Privacy Policy

Mystery Bag ("we," "us," or "our") operates a platform connecting consumers with restaurants, bakeries, and markets to reduce food waste. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using our services, you consent to the data practices described in this policy. If you do not agree with this policy, please discontinue use of our platform immediately.

This policy complies with Egyptian Law No. 151 of 2020 on Personal Data Protection and applicable data protection regulations.

2.1. Information You Provide:

• Account Information: Name, phone number, email address, and authentication credentials.
• Location Data: Your delivery/pickup address and real-time location when using the app.
• Payment Information: Payment method details (processed securely by third-party payment processors).
• Profile Information: Dietary preferences, order history, and saved preferences.
• Communications: Messages, feedback, customer support inquiries, and reviews.

2.2. Information Collected Automatically:

• Device Information: Device type, operating system, unique device identifiers, IP address, and mobile network information.
• Usage Data: Pages viewed, features used, time spent on platform, search queries, and interaction patterns.
• Location Data: Precise geolocation data when you use location-based features (with your permission).
• Cookies and Tracking: We use cookies, web beacons, and similar technologies to track activity and store preferences.
• Analytics Data: App performance, crash reports, and usage statistics.

2.3. Information from Third Parties:

• Social Media: If you connect via social media, we may receive profile information.
• Partner Stores: Transaction details, pickup confirmations, and order fulfillment data.
• Service Providers: Data from payment processors, analytics providers, and cloud service providers.
• Public Sources: Business information and publicly available data for verification purposes.

3.1. Service Provision:

• Process and fulfill orders, including payment processing and order confirmation.
• Connect you with Partner Stores and facilitate pickups.
• Provide customer support and respond to inquiries.
• Send transactional notifications (order confirmations, pickup reminders, cancellations).
• Verify your identity and prevent fraud.

3.2. Platform Improvement:

• Analyze usage patterns to improve user experience and platform functionality.
• Develop new features and services based on user behavior.
• Conduct research and analytics to optimize operations.
• Test new features and perform A/B testing.
• Monitor and analyze platform performance and security.

3.3. Marketing and Communications:

• Send promotional offers, newsletters, and marketing communications (with your consent).
• Notify you about new Partner Stores, special deals, and platform updates.
• Conduct surveys and request feedback.
• Display personalized content and recommendations.

3.4. Legal and Safety:

• Comply with legal obligations, court orders, and regulatory requirements.
• Enforce our Terms and Conditions and other policies.
• Detect, prevent, and address fraud, security issues, and illegal activities.
• Protect the rights, property, and safety of Mystery Bag, users, and the public.
• Resolve disputes and investigate complaints.

4.1. Partner Stores:

We share necessary information (name, phone number, order details) with Partner Stores to fulfill your orders. Partner Stores are independent entities responsible for their own data practices.

4.1.1. Shop Manager Contact Feature:

To facilitate order coordination, our platform includes a feature that allows shop managers to contact customers via phone call for active orders. When a shop manager initiates a call through our app:

• Your phone number is accessed only for the purpose of initiating the call to coordinate order pickup.
• Your phone number is NOT displayed to the shop manager - they can only initiate a call without seeing your number.
• All call attempts are logged and monitored for security purposes to detect and prevent misuse.
• This feature is only available for active orders (pending pickup) and is disabled once orders are completed or cancelled.
• We track call patterns to identify abnormal behavior, such as excessive calling, which may indicate attempts to collect customer phone numbers.
• Shop managers found misusing this feature may have their access revoked and face account termination.

4.2. Service Providers:

• Cloud hosting and storage providers.
• Payment processors and financial institutions.
• Analytics and marketing service providers.
• Customer support and communication platforms.
• Security and fraud prevention services.
• These providers are contractually obligated to protect your data and use it only for specified purposes.

4.3. Business Transfers:

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change.

4.4. Legal Requirements:

• We may disclose information when required by law, court order, or government authority.
• To enforce our rights, protect our property, or ensure user safety.
• To investigate fraud, security issues, or violations of our terms.
• To comply with Egyptian law enforcement and regulatory agencies.

4.5. Aggregated Data:

We may share anonymized, aggregated data that cannot identify you individually for research, marketing, or business purposes.

4.6. With Your Consent:

We may share your information with third parties when you explicitly consent to such sharing.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Account Information: Retained while your account is active and for 3 years after account closure for legal and business purposes.
• Transaction Data: Retained for 7 years to comply with Egyptian tax and financial regulations.
• Communications: Retained for 2 years for customer service and dispute resolution purposes.
• Marketing Data: Retained until you withdraw consent or for 1 year of inactivity.
• Legal Claims: Data may be retained longer if involved in legal proceedings or investigations.

After the retention period, we will securely delete or anonymize your information. However, some data may be retained in backup systems for up to 90 additional days.

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission or storage is 100% secure.

Security Measures:

• Encryption of data in transit and at rest using industry-standard protocols.
• Secure authentication and access controls.
• Regular security audits and vulnerability assessments.
• Employee training on data protection and confidentiality.
• Incident response procedures for data breaches.
• Secure cloud infrastructure with redundancy and backup systems.

Your Responsibility:

• You are responsible for maintaining the confidentiality of your account credentials.
• Do not share your password or allow others to access your account.
• Notify us immediately if you suspect unauthorized access to your account.
• Use strong passwords and enable two-factor authentication when available.

Disclaimer:

While we strive to protect your information, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk. We are not liable for unauthorized access, hacking, data loss, or breaches beyond our reasonable control.

Under Egyptian Law No. 151 of 2020 and applicable regulations, you have certain rights regarding your personal data:

7.1. Access and Portability:

• You may request access to your personal information.
• You may request a copy of your data in a portable format.
• Requests will be fulfilled within 30 days, subject to identity verification.

7.2. Correction and Update:

• You may update or correct your account information at any time through the app.
• You may request correction of inaccurate or incomplete data.

7.3. Deletion:

• You may request deletion of your account and personal data.
• We will delete your data within 30 days, except where retention is required by law.
• Some data may be retained for legal, tax, or dispute resolution purposes.
• Deletion is permanent and cannot be undone.

7.4. Objection and Restriction:

• You may object to processing of your data for marketing purposes.
• You may request restriction of processing in certain circumstances.
• You may opt out of marketing communications at any time.

7.5. Withdraw Consent:

• You may withdraw consent for data processing at any time.
• Withdrawal does not affect the lawfulness of processing before withdrawal.
• Some services may not be available if you withdraw consent.

Exercising Your Rights:

To exercise these rights, contact us at support@mysterybag.zohodesk.com. We may require identity verification before processing requests. We reserve the right to deny requests that are manifestly unfounded, excessive, or prohibited by law.

Our app collects and uses location data to provide core functionality. You can control location permissions through your device settings.

How We Use Location:

• Show nearby Partner Stores and available Mystery Bags.
• Calculate distances and provide directions.
• Verify pickup locations and prevent fraud.
• Improve service recommendations based on your area.
• Analyze usage patterns and optimize Partner Store coverage.

Location Permissions:

• Precise Location: Required for core app functionality (finding nearby stores).
• Background Location: Not collected unless you explicitly enable it.
• You can disable location services, but this will limit app functionality.

We do not sell or share your precise location data with third parties for their marketing purposes.

We use cookies, web beacons, pixels, and similar technologies to enhance your experience and collect usage data.

Types of Cookies:

• Essential Cookies: Required for platform functionality (authentication, security).
• Performance Cookies: Collect usage data to improve performance.
• Functional Cookies: Remember your preferences and settings.
• Marketing Cookies: Track your activity for personalized advertising (with consent).

Managing Cookies:

• You can control cookies through your browser settings.
• Disabling cookies may affect platform functionality.
• You can opt out of targeted advertising through device settings or industry opt-out tools.

Third-Party Tracking:

We use third-party analytics and advertising services (e.g., Google Analytics, Facebook Pixel) that may collect data about your online activities. These services have their own privacy policies.

Our platform may contain links to third-party websites, services, or social media platforms. We are not responsible for the privacy practices of these third parties.

• Third-party sites have their own privacy policies and terms.
• We do not control or endorse third-party content or practices.
• You access third-party sites at your own risk.
• Review the privacy policies of any third-party services you use.

Partner Stores are independent businesses with their own privacy practices. We are not responsible for how Partner Stores collect, use, or protect your information.

Our platform is not intended for children under 18 years of age. We do not knowingly collect personal information from children.

• You must be at least 18 years old to use our services.
• If we discover we have collected data from a child, we will delete it immediately.
• Parents or guardians who believe their child has provided information should contact us.
• We comply with Egyptian laws regarding children's data protection.

Your information may be transferred to and processed in countries outside Egypt, including countries that may not have the same data protection laws.

• We use cloud services that may store data in multiple jurisdictions.
• We ensure appropriate safeguards are in place for international transfers.
• By using our services, you consent to international data transfers.
• We comply with Egyptian laws regarding cross-border data transfers.

We take reasonable steps to ensure your data receives adequate protection regardless of location, but we cannot guarantee the same level of protection as Egyptian law.

In the event of a data breach that compromises your personal information, we will take the following actions:

• Investigate the breach and assess the risk to affected users.
• Notify affected users within a reasonable timeframe as required by Egyptian law.
• Report the breach to relevant Egyptian authorities if required.
• Take remedial measures to prevent future breaches.
• Cooperate with law enforcement and regulatory investigations.

Limitations:

We are not liable for breaches caused by third parties, force majeure, or circumstances beyond our reasonable control. Our liability is limited to the maximum extent permitted by Egyptian law.

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to the platform.

• We will update the "Last Updated" date at the top of this policy.
• For material changes, we may provide additional notice (email, in-app notification).
• Continued use of the platform after changes constitutes acceptance of the updated policy.
• You are responsible for reviewing this policy periodically.
• If you do not agree with changes, you must discontinue use of the platform.

We may change our data practices without notice if required by law or to protect our rights and interests.

15.1. No Warranty:

We provide the platform and handle your data "as is" without any warranties. We do not guarantee the security, accuracy, or availability of your information.

15.2. Limitation of Liability:

• We are not liable for unauthorized access, data breaches, or loss of data beyond our reasonable control.
• Our total liability for privacy-related claims shall not exceed EGP 1,000 or the amount you paid us in the past 12 months, whichever is less.
• We are not liable for indirect, consequential, or punitive damages.
• We are not liable for actions of Partner Stores, third-party service providers, or other users.
• You use the platform at your own risk and acknowledge the inherent risks of online data transmission.

15.3. Indemnification:

You agree to indemnify and hold Mystery Bag harmless from any claims, damages, or expenses arising from your violation of this Privacy Policy, misuse of the platform, or breach of applicable laws.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: support@mysterybag.zohodesk.com
• Phone: +20 11 1485 6106
• Address: New Cairo, Cairo Governorate, Egypt
• Business Hours: Sunday-Thursday, 9:00 AM - 6:00 PM (Egypt Time)

We will respond to inquiries within 30 days. For urgent matters, please call during business hours.

Data Protection Officer:

For data protection inquiries, you may contact our Data Protection Officer at support@mysterybag.zohodesk.com. Please include "Data Protection" in the subject line.