Use your pings to determine which opted-in households are within the configured radius.
   • Trigger WhatsApp alerts via our backend systems when your cart is near them.
4. Security, abuse prevention & debugging
   • Log vendor activity events (e.g. start_day, end_day, ping) in vendor_activity for debugging.
   • Diagnose connectivity or accuracy issues.
5. Legal compliance
   • Where required by law, to comply with legal obligations, respond to lawful requests, or protect our rights and users.

We do not sell your data to third parties or use your location for general advertising.

4. Legal basis

Although the app is primarily India-focused, we align with the basic principles:

• Performance of a contract / service
  You install and use the app as a vendor; we need your phone and location to provide the service (alerts to nearby households).
• Legitimate interests
  We log activity and limited diagnostics to keep the system secure, reliable and to debug issues.
• Consent (for permissions)
  You explicitly grant location permission and tap “Start Day” to begin location sharing. You can revoke permissions in system settings at any time.

5. Third-party services

We rely on the following third-party services to run the app:

1. Google Firebase
   • Firebase Authentication (phone number login / OTP)
   • Firestore (storing vendor docs, vendor pings, vendor activity)

   These services process data on our behalf according to Google’s terms and privacy policy.

2. Google Play Services (Location)
   • Used to retrieve your device location when Day is ON.
3. (Optionally) Crash reporting / analytics
   • If enabled later, we may use Firebase Crashlytics or similar tools to understand crashes. We do not send any unnecessary personal content there.

We do not share your personal data with advertisers or unrelated third parties.

6. Data retention

We aim to retain your data only for as long as needed for the purposes described here.

• Vendor profile and history (vendors, vendor_activity, vendor_pings)
  • Kept while your vendor account is active in PassHai.
  • We may retain some aggregated or anonymised data longer for analytics and service improvement.
• Local app logs (on your device)
  • Stored in lightweight local storage (shared preferences) and rotated/trimmed regularly.
  • You can clear this by uninstalling the app or clearing app data.

If you would like your vendor account and associated data to be removed or paused, you can reach out to us using the contact details below.

7. Your choices & controls

As a vendor, you have several controls:

1. Start / End Day
   • Tap “Start Day” to begin location sharing and cart activity.
   • Tap “End Day” to stop location sharing and vendor pings.
2. Permissions
   • You can revoke location permission from your device settings at any time.
   • If permissions are removed, the app will not be able to start your day or send pings.
3. Account
   • You can request that we pause or delete your vendor account by contacting us.
   • In some cases, we may retain limited records for fraud prevention or legal obligations.
4. Uninstall
   • You can uninstall the app at any time. This stops future data collection from your device.

8. Children’s privacy

The PassHai Vendor app is not intended for children. It is meant only for registered adult vendors who have been onboarded by PassHai. We do not knowingly collect personal information from children through this app.

9. Security

We take reasonable technical and organizational measures to protect your information, including:

• Using HTTPS for communication between app and servers
• Restricting access to vendor data via Firebase security rules and internal access controls
• Limiting the amount of data stored on the device (local logs only for recent events)

However, no system can be 100% secure, and we cannot guarantee absolute security of the information.

10. Changes to this policy

We may update this Privacy Policy from time to time as we improve the app or as legal requirements change.

• We will update the “Last updated” date at the top when we make changes.
• For significant changes, we may also notify you inside the app or via other appropriate channels.

11. Contact us

If you have any questions, concerns, or requests about this Privacy Policy or your data, you can contact:

PassHai – Vendor Support
Email: [email protected]