Powered by Zavengo™

Privacy Policy

Operated by Zavengo Ltd for POP INs

Last updated: June 28, 2026

1. Who we are

The POP INs ordering and delivery service is provided and operated on POP INs's behalf by Zavengo Ltd("the Platform", "we", "us", "our"), a company registered in England and Wales (company number 17138225, registered office 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom).

Zavengo Ltd is the data controller for personal data processed to operate the POP INs service (popins.uk, the POP INsapps, and related services, together, "the Service") (ICO registration in progress). POP INs is the retail store you order from; where POP INs uses your personal data for its own purposes as a merchant it acts as a separate controller. POP INs is a trading name of PR Thunai Limited, a company registered in England and Wales (company number 15430683), registered office 24 Dunsfold Road, Tilehurst, Reading, RG30 4NP, United Kingdom (VAT registration number 458861152). For data-protection enquiries that concern POP INs's own use of your data as the retailer, contact hello@popins.uk; POP INs's own ICO registration reference is [TO BE COMPLETED BY POP INs].

For data protection enquiries about the Service: privacy@popins.uk. You also have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint.

Zavengo™ is a trade mark of Zavengo Ltd (UK trade mark application no. UK00004401578).

2. What data we collect

Account data

Name, email address, phone number, delivery addresses, password (hashed). Where you have confirmed you are 18 or over to buy age-restricted items, we keep a record that you self-certified and when.

Driver data

Name, email, phone, postcode, vehicle type, availability, location during active deliveries, profile photo, earnings history.

Waitlist data (pre-launch)

Name, email, phone, postcode, vehicle type, collected via our driver waitlist and customer sign-up forms.

Order data

Items ordered, delivery addresses, order history, payment information (processed by Stripe, we do not store card numbers), and a secure delivery PIN generated for each order to confirm receipt at the door.

Age-verification data

For an order containing age-restricted items, we record the doorstep age check: the explicit decision the POP INs staff member makes at handover (for example "clearly over 25", "ID checked", or "refused") and the time it was made. This is a record of the decision only, we do not collect, scan, or store the recipient's date of birth, photograph, or ID document, and no biometric data is captured. We keep this as evidence that the legally required Challenge 25 check was carried out.

Account safety / moderation data

Where our support or admin team identifies a problem with an account (for example suspected fraud, payment disputes, abuse of staff, or repeated policy breaches), we may record an internal flag on the account with a short note and the date. This is used only by our staff to handle the account fairly and consistently; it does not by itself restrict or close the account.

Delivery confirmation data

Your order is confirmed at the door with a secure delivery PIN. Where the POP INs staff member's app is offline at the point of delivery, the app instead records a photo of the delivery (for example the doorstep or the handover) together with the GPS location at which delivery was confirmed, so we have a reliable record that your order arrived. These are stored securely and used only to confirm delivery and resolve any dispute.

Payment dispute data

If a payment is disputed or charged back through your bank or card provider, we record details of the dispute against the relevant order (including the reason and outcome) and the evidence relevant to it (such as the delivery PIN, delivery confirmation, and receipt), so we can respond to your bank and resolve the matter.

Store-credit data

If we issue you store credit (for example as a goodwill gesture after an issue), we keep a record of the amount, the reason, any expiry, and how much remains, so it can be applied to your future orders.

Conversations

Support chats with our team, stored alongside your account so we can troubleshoot and resolve disputes.

Technical data

IP address, browser type, device information, push notification tokens, cookies for authentication.

3. How we use your data

To provide the delivery service and process your orders

To match you with available drivers in your area

To process payments via Stripe

To send order updates, OTP codes, and service notifications

To notify you when the service launches in your area (waitlist)

To prevent fraud and ensure safety (age verification, dispute resolution)

To comply with legal obligations

4. Lawful basis

Contract: processing necessary to fulfil your order, provide the Service, and respond to your support requests (including storing the support chat thread so we can investigate and follow up)

Consent: waitlist sign-ups, marketing communications

Legitimate interest: detecting and preventing fraud and abuse, protecting our staff and other customers, the safe operation of the Service (including recording internal account-safety flags and handling payment disputes), service improvement, and analytics

Legal obligation: age verification for restricted products, tax records

5. Who we share your data with

Drivers

Your name, delivery address, and phone number are shared with the driver assigned to your order, solely for delivery purposes.

Service providers (data processors)

ProviderPurposeLocation
StripePayments + Stripe Issuing (driver virtual cards)US
Pusher ChannelsRealtime messaging (order updates + support chat)GB
CloudflareCDN + WAF + Zero Trust Access (investors.zavengo.com)US
VercelWeb hosting + edge runtimeUS
NeonPostgres database hostingUS
AWS S3Object storage (receipt photos, customer avatars)EU
OpenFoodFactsPublic barcode + product lookup (no PII sent)FR
postcodes.ioUK postcode geocoding (postcode only)GB
SentryError monitoring + Crashlytics-equivalentUS
Firebase Cloud MessagingPush notifications (Android + iOS)US
ResendTransactional email (verify, receipts)US

Where data is transferred outside the UK, we rely on Standard Contractual Clauses (SCCs) or UK adequacy decisions to ensure appropriate safeguards.

We do not sell your personal data to third parties.

6. Data security

We take reasonable measures to protect your data, including:

AES-256-GCM encryption of sensitive personal data (names, emails, phone numbers, addresses) at rest

Passwords hashed with scrypt (never stored in plaintext)

HTTPS encryption for all data in transit

Role-based access control for staff

UK geo-restriction to limit service area

7. Data retention

Account data: retained while your account is active, deleted within 30 days of account deletion request

Waitlist data: retained until the service launches in your area, or until you request deletion

Order data: retained for 6 years for tax and legal compliance (HMRC requirement)

Delivery-confirmation photos and GPS records: retained with the order for as long as the order record is kept, so they remain available to resolve a later query, dispute, or chargeback

Support chats: retained for 24 months so the team can investigate later complaints, refunds, and disputes; deleted on request once any related order is settled

Push notification tokens: automatically cleaned up after 30 days of inactivity

8. Your rights

Under UK GDPR, you have the right to:

Access your personal data (Subject Access Request)

Rectify inaccurate or incomplete data

Erase your data ("right to be forgotten")

Restrict processing in certain circumstances

Data portability, receive your data in a structured, machine-readable format

Object to processing based on legitimate interest

Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact privacy@popins.uk. We will respond within 30 days.

9. Cookies

We use only essential cookies required for the Service to function:

Session cookie (next-auth.session-token), keeps you logged in

Site auth cookie, for development site access

We do not use advertising, analytics, or tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies.

10. Automated decision-making

We do not carry out any solely-automated decision-making that produces a legal or similarly significant effect about you. Every order is reviewed and physically purchased by a human Driver, and the final charge is set by the actual till receipt, not by any automated estimate.

11. Driver location data

While an active order is assigned to a Driver, the Driver app shares their live location with our servers so customers and admin can see the delivery progress. Live sharing of a Driver's location to the customer ends automatically when the order reaches DELIVERED or CANCELLED status.

A Driver's most recent location is retained while they are signed in and available for work, it is used to match them to nearby orders and to calculate distance-based delivery pricing (the distance between the Driver and the customer's address). It is not deleted when an individual order completes; it is cleared when the Driver goes offline or signs out.

Drivers can review and disable background location at any time in their iOS/Android settings; doing so prevents them from receiving new jobs.

12. Children

The Service is not intended for children under 18. We do not knowingly collect data from anyone under 18. Age-restricted products (alcohol, tobacco, vapes) require a Challenge 25 age check upon delivery: this is a visual inspection and, where needed, a sight of the recipient's physical photo ID. We record only the outcome of the check (see "Age-verification data" in section 2), we do not scan, photograph, or store the recipient's ID or date of birth.

13. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification. The "last updated" date at the top reflects the most recent revision.

14. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Phone: 0303 123 1113

Website: ico.org.uk

15. Changelog

  • 28 June 2026:disclosed a new category of personal data: the doorstep age-verification record (section 2), the explicit Challenge 25 decision made at handover and its timestamp, recorded as evidence the check was carried out. Clarified (sections 2 and 12) that this is a record of the decision only: we do not collect, scan, or store the recipient's date of birth, ID document, or photograph, and no biometric data is captured. No new processors are added.
  • 21 June 2026:disclosed additional categories of personal data now processed: internal account-safety / moderation flags (section 2, with a matching legitimate-interest basis in section 4), delivery-confirmation photos and GPS coordinates captured when a delivery is recorded offline (sections 2 and 7), payment dispute / chargeback records (section 2), and the store-credit ledger (section 2). Added the persistent 18+ self-certification to account data and the delivery PIN to order data (section 2). Clarified that a Driver's most recent location is retained while they are signed in - used for job-matching and distance-based pricing, and cleared when they go offline (section 11).
  • 25 May 2026: moved legal-entity details, ICO reference, lawful-basis notes, retention policy, and processor list to the admin-editable DataController record so the lawyer can revise without a code deploy. No new categories of personal data are collected.
  • 18 May 2026: added explicit AI / automated-decision-making disclosure (section 10); clarified driver location data scope (section 11); published ICO registration reference ZC121599 (section 1). No new categories of personal data are collected, no new processors added.
  • 28 April 2026: initial publication.