Amanah Privacy Policy

Effective date: October 17, 2025
Company: Amanah Global Inc. (“Amanah”, “we”, “us”)
Scope: This Privacy Policy applies to Amanah’s websites and mobile applications that link to or post this Privacy Policy (the “Services”).

Introduction

Amanah operates a peer-to-peer marketplace that connects shoppers with travelers who may purchase, carry, and deliver permitted items. We are not a courier or shipping company; we provide the technology and platform, payments are processed by Stripe, and users coordinate through in-app tools.

This Policy explains what we collect, why we collect it, how we use and share it, and the choices and rights available to you. By using the Services, you consent to the practices described here, in addition to any specific consents we present in-app (e.g., device permissions, marketing opt-ins). Depending on the activity, Amanah acts as a data controller (e.g., account, verification, safety) and engages vetted service providers (e.g., payments, analytics, hosting) who process data on our behalf under contract. Your data may be transferred and processed outside your country with safeguards appropriate to law. You can contact us anytime at privacy@myamanah.ca regarding this Policy or your rights.

Information We Collect Through the Services

We collect information you provide directly, information collected automatically when you use the Services, and information from trusted partners (e.g., Stripe for payments and identity-verification). Below are the main categories with clarifying detail:

  • Financial transactions (via Stripe). When you pay or receive payouts, Stripe collects the payment or payout details and provides us with non-sensitive transaction metadata (e.g., payment/payout status, amounts, currency, fees/FX, timestamps, Stripe IDs/tokens). We do not store full card or bank account numbers. We use this metadata to operate orders, manage payouts, and handle refunds/chargebacks.

  • Account & registration. Name, email, phone, country/region, password (stored hashed), language and notification preferences, and optional profile elements (photo, short bio). We also maintain security and session data (e.g., login events, token expiration, abuse flags) to protect accounts.

  • Role-specific marketplace data.
    Shoppers: product links/descriptions you submit, quantity, options (e.g., size/color), preferred delivery city/area, requested window, notes.
    Travelers: route(s) and dates you add, availability window, notes.
    We use this to help
    match shoppers with travelers and to display relevant requests/offers.

  • Verification (Travelers). To support trust and safety, travelers may provide government ID details (e.g., passport information and images), selfie/liveness results (if enabled), and proof of travel (e.g., e-ticket/itinerary). We also receive verification results/risk signals (e.g., match/validity) from verification providers. Raw verification data is restricted and used only for safety, compliance, and fraud prevention.

  • In-app chat & content. Messages and attachments exchanged between shopper and traveler (e.g., photos, receipts), delivery confirmations, ratings/reviews, and proof of delivery. We store these to enable coordination, provide support, and resolve disputes.

  • Promotions & communications. Email sign-ups, push notification settings, referral codes, and participation in campaigns or surveys—used to send transactional updates and, where permitted, marketing communications (you can opt out).

  • Interactive/public areas & reputation signals. Certain profile elements (e.g., first name/initial, city/region, traveler badges like ATTP, completion stats, and aggregated ratings) may be visible to other users to support transparency and trust. Sensitive verification data is never public.

  • Usage & device data. Pages/screens viewed, taps/clicks, session duration, feature usage, app version, device/OS, IP, time zone/locale, and crash/performance logs—used for security, reliability, and product improvement.

  • Approximate location. We may infer city/country from IP (or use device-level signals if you grant permission) to localize content and support route matching. If we ever request precise location, we will ask for explicit device permission and provide a control to turn it off.

  • Cookies/SDKs & integrated services. We use cookies (web) and SDKs (mobile) for sign-in/session continuity, remembering preferences, fraud prevention, performance/analytics, and (where permitted) attribution/marketing measurement. Some integrated services collect limited data directly under their own privacy terms.

  • Inquiries/support. Contact details and case history when you reach out to support, including attachments and our investigation notes, used to resolve issues and improve service quality.

  • Fraud prevention & safety signals. Device and network signals (e.g., IP reputation, VPN/proxy detection), velocity and duplicate-account checks, and automated/manual moderation flags that help us detect abuse and enforce policies.

  • AI assistant (when enabled). If you use our in-app assistant for eligibility/regulations guidance, we process your prompts and relevant context to generate answers. We minimize what we send to the model, keep logs for a limited time to improve safety and support, and we do not use your data to train third-party models without your opt-in.

How We Use Information Collected Through Our Services

We use information to operate the marketplace, keep users safe, process payments, support you, and improve the product. Depending on context, our legal bases include contract, legitimate interests, consent (where required), and legal obligations.

  • Operate the marketplace (core features).
    Create and manage accounts; display and match shopper requests to traveler routes; allow travelers to submit offers; enable in-app chat and coordination; show/record delivery confirmations; display limited profile and reputation signals (e.g., first name/initial, city, ratings, ATTP badge).

  • Payments & payouts (via Stripe).
    Initiate shopper charges and route traveler payouts; reconcile payment/payout status, fees/FX, refunds and chargebacks; keep financial records required by law and our policies. Stripe processes card and payout details; we receive metadata and statuses to run the flow and handle support.

  • Verification & safety.
    Verify traveler identity and trips; run fraud prevention and risk scoring; enforce platform/ATTP rules; detect prohibited items and off-platform payment attempts; investigate safety incidents and policy violations.

  • Customer support & disputes.
    Provide help via in-app/support channels; review evidence (e.g., photos, receipts, chat history); resolve order issues, delays, cancellations, refunds, and chargebacks; communicate outcomes and keep an audit trail.

  • Product quality, reliability & analytics.
    Monitor performance and crash logs; diagnose bugs; run limited A/B tests; measure feature usage to prioritize improvements; maintain security and service continuity.

  • Marketing & notifications (your choices apply).
    Send transactional communications (offer accepted, delivery reminders, payout notices) and service announcements; send marketing emails/push only with consent where required. You can adjust notifications or opt out of marketing at any time.

  • AI assistant (coming soon).
    Provide guidance on item eligibility and regulations. We minimize prompts/context sent to the model, retain logs for a limited time to improve safety/support, and will not use your data to train third-party models without your opt-in.

  • Legal, compliance & enforcement.
    Enforce our Terms and policies; meet tax, accounting, and recordkeeping duties; respond to lawful requests; protect the rights, property, and safety of Amanah, our users, and the public.

When Information We Collect May Be Disclosed to Third Parties

We share information only as needed, with safeguards, and never sell personal data.

  • Within Amanah’s corporate family. To operate, support, and secure the Services.

  • Counterparties (other users).
    To complete a transaction, limited profile and order/trip information is shared with the other party (e.g., first name/initial, city/region, traveler badges/ratings, order specifics necessary to meet and deliver). Sensitive verification data is not shared.

  • Service providers / processors.
    Cloud hosting and storage; identity verification/KYC; fraud prevention/security; analytics and crash reporting; email/SMS/push and in-app communications; customer support tooling; logging/monitoring. These providers are contractually bound to use data only on our instructions and to protect it.

  • Payments & payouts.
    Stripe
    receives the data it needs to process card payments and traveler payouts (and to handle refunds/chargebacks) under Stripe’s terms and privacy policy. We receive payment/payout statuses and identifiers, not full card or bank account numbers.

  • Integrated technologies (SDKs/APIs).
    Where third-party SDKs or embedded content are used (e.g., analytics, attribution), those parties may collect limited data directly under their own policies; we scope integrations to the minimum necessary and honor consent where required.

  • Local carriers (exceptions).
    If a shopper and traveler agree to use a local carrier for handoff, we may share the minimum shipment details needed (e.g., names, phone/email, addresses, tracking).

  • Aggregated or de-identified data.
    We may publish or share non-identifying statistics and insights.

  • Corporate events.
    In a merger, acquisition, financing, or sale of assets, data may be shared with advisors and successors under appropriate confidentiality and data-protection commitments.

  • Legal and safety.
    To comply with law or lawful requests; to enforce our Terms and policies; to detect, prevent, or address fraud, abuse, security, or technical issues; or to protect the rights, property, or safety of Amanah, users, or the public.

Security Measures for Information Collected Through Our Services

We implement administrative, technical, and organizational measures appropriate to the sensitivity of the data and the risks of processing. Controls include:

  • Encryption & key management. TLS for data in transit; encryption at rest for sensitive fields; managed keys with strict access controls.

  • Access control & authentication. Least-privilege access, role-based permissions, periodic access reviews, MFA for administrative accounts, session management and revocation.

  • Application & infrastructure security. Secure SDLC, code review and dependency management, input validation, rate limiting, WAF/firewalls, network segmentation, container isolation, hardened configurations.

  • Monitoring & logging. Centralized logging, anomaly detection, SIEM alerts, audit trails for sensitive actions (e.g., payouts, verification decisions), time-bound log retention.

  • Vulnerability management. Routine scanning, patching, and (where applicable) third-party penetration testing; tracked remediation.

  • Data minimization & retention. Collect only what we need; retain it only as long as necessary for the purposes described (and as required by law); then delete or de-identify.

  • Backups & continuity. Encrypted backups, disaster-recovery procedures, periodic restore testing.

  • Third-party risk management. Due diligence and contracts with processors; scoped permissions; review of security documentation.

  • Incident response. Documented plans, defined roles, and user/regulatory notifications where required by law; continuous improvement after any incident.

No security program can guarantee absolute protection, but we continuously improve our safeguards and practices to reduce risk and protect your data.

Managing Your Information (Access, Correction, Deactivation & Deletion)

You can manage your data through in-app settings (where available) or by emailing privacy@myamanah.ca from the email associated with your account. Please tell us whether you seek access, correction, deactivation, or deletion, and include your country/region. For your security, we may require identity verification (e.g., one-time code or request from the signed-in account). Where permitted, you may use an authorized agent; we may still ask you to verify directly.

Access & correction. You may request a copy of your personal information and ask us to correct inaccuracies. Some fields can be edited directly in the app (e.g., name, photo, phone, preferences). We may retain change history when needed for security, fraud prevention, dispute handling, or compliance.

Account deactivation (pausing use). If you only want to stop using Amanah without removing records, you may request deactivation. Deactivation prevents sign-in and notifications but preserves data needed for: (i) open orders/trips, (ii) financial and tax records, (iii) fraud/safety controls, and (iv) legal obligations. You can later ask to reactivate.

Deletion (erasure). You may request permanent deletion of your account and associated personal information. Deletion is irreversible and subject to lawful and operational limits described below.

  • Prerequisites. We cannot delete accounts with open orders/trips, unresolved disputes, unpaid balances, or pending payouts/chargebacks. We’ll help you close or resolve these first.

  • What is deleted. Profile and identifiers; credentials/tokens; marketplace role data (orders/trips you created as a party), most in-app messages and attachments from your view; preferences; marketing settings. We cease future processing and unlink remaining records from your identity where feasible.

  • What may be retained (limited and necessary).

    1. Payments & finance: transaction records, payout and tax/Accounting entries, chargeback and refund logs (kept for statutory periods).

    2. Safety & disputes: records needed to prevent fraud, enforce policies, and establish/defend legal claims (e.g., prior violations, dispute evidence).

    3. Counterparty records: information that forms part of another user’s transaction history (e.g., a shopper’s receipt, a traveler’s delivery proof, messages within a completed order). Such data is retained as part of that other user’s records; where possible we pseudonymize your identity (e.g., replace your name with a generic label).

    4. Backups & logs: residual copies in backups or audit logs that are not actively used will be purged on a scheduled cycle (typically 30–90 days) or minimized to the extent technically practicable.

    5. Aggregates & de-identified data: analytics or statistics that do not identify you may be retained.

  • Third-party processors. We will notify relevant processors (e.g., hosting, analytics, verification vendors) of your deletion request and instruct them to delete or de-identify your data consistent with their roles and the law. Stripe maintains payment/payout records under its own legal obligations; we cannot erase those from Stripe but we will delink them from your active account on our side.

  • Timing. We aim to respond to requests within 30 days (may extend for complex cases). Where local law specifies different timelines (e.g., up to 45 days in California; 1 month extendable by 2 months in the EEA/UK), we will follow those timelines and notify you of any extension and reason.

  • Confirmation. We will confirm when deletion is completed or explain why certain data must be retained (with references to the categories above).

Important notes.

  • Deletion does not affect information already shared with others as part of completed transactions (e.g., receipts/photos inside a closed order); we minimize or pseudonymize where possible.

  • If you return later, creating an Amanah account will generate a new profile with no linkage to your prior deleted account.

  • Your right to access/correct/delete may be limited by applicable law (e.g., when disclosure would adversely affect the rights of others or hinder fraud prevention). We will explain any denial or limitation we must apply.

For all requests, contact privacy@myamanah.ca or use the in-app flow (when available).

Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal data to us, please contact privacy@myamanah.ca and we will delete it.

Eligibility & Who May Not Use Amanah

To use Amanah you must have the legal capacity to enter a binding contract and meet all eligibility requirements below.

  • Minimum age. You must be at least 18 years old to create an account, request items, or act as a traveler.

  • Legal restrictions. You may not use the Services if use would violate any law applicable to you (e.g., customs, import/export, aviation, consumer protection) or if you are barred from using payment services or receiving payouts under Stripe or applicable financial regulations.

  • Sanctions/embargoes. You may not use Amanah if you are located in, or ordinarily resident of, a sanctioned or embargoed jurisdiction, or if you appear on relevant government sanctions lists (e.g., UN/EU/OFAC), to the extent prohibited by law.

  • Identity & trip verification. Users who fail, refuse, or cannot complete required identity/KYC or trip verification (e.g., valid government ID, e-ticket) are not permitted to act as travelers and may have limited access to other features.

  • Prior violations. Users who have been previously suspended or removed by Amanah (e.g., for fraud, abuse, safety violations, or policy breaches) may not create new accounts.

  • Prohibited use. The Services are for personal, non-commercial item requests and deliveries. You may not use Amanah to:

    • conduct commercial shipping or bulk/resale activity,

    • request or carry illegal, restricted, hazardous, counterfeit, or otherwise prohibited items,

    • evade customs or airline rules, or

    • arrange off-platform payments or communications intended to bypass our safety and payment protections.

  • Payment integrity. You may not use stolen, unauthorized, or invalid payment credentials or payout methods, or attempt to mask identity or location to defeat fraud and compliance checks.

Amanah may deny, suspend, or terminate access at any time where eligibility is not met, where risk is identified, or to comply with legal and safety obligations.

Privacy Policies of Linked Websites or Other Parties

Our Services may include links to third-party websites or apps, as well as embedded technologies/SDKs (e.g., analytics, identity verification, maps, messaging, or payment processing by Stripe). These third parties set their own cookies/collect data directly and handle it under their own privacy policies—they are not controlled by Amanah.

  • Examples: Stripe (payments/payouts), Apple/Google (app stores or sign-in), identity-verification vendors (traveler KYC), local carriers (if you and the traveler choose shipping), analytics/performance tools, and social platforms you visit from our app.

  • Your responsibility: Before using any third-party site, service, or integration, review its privacy policy and settings. If you sign in with a third party or initiate a payment, that provider may act as an independent controller of your data for those actions.

  • No endorsement/assumption of liability: Links or integrations don’t mean we endorse the third party, and Amanah isn’t responsible for their practices, content, or security. Use of third-party services is at your option and subject to their terms.

If you have questions about a specific integration, contact us at privacy@myamanah.ca and we’ll point you to the relevant policy.

Governing Law

By using the Services, you agree that this Privacy Policy and any related dispute are governed by the laws of Ontario, Canada, without regard to its conflict-of-laws rules, and are subject to the dispute-resolution terms in our Terms of Service (including any arbitration/venue provisions stated there).

Nothing in this section removes or limits any non-waivable consumer or data-protection rights you may have under the laws of your place of residence (e.g., EEA/UK, California, Canada). Where such laws require a different process or forum, we will follow the mandatory rules that apply.

Changes to This Privacy Policy

We may update this Policy from time to time. The Effective date above shows the latest version. Where required by law, we will notify you or obtain consent for material changes. Your continued use of the Services after an update signifies acceptance of the revised Policy.

Contact Us

If you have questions or requests regarding this Policy or your data, contact us at:
Amanah Global Inc.
Attn: Privacy Team / DPO
Email:
privacy@myamanah.ca
Mailing address: 335 Web Drive, Mississauga, ON, L5B 4A1

Contact Us for Assistance

Reach out for inquiries about international product policies and traveler guidelines. We're here to help ensure safe ordering and carrying.

Support

1234567890

Info

support@example.com