Privacy Policy
Wuzzy — North Lombok food deliveryLast updated: 2 May 2026
This Privacy Policy describes how Wuzzy ("we", "our", "the app") collects, uses, and protects your personal information when you use our food delivery service.
1. Data We Collect
- Phone number — used for sign-in via SMS verification (Firebase Authentication).
- Name and email — collected during onboarding to personalize your orders and receipts.
- Location (GPS) — used to find nearby restaurants, set delivery pickup pins, and (for drivers) broadcast your live position to assigned customers while on a trip. Location is sampled only while the app is open and you are an active driver, or when you are actively placing or tracking an order.
- Device push token (FCM) — used to deliver order status and dispatch notifications.
- Vehicle information (drivers) — license plate and vehicle type, shown to customers during deliveries.
- Driver verification documents — KTP (national ID), SIM (driver's licence), STNK (vehicle registration), and a selfie are required during driver onboarding. KTP/SIM/STNK images are visible only to administrators for verification. The selfie is shown to customers as the driver's profile photo on assigned orders.
- Top-up proof images (drivers) — drivers upload a photo of their bank-transfer receipt when adding wallet balance. Visible only to administrators for approval.
- Order history — items, prices, restaurants, drop-off coordinates, status timestamps, and notes you add for the driver.
- Crash logs (Android) — Firebase Crashlytics collects anonymized stack traces from app crashes to help us fix bugs. No personal data is included.
2. How We Use Data
- Authenticate you and maintain your session.
- Match orders with nearby drivers and restaurants.
- Show live delivery progress to customers and route info to drivers.
- Compute order totals and store them for support and refund purposes.
- Send transactional notifications (order accepted, picked up, delivered).
3. Sharing
We do not sell your data. We share limited data only when needed to deliver your order:
- Your name and pickup pin are visible to the assigned driver.
- Your driver's name, phone, and live location are visible to the customer for that order only.
- Restaurant partners see your name and order contents.
4. Data Storage and Security
Your data is stored on Google Cloud: Firestore database (multi-region nam5), Cloud Storage for images, and Cloud Run for the API (asia-southeast2, Jakarta). All transit uses HTTPS; data at rest is encrypted by Google. Daily Firestore exports are stored in a private Cloud Storage bucket and retained for 30 days. Access is limited to backend services and platform administrators.
5. Account Deletion
You can permanently delete your account and personal data at any time:
- Open the Wuzzy app → Account tab → Delete account.
- Or DM us on @wuzzyindonesia with your phone number and we will process the deletion within 7 days.
Order history older than 90 days may be retained in anonymized form for accounting and dispute resolution as required by Indonesian e-commerce regulations.
6. Permissions
- Location — required to use the app's core features (find restaurants, deliver orders).
- Notifications — required to receive order updates.
- Phone state — Android only, used by Firebase Auth for SMS verification.
7. Children
Wuzzy is not intended for users under 17. We do not knowingly collect data from children.
8. Changes
We may update this policy. Material changes will be announced in-app at least 14 days before taking effect.
9. Contact
Questions about this policy: @wuzzyindonesia