Privacy Policy

Last Updated: 20 April 2026

Effective Date

20 April 2026

Valid Until

Terminated or revised by the Company

Service

SpeedoGo (by Speedo Express)

Jurisdiction

Greater Noida, Uttar Pradesh, India

1. INFORMATION WE COLLECT

SpeedoGo collects and processes the following categories of data:

A. USER DATA

Name, phone number (OTP verified), email ID, password (encrypted), delivery addresses, order history, saved preferences, device and app usage analytics, push notification tokens.

B. ORDER & TRANSACTION DATA

Items ordered, vendor details, order timestamps, delivery status, payment method, transaction amounts, refund history, wallet balance, coupon usage, and promotional offer redemption records.

C. LOCATION DATA

Delivery address coordinates, real-time location (if permissions granted) for accurate delivery pinning, and location history for personalised vendor recommendations and delivery zone mapping.

D. TECHNICAL DATA

IP address, device model, operating system, browser type, app version, crash logs, session duration, interaction events, referral source, and network type.

2. HOW WE USE YOUR DATA

  • Processing and fulfilling delivery orders
  • Personalising app experience, vendor recommendations, and search results
  • Sending order updates, delivery notifications, and promotional communications
  • Fraud detection, abuse prevention, and platform security
  • Analytics and service improvement (including aggregated, anonymised insights)
  • Customer support and dispute resolution
  • Legal compliance and regulatory reporting
  • Building and improving recommendation algorithms, delivery routing, and demand prediction models

3. PAYMENT DATA HANDLING

  • Payments are securely processed via Razorpay Payment Gateway, compliant with RBI digital payment standards and PCI-DSS security benchmarks.
  • SpeedoGo does not store raw card numbers, UPI PINs, or banking credentials on its servers.
  • Transaction metadata (amount, timestamp, status, payment method type) is retained for order history, refunds, and audit compliance.

4. COOKIES & TRACKING TECHNOLOGIES

4.1 Types of Cookies We Use

Essential Cookies (Required)

Authentication, session management, security features. Cannot be disabled.

Performance & Analytics Cookies

Anonymised usage analytics via Google Analytics for service improvement.

Functional Cookies

Remember preferences (language, location, saved addresses) for enhanced experience.

Security Cookies

Fraud prevention, bot detection (reCAPTCHA), and account protection.

4.2 Third-Party Services

We use the following third-party services that may set cookies or collect data:

  • Google Analytics: Website traffic analysis and user behaviour insights
  • Google reCAPTCHA: Bot detection and spam prevention
  • Razorpay: Secure payment processing
  • Firebase: Authentication, real-time database, push notifications
  • Cloudinary: Image storage and optimisation

These services operate under their own privacy policies.

4.3 Managing Cookies

You can control cookies via browser settings or mobile app permissions. Disabling essential cookies may prevent core functionality. You may opt out of Google Analytics via the official browser add-on.

4.4 Local & Session Storage

We use browser local storage and session storage for authentication tokens, user preferences, cart data, and temporary order state for performance and offline capability.

5. DATA SECURITY

We implement reasonable security practices under Rule 8 of IT (SPDI) Rules, 2011, including:

  • Encryption in transit (HTTPS/TLS) and at rest (AES-256)
  • Role-based admin access control with audit logs
  • Secure cloud infrastructure (Firebase, Google Cloud) with automatic backups
  • Periodic security assessments and vulnerability scans
  • Incident response procedures and breach mitigation protocols

Note: No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security and shall not be liable for breaches beyond our reasonable control.

6. DATA SHARING

We share only minimum operational data as necessary:

  • With Delivery Partners: Customer name, phone, delivery address, and order details for fulfilment
  • With Vendors/Stores: Order details and delivery address for item preparation
  • With Payment Processors: Transaction data via Razorpay (no raw credentials stored by us)
  • With Legal Authorities: Government or cybersecurity bodies (e.g., CERT-IN) when legally required
  • Analytics: Anonymised, aggregated usage data for service improvement

We do not sell, rent, or disclose personal data to third parties for marketing purposes.

7. DATA RETENTION & DELETION

Data is retained as long as required for:

  • Active service delivery and order history
  • Legal compliance under IT Act, 2000 and SPDI Rules, 2011
  • Dispute resolution, fraud prevention, and audit (typically 3–7 years)
  • Financial records as per tax and accounting regulations
7.1 Data Deletion Requests

Users may request deletion by contacting support. We will delete personal data within 30 days unless retention is required by law, active disputes exist, or data is needed for fraud prevention.

Anonymised and aggregated data may be retained indefinitely for analytics and business intelligence.

7.2 Inactive Accounts

Accounts inactive for 2+ years may be archived or deleted after notification, unless the User requests to keep the account active.

8. USER RIGHTS

Under applicable Indian data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion (subject to legal retention requirements)
  • Portability: Receive data in a structured, machine-readable format
  • Withdraw Consent: Opt out of optional data processing (e.g., marketing)
  • Object: Object to certain types of data processing

To exercise these rights, contact us at contact@speedoexpress.org with your registered phone number or email for identity verification.

9. CYBER INCIDENT REPORTING

In case of a data breach affecting personal information, we may report to CERT-IN as per Indian Cybersecurity Incident Guidelines. Affected users will be notified within 72 hours of discovery via email or in-app notification.

10. CHILDREN'S PRIVACY

SpeedoGo services are not intended for users under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately for deletion.

11. INTERNATIONAL DATA TRANSFERS

Your data is primarily stored on servers in India. Third-party services (Google Cloud, Firebase, Cloudinary) may process data on servers outside India, protected by:

  • Standard contractual clauses
  • Service provider compliance with international data protection standards
  • Encryption and secure transmission protocols

12. CHANGES TO THIS POLICY

We may update this Privacy Policy at any time. Changes are effective immediately upon posting with an updated date. Continued use constitutes acceptance. For significant changes, we will notify users via email or in-app notification.

13. GRIEVANCE OFFICER

As required under IT Rules, 2021, we have appointed a Grievance Officer:

Grievance Officer Contact:

Email: contact@speedoexpress.org

City: Greater Noida, Uttar Pradesh, India

Complaints are addressed within 15–30 business days.

14. CONSENT

By using SpeedoGo Website, App, or Services, you consent to this Privacy Policy under Section 10A of the Information Technology Act, 2000. You also acknowledge and accept our use of cookies and tracking technologies as described above.

Contact Us

For privacy-related questions or data access requests:

Email: contact@speedoexpress.org

Address: Robertsganj, Sonbhadra, Uttar Pradesh, India

Website: speedoexpress.org/speedogo

Last Updated: 20 April 2026

This Privacy Policy is governed by the laws of India.