Privacy policy

================================================================================
Privacy Policy - Nebo Go Platform
Last Updated: April 19, 2026
================================================================================

1. Introduction and Scope

Welcome to Nebo Go ("Platform," "we," "us," or "the App"). We place the
highest importance on protecting your personal data and privacy. This Privacy
Policy explains how we collect, use, process, and protect your personal
information when you use the Nebo Go application or our website (collectively
referred to as the "Services").

By using the Nebo Go Platform, you acknowledge that you have read this
Privacy Policy and agree to the data collection and processing practices
described below. If you do not agree with this policy, please do not use the
Nebo Go Platform.

Nebo Go is committed to full compliance with the European General Data
Protection Regulation (GDPR), the German Federal Data Protection Act
(BDSG-neu), and the Bavarian Data Protection Act (BayDSG).

2. Data We Collect

When using the Nebo Go Platform, we may collect the following types of
information:

2.1 Information You Provide Directly:
• Account Data: Full name, email address, phone number, and password
(encrypted).
• Order Data: Delivery address (street, city, postal code), ordered products,
and delivery notes.
• Payment Data: For electronic payments, card details are entered directly
via our payment service provider (Stripe). Nebo Go does not store your
credit card details on its servers.
• Communications: Content of messages exchanged with customer support or
vendors via the App.

2.2 Information Collected Automatically:
• Device Data: Device type, operating system, app version, IP address.
• Location Data (GPS): Only at specific moments, based on your explicit
consent.
• Usage Data: Pages visited, browsing time, order history.

2.3 Driver Data (For users of the Nebo Go Driver App):
• Registration Data: Name, address, email, phone number.
• Employment Data (Mini-job): Social security number, bank account details.
• Verification Documents: Copy of driver's license, proof of commercial
vehicle insurance, vehicle details (type, license plate).
• Live Location Data: Location tracking only during an active delivery task.

3. How We Use Your Information

Nebo Go uses your personal data exclusively for the following purposes:

• Providing Core Services: Processing orders, coordinating delivery with
drivers, and sending order status notifications.
• Facilitating Payment: Processing electronic payments in cooperation with
payment service providers.
• Improving User Experience: Analyzing usage data to enhance app performance
and resolve technical issues.
• Security and Fraud Prevention: Monitoring suspicious activities to protect
the platform and users.
• Legal Compliance: Fulfilling tax and commercial obligations (e.g.,
invoicing).
• Communication: Responding to your inquiries via customer support.

Nebo Go will never sell or rent your personal data to third parties for
marketing or advertising purposes.

4. Legal Basis for Processing (Rechtsgrundlage)

Nebo Go relies on the following legal bases stipulated in Article 6 of the
General Data Protection Regulation (GDPR) for processing your data:

• Contractual Necessity (Art. 6 para. 1 lit. b): To create your account,
process your orders, and arrange delivery (the core purpose of using the App).
• Legal Obligation (Art. 6 para. 1 lit. c): To retain invoices and financial
records for 10 years as required by German Commercial and Tax Law (HGB/AO),
and to register drivers with the Social Insurance Authority (Minijob-Zentrale).
• Legitimate Interests (Art. 6 para. 1 lit. f): To enhance platform security,
prevent fraud, and analyze aggregated app performance.
• Explicit Consent (Art. 6 para. 1 lit. a): To access your geographic location
to display nearby stores and for live driver tracking during delivery.

5. Sharing Data with Third Parties

We only share your data to the minimum extent necessary to provide the
service, and only with the following categories:

• Vendors (Stores and Restaurants): We share your first name, delivery
address, ordered products, and phone number with the vendor. This is for
clarifying any questions about the order (e.g., "Item X is sold out, would
you like a substitute?") and ensuring smooth processing. The vendor is
contractually obligated to use your data only for processing this specific
order.

• Delivery Personnel (Drivers): To enable delivery, we share your first name,
delivery address, and phone number with the driver. Sharing the phone number
is done exclusively for the purpose of coordinating the delivery smoothly
(e.g., "I am standing at the door" or "I cannot find the entrance"). The
driver is contractually obligated to keep your phone number confidential,
not to store it, and to use it only during the active delivery period.

• Payment Service Providers (e.g., Stripe): We transmit payment data in
encrypted form to process financial transactions.

• Public Authorities: Only where required by law or court order.

All third parties engaged by Nebo Go are contractually obligated to comply
with GDPR provisions and protect your data.

**Legal Basis:** Sharing your data with the vendor and driver is necessary
for the performance of the contract (Art. 6 para. 1 lit. b GDPR).

6. Location Services and Live Tracking

• Store Display: When you first open the App, Nebo Go requests location
permission solely to display a list of stores near your address. You can
disable this feature in your device settings, though it may affect search
accuracy.
• Order Tracking: When an order is confirmed and the driver begins the
delivery trip, the "live tracking" feature for the driver's location is
activated. This helps you estimate the arrival time.
• Driver Privacy: Drivers registered with Nebo Go are subject to a separate
usage agreement. Their geographic location is shared with the customer only
during the "active delivery task" period. The driver retains the right to
temporarily pause tracking via a "Break" feature within the Driver App. The
delivery movement log is automatically deleted from Nebo Go servers 60
minutes after successful delivery.

7. Data Protection and Security

Nebo Go implements comprehensive technical and organizational measures to
protect your data from loss, theft, or unauthorized access. Our security
measures include:
• Data Encryption: All data transmitted between your App and Nebo Go servers
is encrypted using TLS/SSL protocol.
• Secure Hosting: Our servers are hosted within data centers located in the
European Union (EU) and are protected by firewalls.
• Restricted Access: Access to your personal data is restricted to authorized
personnel who require it to perform their job duties.
• Payment Security: We do not store credit card data (e.g., CVV). Payments
are processed exclusively via certified payment gateways compliant with
PCI-DSS standards (e.g., Stripe).

8. Data Retention Period (Speicherdauer)

We do not retain your personal data longer than necessary. We apply a strict
deletion policy as follows:

• Account and Order Data: Retained for the duration of your active account.
If the account remains inactive for 3 consecutive years, you will be
notified and the account and associated data will be automatically deleted,
unless you request its continuation.
• Location Data (GPS Logs): Permanently and automatically deleted 60 minutes
after the delivery is completed.
• Driver Data: Personal data is deleted 3 years after the end of the
contractual relationship, with the exception of accounting and tax documents.
• Invoices and Financial Documents: Retained for the mandatory period of 10
years pursuant to Sections 147 of the German Tax Code (AO) and 257 of the
German Commercial Code (HGB).

9. Your Rights (Ihre Rechte)

Under the GDPR, you have the following rights regarding your personal data.
You can exercise any of these rights by contacting us via email:

• Right of Access (Auskunft): You have the right to know what personal data
we hold about you.
• Right to Rectification (Berichtigung): You have the right to request
correction of inaccurate or incomplete data.
• Right to Erasure (Löschung / "Right to be Forgotten"): You have the right
to request permanent deletion of your data, unless prohibited by law (e.g.,
tax obligations).
• Right to Restriction of Processing (Einschränkung): You have the right to
request suspension of data processing in certain cases.
• Right to Object (Widerspruch): You have the right to object to processing
based on "legitimate interests."
• Right to Data Portability (Datenübertragbarkeit): You have the right to
receive your data in a structured, machine-readable format.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the
competent supervisory authority in your federal state (Aufsichtsbehörde) if
you believe our processing of your data violates the law.

10. Account Deletion

You can request the complete deletion of your account and personal data from
the Nebo Go Platform at any time via:
• App Settings: "Privacy" section > "Delete Account".
• Or by emailing our support team at: info@nebogo.com

Upon receiving a deletion request, we will verify your identity. Your personal
data will be deleted within a maximum of 14 business days, with the exception
of data retained for legal compliance purposes (e.g., tax invoices), which
will be held until the legal retention period expires and then permanently
deleted.

11. Children's Privacy

The Nebo Go Platform is not intended for children under the age of 16. We do
not knowingly collect data from children. If you are a parent or guardian and
believe your child has provided us with personal data, please contact us to
have it deleted immediately.

12. Changes to this Privacy Policy

Nebo Go reserves the right to update or modify this Privacy Policy from time
to time to reflect changes in our practices or legal obligations. In the event
of material changes (especially concerning location tracking or data sharing),
we will notify you via:
• An in-app pop-up notification requesting your explicit consent (Opt-in)
before continuing to use the service.
• Or via the email address registered with us.

We encourage you to review this page periodically. The "Last Updated" date at
the top of the page indicates the effective date of the current version.

13. Competent Supervisory Authority

If you have any concerns regarding data protection that cannot be resolved
with us directly, you have the right to lodge a complaint with the competent
supervisory authority. As Nebo Go is based in Fürth, Bavaria, the responsible
authority is:

The Bavarian State Commissioner for Data Protection
(Der Bayerische Landesbeauftragte für den Datenschutz)
Address: Wagmüllerstraße 18, 80538 München, Germany
Website: www.datenschutz-bayern.de

14. Contact Us

For any questions, inquiries, or requests concerning your privacy and data
protection, please contact the Nebo Go Privacy Team at:

📧 Email: info@nebogo.com
👤 Responsible Person: Majd Alidris
🏢 Address: Schindelgasse 3, 90762 Fürth, Germany