Privacy Policy — d.App
Last updated: May 18, 2026
CODE VISIONARY DESENVOLVIMENTO DE SISTEMAS LTDA ("we", "our", "us"), a Brazilian company, operates the d.App mobile application (the "App"). This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and your rights under the Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018).
1. Who This Policy Covers
This policy applies to:
- Customers placing delivery orders through the App.
- Operators/couriers managing and fulfilling deliveries.
2. Data We Collect
Account data
- Full name, email address, phone number.
Location data
- Precise real-time GPS location, collected while the App is in use:
- Customers: to set delivery addresses and track active orders.
- Couriers: to enable live delivery tracking.
- We do not collect location in the background unless you have explicitly granted background location permission on your device.
Delivery data
- Order history, delivery addresses, timestamps, and delivery status.
Device and technical data
- Device type, operating system version, App version, and device identifiers.
- Crash reports and error logs used to maintain App stability.
Payment data
- Payment is processed entirely by Stripe, Inc. We do not receive or store card numbers or full payment credentials. We retain only a transaction reference returned by Stripe. Stripe's privacy policy is available at stripe.com/privacy.
3. Legal Bases for Processing (LGPD Art. 7)
| Purpose | Legal basis (LGPD) |
|---|---|
| Create and manage your account | Contract performance (Art. 7, V) |
| Provide and coordinate deliveries | Contract performance (Art. 7, V) |
| Real-time courier location tracking | Contract performance / Legitimate interest (Art. 7, V and IX) |
| Push notifications for order updates | Consent (Art. 7, I) |
| Crash reporting and App improvement | Legitimate interest (Art. 7, IX) |
| Respond to support requests | Legitimate interest (Art. 7, IX) |
| Comply with legal or regulatory obligations | Legal obligation (Art. 7, II) |
We do not sell your personal data to third parties.
4. Third-Party Services
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Supabase, Inc. | Database, authentication, and backend | supabase.com/privacy |
| Google LLC — Google Maps SDK | Maps display and address geocoding | policies.google.com/privacy |
| Sentry (Functional Software, Inc.) | Error monitoring and crash reporting | sentry.io/privacy |
| Stripe, Inc. | Payment processing | stripe.com/privacy |
These providers may process data outside Brazil. Where that occurs, we rely on appropriate safeguards (standard contractual clauses or equivalent mechanisms) as required by LGPD Art. 33.
5. Data Retention
| Data type | Retention period |
|---|---|
| Account data | While account is active; deleted within 30 days of account deletion |
| Location data | 90 days from collection, then deleted |
| Order history | 5 years (Brazilian tax and commercial law compliance) |
| Crash / error logs | 30 days |
6. Your Rights (LGPD Art. 18)
As a data subject, you have the right to:
- Confirm whether we process your data.
- Access your personal data.
- Correct incomplete, inaccurate, or outdated data.
- Anonymize, block, or delete data processed without a valid legal basis.
- Request portability of your data to another service provider.
- Delete data processed based on your consent.
- Obtain information about third parties with whom we share data.
- Withdraw consent at any time.
- Lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd.
To exercise any right, contact us at: [email protected]
We will respond within 15 business days.
7. Children
The App is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact [email protected] and we will delete it promptly.
8. Security
We use TLS encryption in transit and encryption at rest for sensitive data. Access to personal data is restricted to authorized personnel on a need-to-know basis.
9. Changes to This Policy
We will notify you of material changes via in-app notice at least 15 days before they take effect. The "Last updated" date at the top reflects the current version.
10. Data Controller and DPO Contact
CODE VISIONARY DESENVOLVIMENTO DE SISTEMAS LTDA Brazil Privacy requests: [email protected] Data Protection Officer (Encarregado — LGPD Art. 41): Gustavo Rosa Winter Phone/WhatsApp: +55 51 99286-3619 Email: [email protected]