Effective Date: December 26, 2025 | Last Updated: June 9, 2026
This Privacy Policy explains how Toons Platform ("Toons," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile applications and related services (collectively, the "Service").
This single policy covers both of our mobile applications:
Toons (User App): for customers who browse vendors, place orders, and track deliveries.
Toons Vendor (Vendor App): for merchants who manage their store, list products, scan items, and fulfill orders on the Toons Platform.
Where a practice applies only to one app, it is clearly labeled "User App only" or "Vendor App only." Everything else applies to both.
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Data Controller & Contact Information
Service Provider: Toons Platform Type: E-commerce platform Apps Covered: Toons (User App) and Toons Vendor (Vendor App) Primary Market: Iraq Privacy & Support Contact:support@toons-app.com
Privacy Requests: To exercise your privacy rights (access, correction, deletion), please email us at support@toons-app.com with the subject line "Privacy Request." Include your account phone number or email. We will acknowledge your request within 5 business days and aim to fulfill it within 30 days.
2. Definitions
Account: Your unique registered account created to access and use the Service.
Application / App: Either the Toons User App or the Toons Vendor App for Android and iOS devices.
User App: The Toons customer application used to browse vendors, place orders, and track deliveries.
Vendor App: The Toons Vendor application used by merchants to manage stores, list products, scan items, and fulfill orders.
Personal Data: Information that identifies you or can reasonably be used to identify you as an individual.
Service: The Toons Apps and all related features, including order placement, delivery tracking, vendor store management, and communication.
Customer: An individual using the User App to place orders.
Vendor / Merchant: A business (and its authorized staff) using the Vendor App to sell products through the Toons Platform.
Delivery Partner: Third-party courier or delivery service that fulfills orders placed through the Service.
User / You: Any individual using the Service, whether a Customer or a Vendor.
3. Age Requirement
The Service is intended for users aged 13 years and older. The Vendor App is intended only for adults legally able to operate a business. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at support@toons-app.com and we will promptly delete such information.
In some jurisdictions, the legal age for entering into e-commerce transactions may be higher. You are responsible for ensuring you meet the legal age requirements in your location.
4. Information We Collect
We collect the following categories of personal information to provide and improve the Service. Items marked "User App only" or "Vendor App only" apply solely to that app.
4.1 Information You Provide Directly
Account Information: Phone number (required for account creation), email address (optional, may be required in future updates), username, profile picture (optional).
Delivery Information (User App): Delivery addresses, area/district, special delivery instructions.
Order Information (User App): Products ordered, quantities, vendor selection, order timestamps, delivery preferences.
Store & Business Information (Vendor App only): Store name, store description, store location/pickup point, vendor logo, product listings, product images, prices, inventory/stock counts, and other catalog data you add to operate your store.
Order Fulfillment Data (Vendor App only): Incoming customer orders assigned to your store, including the customer's display name, phone number, and delivery address needed to fulfill the order, plus your sales and order history for your own store.
Payment Information: Currently we only support cash-on-delivery. We do not collect or store payment card details. If we add online payment methods in the future, we will update this policy and clearly disclose which payment processor handles your payment data.
Communication Data: Messages sent to vendors, customers, or customer support, feedback, and any other information you choose to provide.
Uploaded Content: Images you upload for profile pictures, product listings (Vendor App), QR codes, support attachments, and chat features.
4.2 Information Collected Automatically
Location Data: We collect precise location (GPS coordinates) only while the App is open and in use, when you:
User App: set or select your delivery address, or track an active delivery.
Vendor App: set your store's pickup/delivery point on the map.
We collect both fine and coarse location data through Android permissions ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION, and through the iOS "While Using the App" location permission. We do not collect background location data when the App is closed or not in use.
Device Information: Device type, operating system version (Android/iOS), unique device identifiers, mobile network information, IP address.
Usage Data: App interactions, features used, pages viewed, time spent in the App, crash logs, error reports.
Network & Performance Data: Request data processed through our content delivery network (Cloudflare), including IP addresses, HTTP headers, and request timestamps for performance optimization and security.
4.3 Information from Third Parties
OTP Verification: When you verify your phone number, our SMS provider (OTPiq) sends one-time passwords via SMS, WhatsApp, or Telegram. OTPiq processes your phone number to deliver verification codes but does not store your personal data beyond what's necessary for message delivery.
Between Customers and Vendors: When a customer places an order, the Vendor App receives the order details and the customer information needed for fulfillment; the vendor in turn provides us with information about order fulfillment and delivery status.
Note: If you choose not to provide required information (such as a phone number, delivery address, or store details), we may not be able to process orders or provide certain features of the Service.
5. App Permissions
Our Apps request the following permissions on your device. You will be asked for permission before we access sensitive data. You can manage these permissions in your device settings at any time. Permissions are requested only when the related feature is present in the app you are using.
Camera (Vendor App primarily): Used to scan order and item QR/barcodes for inventory and fulfillment, and to attach images to support messages. The User App does not require camera access for its core flow. Permission prompt appears the first time you scan or take a photo.
5.1 Android Permissions
Location (Fine & Coarse): Used to determine your precise location — for delivery address selection and order tracking (User App), or to set your store's pickup/delivery point (Vendor App). Permission prompt appears when you first use a location feature.
Camera (Vendor App): Used to scan order/item QR and barcodes and to capture support images. Permission prompt appears on first use.
Internet: Required to connect to our servers, download images, and enable all App features. Automatically granted.
Storage (Write External Storage - Android 10 and below): Used to cache images and data locally for faster performance. Automatically granted on older Android versions.
Media Access (Read Media Images - Android 13+): Used when you choose to upload profile pictures, product images (Vendor App), QR codes, support attachments, or images in chat. Permission prompt appears when you first upload an image.
Push Notifications: Used to send order updates, delivery/fulfillment status notifications, and important account messages. Optional — you can enable/disable in App settings or device settings.
5.2 iOS Permissions
Location (While Using the App): Used for delivery address selection and order tracking (User App), or to set your store's pickup/delivery point on the map (Vendor App). Permission prompt appears on first use.
Camera (Vendor App): Used to scan order and item QR codes and to attach images to support messages. Permission prompt appears on first use.
Photo Library — Read: Used when you choose to select images from your library — for example, product and support images (Vendor App). We only access the photos you actively select; we do not scan or read your library otherwise. Permission prompt appears when you first pick a photo.
Photo Library — Add: Used to save exported images or QR codes to your photos when you tap "Download" / "Save". Permission prompt appears on first save attempt.
Notifications: Used for order, delivery, and fulfillment updates. Optional permission requested on first launch or in App settings.
Revoking Permissions: You can revoke any permission at any time through your device settings. Note that revoking certain permissions (like Location or Camera) may limit core App features such as order delivery or item scanning.
6. How We Use Your Information
We use the information we collect for the following purposes:
6.1 Provide and Maintain the Service
Create and manage your account (customer or vendor)
Process and fulfill orders
Enable vendors to manage their store, list products, scan inventory, and fulfill orders
Coordinate delivery between customers, vendors, and delivery partners
Calculate delivery estimates and route optimization
Process payments (currently cash-on-delivery only)
Provide customer and vendor support and respond to your inquiries
6.2 Communicate With You
Send order confirmations and status updates
Send delivery and fulfillment notifications and estimated arrival times
Respond to support requests and feedback
Send important service announcements and policy updates
In the future, we may send promotional offers and marketing communications (you will have the ability to opt-out)
6.3 Improve and Optimize the Service
Analyze App usage patterns to improve user experience
Debug technical issues and analyze crash reports
Monitor and improve App performance and speed
Develop new features and services
6.4 Security and Fraud Prevention
Detect and prevent fraudulent transactions and abuse
Protect against security threats and unauthorized access
Verify user identity through phone number verification
Maintain the security and integrity of the Service
6.5 Legal Compliance
Comply with applicable laws, regulations, and legal processes
Maintain transaction records for accounting and tax purposes
Enforce our Terms of Service and other agreements
Protect our rights, property, and safety, and that of our users and the public
NOTE:
We do not sell your personal information to third parties
We do not use your data for targeted advertising or behavioral profiling
We do not share your data with third parties for their marketing purposes
We do not track your location when the App is closed or in the background
7. How We Share Your Information
We share your personal information only in the following limited circumstances:
7.1 Between Customers and Vendors
When a customer places an order, the vendor fulfilling that order (through the Vendor App) receives:
The customer's username (display name)
The customer's phone number
The customer's delivery address
Order details (products, quantities, special instructions)
Vendors can only see information related to orders placed with them. They cannot access a customer's full profile or order history with other vendors. Customers can see a vendor's public store information (store name, location, products).
7.2 With Delivery Partners
When a delivery partner is assigned to an order (either automatically or manually by the vendor), they receive:
The delivery address and location coordinates
The customer's phone number (for delivery coordination)
Order identification and delivery instructions
Delivery partners are independent third parties and process data under their own privacy policies. We require delivery partners to meet minimum data protection standards.
7.3 With Service Providers
We work with trusted third-party service providers who help us operate the Service. These providers process your data on our behalf and are contractually obligated to protect your information:
Firebase Cloud Messaging: Delivers push notifications for order, delivery, and fulfillment updates and important messages. Data shared: device token, notification content. Firebase Privacy Policy
OTPiq: Sends SMS/WhatsApp/Telegram verification codes for phone number verification. Data shared: phone number (temporarily, for message delivery only). OTPiq Privacy Policy
Cloudflare: Provides content delivery network (CDN) and DDoS protection. Data processed: IP addresses, HTTP headers, request data for security and performance. Cloudflare Privacy Policy
OpenStreetMap: Provides map tiles and geolocation services. Data shared: location coordinates for map display and routing. OpenStreetMap Privacy Policy
Cloud Hosting Providers: Store and process data on secure servers. Providers may change; we ensure all providers maintain industry-standard security practices.
7.4 For Legal Reasons
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies), including to:
Comply with legal obligations
Protect and defend our rights or property
Prevent or investigate potential wrongdoing
Protect the personal safety of users or the public
7.5 Business Transfers
If Toons is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App before your information is transferred and becomes subject to a different privacy policy.
7.6 With Your Consent
We may share your information for other purposes with your explicit consent or at your direction.
8. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention Periods
Active Account Data: Retained while your account (customer or vendor) is active and for 90 days after account deletion (to allow for backup cycles and account recovery requests).
Store & Catalog Data (Vendor App): Retained while your vendor account is active. Upon vendor account deletion, store and product listings are removed from the live Service, subject to the transaction-record retention below.
Order & Transaction Records: Retained for up to 7 years for accounting, tax compliance, and legal obligations. After account deletion, these records are anonymized (personal identifiers removed).
Support & Communication Records: Retained for up to 3 years to resolve disputes and improve service.
Crash Logs & Usage Analytics: Retained for up to 12 months for debugging and service improvement.
Uploaded Images: Deleted upon account deletion, except where required for legal or transaction records (in which case, anonymized).
When retention periods expire, we securely delete or anonymize your personal information so it can no longer identify you.
9. Account Deletion
You can delete your account at any time directly within the App you use:
Open the Toons App (User or Vendor)
Go to Profile / Settings
Tap Delete Account
Confirm your decision
What Happens When You Delete Your Account:
Immediate: Your profile data (name, phone, email, profile picture) — and, for vendors, your live store and product listings — are removed and you can no longer log in.
Within 30 days: Your account is permanently deleted from active systems.
Within 90 days: Your account is removed from backup systems.
Retained (Anonymized): Order and transaction records are anonymized and retained for up to 7 years for legal and accounting compliance. Your personal identifiers (name, phone, email) are replaced with anonymous IDs (e.g., "deleted_user_XXXXX").
You can also request account deletion by emailing support@toons-app.com with the subject "Delete My Account" and including your registered phone number or email.
10. Your Privacy Rights
You have the following rights regarding your personal information:
10.1 Access & Portability
You can request a copy of the personal information we hold about you. We will provide this in a structured, commonly used, and machine-readable format where technically feasible.
10.2 Correction
You can update most of your account and store information directly in the App. For information you cannot update yourself, you can request corrections by contacting us.
10.3 Deletion
You can delete your account as described in Section 9 above. Note that some information may be retained in anonymized form or as required by law.
10.4 Restriction & Objection
You can object to certain processing of your data or request that we restrict processing in certain circumstances. Contact us to exercise these rights.
10.5 Withdraw Consent
Where we rely on your consent to process personal information, you can withdraw that consent at any time. This will not affect the lawfulness of processing before your withdrawal.
How to Exercise Your Rights
To exercise any of these rights, email us at support@toons-app.com with the subject "Privacy Request" and include:
Your registered phone number or email
A clear description of your request
Any relevant order reference numbers (if applicable)
We will acknowledge your request within 5 business days and aim to fulfill it within 30 days. We may require reasonable proof of identity to protect your privacy.
11. Security
We take the security of your personal information seriously and implement reasonable technical and organizational measures to protect it:
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
Encryption at Rest: Sensitive data (authentication tokens, passwords) is encrypted in our databases.
Access Controls: Access to personal data is restricted to authorized personnel only, based on role and need-to-know principles.
Security Monitoring: We monitor our systems for suspicious activity and potential security threats.
Regular Updates: We keep our software and infrastructure updated with the latest security patches.
DDoS Protection: Cloudflare provides protection against denial-of-service attacks.
Important: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. Please use a strong password and do not share your account credentials with anyone.
12. International Data Transfers
Toons primarily operates in Iraq. However, your personal information may be transferred to, stored, or processed in other countries where our service providers operate (for example, cloud hosting, CDN services). These countries may have data protection laws that differ from those in Iraq.
When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:
Contractual commitments requiring service providers to protect your data
Service providers' compliance with recognized privacy frameworks (e.g., EU-US Data Privacy Framework, ISO 27001)
Standard contractual clauses where applicable
13. Cookies & Tracking Technologies
The Toons mobile Apps do not use browser cookies. However, we use similar technologies for operational purposes:
Technologies We Use:
Local Storage: We store data locally on your device (cached images, session tokens) to improve App performance and provide offline functionality.
Device Identifiers: We use unique device identifiers (provided by your operating system) to deliver push notifications and prevent fraud.
Analytics: We use custom logging to track App crashes and performance issues. We do not use third-party analytics services like Google Analytics or Facebook Pixel.
We do NOT: Use advertising cookies, cross-site tracking, or third-party marketing pixels. We do not track your activity across other apps or websites, and we do not use the App Tracking Transparency framework to track you for advertising.
14. Third-Party Responsibility
Vendors (merchants) and delivery partners who use the Toons Platform are independent third parties. They are responsible for their own data processing activities and privacy practices.
We require all vendors and delivery partners to meet minimum data protection standards as a condition of using the Platform, but we are not responsible for their independent processing of personal information. We recommend reviewing the privacy policies of vendors and delivery partners when relevant.
Links to third-party websites or services (if any) are provided for your convenience. We are not responsible for the privacy practices or content of third-party sites.
15. Marketing & Promotional Communications
Currently, we do not send promotional or marketing communications. We only send transactional messages related to your orders and account (order confirmations, delivery/fulfillment updates, security alerts).
If we introduce marketing in the future:
We will obtain your consent before sending promotional content
You will be able to opt-out of marketing communications while still receiving essential order-related messages
We will update this Privacy Policy to reflect these changes
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons.
How we notify you:
Material Changes: For significant changes that affect your rights, we will notify you by email (if provided) and/or through a prominent notice in the App at least 30 days before the changes take effect.
Minor Changes: For clarifications or non-material updates, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.
Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
17. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: