Privacy Policy

1. Data Controller & Contact Information

Service Provider: Toons Platform
Type: E-commerce platform
Primary Market: Iraq
Privacy & Support Contact: support@toons-app.com

2. Definitions

• Account: Your unique registered account created to access and use the Service.
• Application / App: The Toons mobile application for Android and iOS devices.
• Personal Data: Information that identifies you or can reasonably be used to identify you as an individual.
• Service: The Toons App and all related features, including order placement, delivery tracking, and vendor communication.
• Vendor / Merchant: Third-party businesses that sell products through the Toons Platform.
• Delivery Partner: Third-party courier or delivery service that fulfills orders placed through the App.
• User / You: The individual using the Service.

3. Age Requirement

The Service is intended for users aged 13 years and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at support@toons-app.com and we will promptly delete such information.

In some jurisdictions, the legal age for entering into e-commerce transactions may be higher. You are responsible for ensuring you meet the legal age requirements in your location.

4. Information We Collect

We collect the following categories of personal information to provide and improve the Service:

4.1 Information You Provide Directly

• Account Information: Phone number (required for account creation), email address (optional, may be required in future updates), username, profile picture (optional).
• Delivery Information: Delivery addresses, area/district, special delivery instructions.
• Order Information: Products ordered, quantities, vendor selection, order timestamps, delivery preferences.
• Payment Information: Currently we only support cash-on-delivery. We do not collect or store payment card details. If we add online payment methods in the future, we will update this policy and clearly disclose which payment processor handles your payment data.
• Communication Data: Messages sent to vendors or customer support, feedback, and any other information you choose to provide.
• Uploaded Content: Images you upload for profile pictures, product listings (if you are a vendor), QR codes, and future chat features.

4.2 Information Collected Automatically

• Location Data: We collect precise location (GPS coordinates) when you:
  • Set or select your delivery address
  • Track an active delivery (only while the App is open and in use)
  We collect both fine and coarse location data through Android permissions ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION. We do not collect background location data when the App is closed.
• Device Information: Device type, operating system version (Android/iOS), unique device identifiers, mobile network information, IP address.
• Usage Data: App interactions, features used, pages viewed, time spent in the App, crash logs, error reports.
• Network & Performance Data: Request data processed through our content delivery network (Cloudflare), including IP addresses, HTTP headers, and request timestamps for performance optimization and security.

4.3 Information from Third Parties

• OTP Verification: When you verify your phone number, our SMS provider (OTPiq) sends one-time passwords via SMS, WhatsApp, or Telegram. OTPiq processes your phone number to deliver verification codes but does not store your personal data beyond what's necessary for message delivery.
• Vendors: If you interact with a vendor (place an order, send a message), the vendor may provide us with information about order fulfillment and delivery status.

Note: If you choose not to provide required information (such as delivery address or phone number), we may not be able to process your orders or provide certain features of the Service.

5. App Permissions

The Toons App requests the following permissions on your device. You will be asked for permission before we access sensitive data. You can manage these permissions in your device settings at any time.

5.1 Android Permissions

• Location (Fine & Coarse): Used to determine your precise location for delivery address selection and order tracking. Required for core delivery features. Permission prompt appears when you first set a delivery location.
• Internet: Required to connect to our servers, download product images, and enable all App features. Automatically granted.
• Storage (Write External Storage - Android 10 and below): Used to cache images and data locally for faster performance. Automatically granted on older Android versions.
• Media Access (Read Media Images - Android 13+): Used when you choose to upload profile pictures, product images, QR codes, or images in chat. Permission prompt appears when you first upload an image.
• Push Notifications: Used to send you order updates, delivery status notifications, and important account messages. Optional - you can enable/disable in App settings or device settings.

5.2 iOS Permissions (when available)

• Location (While Using the App): Same as Android - used for delivery address selection and order tracking. Permission prompt appears on first use.
• Photo Library: Used only to save QR code images to your photos when you tap "Download QR". We do not browse, read, or use any existing photos in your library. Permission prompt appears on first download attempt.
• Notifications: Used for order and delivery updates. Optional permission requested on first launch or in App settings.

Revoking Permissions: You can revoke any permission at any time through your device settings. Note that revoking certain permissions (like Location) may limit core App features such as order delivery.

6. How We Use Your Information

We use the information we collect for the following purposes:

6.1 Provide and Maintain the Service

• Create and manage your account
• Process and fulfill your orders
• Coordinate delivery with vendors and delivery partners
• Calculate delivery estimates and route optimization
• Process payments (currently cash-on-delivery only)
• Provide customer support and respond to your inquiries

6.2 Communicate With You

• Send order confirmations and status updates
• Send delivery notifications and estimated arrival times
• Respond to support requests and feedback
• Send important service announcements and policy updates
• In the future, we may send promotional offers and marketing communications (you will have the ability to opt-out)

6.3 Improve and Optimize the Service

• Analyze App usage patterns to improve user experience
• Debug technical issues and analyze crash reports
• Monitor and improve App performance and speed
• Develop new features and services

6.4 Security and Fraud Prevention

• Detect and prevent fraudulent transactions and abuse
• Protect against security threats and unauthorized access
• Verify user identity through phone number verification
• Maintain the security and integrity of the Service

6.5 Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Maintain transaction records for accounting and tax purposes
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety, and that of our users and the public

7. How We Share Your Information

We share your personal information only in the following limited circumstances:

7.1 With Vendors (Merchants)

When you place an order, the vendor fulfilling your order receives:

• Your username (display name)
• Your phone number
• Your delivery address
• Order details (products, quantities, special instructions)

Vendors can only see information related to orders you place with them. They cannot access your full profile or order history with other vendors.

7.2 With Delivery Partners

When a delivery partner is assigned to your order (either automatically or manually by the vendor), they receive:

• Your delivery address and location coordinates
• Your phone number (for delivery coordination)
• Order identification and delivery instructions

Delivery partners are independent third parties and process your data under their own privacy policies. We require delivery partners to meet minimum data protection standards.

7.3 With Service Providers

We work with trusted third-party service providers who help us operate the Service. These providers process your data on our behalf and are contractually obligated to protect your information:

• Firebase Cloud Messaging: Delivers push notifications for order updates and important messages. Data shared: device token, notification content. Firebase Privacy Policy
• OTPiq: Sends SMS/WhatsApp/Telegram verification codes for phone number verification. Data shared: phone number (temporarily, for message delivery only). OTPiq Privacy Policy
• Cloudflare: Provides content delivery network (CDN) and DDoS protection. Data processed: IP addresses, HTTP headers, request data for security and performance. Cloudflare Privacy Policy
• OpenStreetMap: Provides map tiles and geolocation services. Data shared: location coordinates for map display and routing. OpenStreetMap Privacy Policy
• Cloud Hosting Providers: Store and process data on secure servers. Providers may change; we ensure all providers maintain industry-standard security practices.

7.4 For Legal Reasons

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies), including to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate potential wrongdoing
• Protect the personal safety of users or the public

7.5 Business Transfers

If Toons is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App before your information is transferred and becomes subject to a different privacy policy.

7.6 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

• Active Account Data: Retained while your account is active and for 90 days after account deletion (to allow for backup cycles and account recovery requests).
• Order & Transaction Records: Retained for up to 7 years for accounting, tax compliance, and legal obligations. After account deletion, these records are anonymized (personal identifiers removed).
• Support & Communication Records: Retained for up to 3 years to resolve disputes and improve customer service.
• Crash Logs & Usage Analytics: Retained for up to 12 months for debugging and service improvement.
• Uploaded Images: Deleted immediately upon account deletion, except where required for legal or transaction records (in which case, anonymized).

When retention periods expire, we securely delete or anonymize your personal information so it can no longer identify you.

9. Account Deletion

You can delete your account at any time directly within the App:

1. Open the Toons App
2. Go to Profile (bottom navigation bar)
3. Scroll down and tap Delete Account
4. Confirm your decision

You can also request account deletion by emailing support@toons-app.com with the subject "Delete My Account" and including your registered phone number or email.

10. Your Privacy Rights

You have the following rights regarding your personal information:

10.1 Access & Portability

You can request a copy of the personal information we hold about you. We will provide this in a structured, commonly used, and machine-readable format where technically feasible.

10.2 Correction

You can update most of your account information directly in the App (Profile section). For information you cannot update yourself, you can request corrections by contacting us.

10.3 Deletion

You can delete your account as described in Section 9 above. Note that some information may be retained in anonymized form or as required by law.

10.4 Restriction & Objection

You can object to certain processing of your data or request that we restrict processing in certain circumstances. Contact us to exercise these rights.

10.5 Withdraw Consent

Where we rely on your consent to process personal information, you can withdraw that consent at any time. This will not affect the lawfulness of processing before your withdrawal.

How to Exercise Your Rights

To exercise any of these rights, email us at support@toons-app.com with the subject "Privacy Request" and include:

• Your registered phone number or email
• A clear description of your request
• Any relevant order reference numbers (if applicable)

We will acknowledge your request within 5 business days and aim to fulfill it within 30 days. We may require reasonable proof of identity to protect your privacy.

11. Security

We take the security of your personal information seriously and implement reasonable technical and organizational measures to protect it:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
• Encryption at Rest: Sensitive data (authentication tokens, passwords) is encrypted in our databases.
• Access Controls: Access to personal data is restricted to authorized personnel only, based on role and need-to-know principles.
• Security Monitoring: We monitor our systems for suspicious activity and potential security threats.
• Regular Updates: We keep our software and infrastructure updated with the latest security patches.
• DDoS Protection: Cloudflare provides protection against denial-of-service attacks.

12. International Data Transfers

Toons primarily operates in Iraq. However, your personal information may be transferred to, stored, or processed in other countries where our service providers operate (for example, cloud hosting, CDN services). These countries may have data protection laws that differ from those in Iraq.

When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

• Contractual commitments requiring service providers to protect your data
• Service providers' compliance with recognized privacy frameworks (e.g., EU-US Data Privacy Framework, ISO 27001)
• Standard contractual clauses where applicable

13. Cookies & Tracking Technologies

The Toons mobile App does not use browser cookies. However, we use similar technologies for operational purposes:

Technologies We Use:

• Local Storage: We store data locally on your device (cached images, session tokens) to improve App performance and provide offline functionality.
• Device Identifiers: We use unique device identifiers (provided by your operating system) to deliver push notifications and prevent fraud.
• Analytics: We use custom logging to track App crashes and performance issues. We do not use third-party analytics services like Google Analytics or Facebook Pixel.

We do NOT: Use advertising cookies, cross-site tracking, or third-party marketing pixels. We do not track your activity across other apps or websites.

14. Third-Party Responsibility

Vendors (merchants) and delivery partners who use the Toons Platform are independent third parties. They are responsible for their own data processing activities and privacy practices.

We require all vendors and delivery partners to meet minimum data protection standards as a condition of using the Platform, but we are not responsible for their independent processing of your personal information. We recommend reviewing the privacy policies of vendors and delivery partners when relevant.

Links to third-party websites or services (if any) are provided for your convenience. We are not responsible for the privacy practices or content of third-party sites.

15. Marketing & Promotional Communications

Currently, we do not send promotional or marketing communications. We only send transactional messages related to your orders and account (order confirmations, delivery updates, security alerts).

If we introduce marketing in the future:

• We will obtain your consent before sending promotional content
• You will be able to opt-out of marketing communications while still receiving essential order-related messages
• We will update this Privacy Policy to reflect these changes

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons.

How we notify you:

• Material Changes: For significant changes that affect your rights, we will notify you by email (if provided) and/or through a prominent notice in the App at least 30 days before the changes take effect.
• Minor Changes: For clarifications or non-material updates, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@toons-app.com
Privacy Requests Subject Line: "Privacy Request"
Account Deletion Subject Line: "Delete My Account"

We aim to acknowledge all privacy-related emails within 5 business days and resolve issues within 30 days.