User Data Deletion

Effective date: 2025-10-20
Version: 1.2
Entity: Amanah Global Inc. (“Amanah”, “we”, “us”)
Contact: privacy@myamanah.ca

1) Purpose & Scope

This Agreement explains how Amanah accepts, authenticates, processes, and fulfills requests to delete personal data associated with shopper and traveler accounts on our website and mobile apps (the “Services”). It is designed to comply with Canada’s federal private-sector privacy law (PIPEDA)—which applies to Ontario private businesses engaged in commercial activity—and other applicable laws. Privacy Commissioner of Canada

Payments & payouts: Processed by Stripe. Stripe maintains its own records under its legal obligations and privacy terms.

2) Our Role in Canada/Ontario

• Controller responsibilities. For account, verification, safety, operations, and support data, Amanah acts as a data controller and remains accountable for personal information handled by our service providers. We use contracts and oversight to ensure a comparable level of protection when information is processed for us, including outside Canada. Privacy Commissioner of Canada+1

• Retention & disposal duty. Under PIPEDA, we may not retain personal information longer than necessary for the identified purposes and must destroy, erase, or anonymize it when those purposes are met, using effective procedures. Privacy Commissioner of Canada

3) Data Categories in Scope for Deletion

Amanah collects only what we need to operate a shopper ↔ traveler marketplace:

• Account & contact: name, email, mobile number, country/region, language; passwords one way encrypted; session and security data.

• Role-specific marketplace data:

  • Shoppers: product links/details you submit, quantity/options, preferred handoff city/area, requested delivery window, notes.

  • Travelers: routes/dates you add, availability window, what you are comfortable carrying, luggage capacity notes.

• Verification (travelers): government issued ID (e.g., passport), selfie/liveness results (if enabled), and proof of travel (e-ticket/itinerary)—used for trust/safety (ATTP). This data is only used for the purpose of user verification, and is deleted once the verification process is completed.

• Payments & payouts (via Stripe): non-sensitive transaction metadata we receive from Stripe (e.g., payment/payout status, amounts, currency, fees, timestamps, Stripe IDs/tokens). We do not store full card details/bank numbers.

• In-app chat & content: messages and attachments (e.g., photos, receipts), delivery confirmations, ratings/reviews, support communications.

• Usage & device: pages/screens used, app version, device/OS, IP, time zone/locale, crash/performance logs—used for security and reliability.

• Marketing & preferences: email opt-ins/outs, push settings, referral codes.

• Fraud & safety signals: device/network risk indicators, duplicate-account checks, automated/manual moderation flags (e.g., suspected prohibited items).

(For full collection details, see our Privacy Policy.)

4) How to Submit a Deletion Request

• In-app: Settings → Privacy → “Delete My Data/Account” (where available).

• Email: From your account email to privacy@myamanah.ca with subject “Deletion Request.”
  Please specify Permanent Deletion (default) or Account Deactivation and include your country/region. For security, we may verify with a one-time code or require the request to be submitted the signed-in account.

5) Identity Verification & Authorized Agents

We may verify identity via one-time codes, recent activity checks, or requests from the signed-in account. Where law allows an authorized agent to act for you, we will require proof of authority and may still verify directly with you.

6) Outcomes You Can Choose

• Permanent Deletion. We delete or irreversibly de-identify your personal data held in our active systems (details in §§8–9).

• Account Deactivation (optional). We disable sign-in and notifications but retain data needed for compliance, fraud prevention, and records; you can later ask to reactivate.

7) Preconditions & Temporary Holds

Deletion proceeds only after we resolve open orders/trips, unpaid balances, pending payouts/chargebacks, and active disputes, and lift any legal/regulatory holds (e.g., fraud investigations, sanctions screening).

8) What We Delete (or De-Identify)

Upon Permanent Deletion, we remove or de-identify:

• Identifiers & credentials: name, email, phone, encrypted password, session tokens.

• Profile & preferences: photo, bio, language, notification settings.

• Marketplace data you provided: shopper item links/details; traveler routes/dates and carry preferences.

• In-app chat & attachments: removed from your view and our primary indexes (except where retained in a counterparty’s completed order—see §9.3).

• Ratings/reviews you left: deleted or anonymized where feasible.

• Support history (your side): deleted or de-identified, subject to §9.2.

• Marketing: removed from active lists; we keep a minimal suppression record to honor opt-outs.

• Analytics links: detached from your identity; retained only in aggregate/de-identified form.

9) What We May Retain (Limited & Necessary)

We retain only what is legally required or operationally essential, consistent with PIPEDA’s retention and disposal rules. Privacy Commissioner of Canada

9.1 Payments, Payouts & Accounting (CRA)

We keep transaction metadata (amounts, currency, fees/FX, statuses), refund/chargeback logs, and accounting entries for the period required by law—generally six (6) years from the end of the last tax year to which they relate. Stripe retains its own records under its obligations. Canada.ca

9.2 Safety, Fraud & Disputes

We may retain evidence necessary to prevent fraud/abuse, enforce our Terms/ATTP, and establish or defend legal claims (e.g., prior violations, device/network risk indicators), plus limited audit logs documenting the deletion.

9.3 Counterparty & Marketplace Records

Data embedded in another user’s completed order (e.g., receipts, delivery proof, specific chat excerpts) remain in that user’s record. Where feasible, we pseudonymize your identity (e.g., “Deleted User”).

9.4 Backups & Disaster Recovery

Residual copies in encrypted backups/DR media are not used for production and are purged on scheduled cycles (typically 30–90 days) or overwritten by design.

9.5 Aggregates & De-identified Data

We may retain statistics that do not identify you.

10) Timelines

We aim to complete requests within 30 days; we may take a single extension of up to 30 additional days for complex cases, and we’ll notify you of the extension and reasons. This aligns with PIPEDA timelines for responding to individual requests. Privacy Commissioner of Canada+1

11) Service Providers & Cross-Border Processing

We use vetted service providers (hosting, verification/KYC, analytics, communications, fraud prevention, payment routing). We remain responsible for their processing and require them—by contract—to protect personal information, process it only on our instructions, and delete or de-identify it when instructed or at contract end, including for processing outside Canada, consistent with PIPEDA accountability. Privacy Commissioner of Canada

12) Security During Deletion

We apply least-privilege access, dual-control for destructive actions, auditable ticketing, and change management. Deletion jobs are logged and reviewed under our Incident Response program; we notify users/regulators where required by law.

13) Evidence of Completion

We send a confirmation summarizing (i) what was deleted/de-identified, (ii) what was retained and why (e.g., CRA record-keeping, fraud/safety), and (iii) the completion date.

14) Changes to this Agreement

We may update this Agreement; the “Effective date” above shows the latest version. If we make material changes, we will communicate through the Services or email where required.

15) Contact

Amanah Global Inc. — Privacy Team
Email: privacy@myamanah.ca
Mailing address: 335 Web Drive, Mississauga, ON, L5B 4A1