Privacy Policy

Last updated: April 13, 2026  ·  Effective: January 1, 2026  ·  Operator: NutriGrab Uganda

NutriGrab ("we", "us", or "our") operates the website nutrigrab.shop and the NutriGrab mobile application. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and the choices you have. By using our platform you agree to the practices described here.

1. Information We Collect

We collect information you provide directly and information generated when you use our services:

• Account information: your name, email address, and phone number when you register.
• Merchant information: shop name, business type, physical address, and location coordinates when you register a shop.
• Order information: delivery address, items purchased, payment method selected, and order history.
• Device & usage data: IP address, browser type, pages visited, and session duration, collected automatically via server logs.
• Location data: your approximate delivery district when you use the address search during checkout (used only to calculate transport fees).

2. How We Use Your Information

We use the information collected to:

• Create and manage your account and verify your identity via one-time passcode (OTP).
• Process orders, calculate delivery fees, and send order confirmation emails.
• Notify merchants of new orders placed for their products.
• Improve platform features, fix bugs, and personalise your experience.
• Send transactional emails such as order receipts and verification codes. We do not send marketing emails without your consent.
• Detect and prevent fraud, abuse, or security incidents.
• Comply with applicable Ugandan laws and tax obligations.

3. How We Share Your Information

We do not sell your personal data. We share information only in these limited circumstances:

• Merchants: when you place an order, the relevant merchant receives your name, phone number, delivery address, and the items ordered so they can fulfil it.
• Service providers: we use third-party services to operate the platform, including our email delivery provider (SMTP) and Google Maps/Places for address search. These providers access only the data needed to perform their service.
• PayPal: if you choose PayPal at checkout, your order amount and reference are passed to PayPal to process payment. PayPal's own privacy policy governs that transaction.
• Legal requirements: we may disclose data if required by law, court order, or to protect the rights and safety of NutriGrab and its users.

4. Data Retention

We retain your account information for as long as your account is active. Order records are kept for a minimum of five years for tax and accounting purposes. If you request account deletion, we will remove your personal profile but may retain anonymised transaction data required by law.

5. Cookies and Local Storage

Our website uses a PHP session cookie to maintain your login state and cart contents. We do not use third-party advertising cookies. The mobile app uses device secure storage to keep your authentication token and saved delivery address locally on your device.

6. Security

We implement reasonable technical measures to protect your data, including HTTPS encryption in transit, hashed password storage, and bearer-token authentication for API requests. OTP verification is required for all account access. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate information via your profile settings or by contacting us.
• Request deletion of your account and associated personal data.
• Withdraw consent for optional communications at any time.

To exercise any of these rights, contact us using the details below.

8. Children's Privacy

NutriGrab is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will delete it promptly.

9. Third-Party Links

Our platform may contain links to third-party websites or integrate third-party services (such as Google Maps). This Privacy Policy does not apply to those services. We encourage you to review their privacy policies before providing them with your information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.