Privacy Policy

Courivo (“we”, “us”) provides software for UK courier companies. This policy explains how we collect, use and protect personal data when you use our platform and websites, in line with the UK GDPR and the Data Protection Act 2018. For data our customers (courier companies) submit about their own customers, the courier company is the data controller and we act as a data processor on their behalf.

• Account data: name, business name, email, phone, password (hashed).
• Billing data: plan, subscription status and payment metadata (card details are handled by our payment providers, not stored by us).
• Operational data: jobs, bookings, addresses, drivers, customers and invoices you enter.
• Delivery-recipient data: names, addresses and contact details needed to fulfil deliveries.
• Usage data: log data, device/browser information and analytics about how the Service is used.

• To provide, operate and secure the Service;
• To process subscription payments and send service communications;
• To send SMS and email notifications you trigger (e.g. booking and delivery updates);
• To provide support and respond to enquiries;
• To improve the Service and produce aggregate analytics;
• To comply with legal obligations.

Our lawful bases include performance of a contract, our legitimate interests in operating and improving the Service, consent (where required, e.g. certain cookies), and compliance with legal obligations.

We share data with trusted processors only as needed to run the Service:

• Paddle — subscription billing and merchant-of-record payments;
• Stripe — customer-facing invoice and booking payments;
• Twilio — SMS notifications;
• SendGrid — transactional email;
• Google (Maps Platform) — address, distance and mapping services;
• Our cloud hosting and database providers for storage and compute.

Each processor handles data under its own terms and appropriate safeguards. Where data is transferred outside the UK/EEA, it is protected by appropriate transfer mechanisms.

We use strictly necessary cookies to keep you signed in and secure the Service, and analytics cookies to understand usage. Courier companies may add their own analytics (e.g. Google Analytics or a Facebook Pixel) to their public site. You can control non-essential cookies through your browser settings.

We retain personal data for as long as your account is active and as needed to provide the Service. After account closure we delete or anonymise data within a reasonable period, except where we must retain it to meet legal, accounting or regulatory obligations.

Under UK GDPR you have the right to:

• Access the personal data we hold about you;
• Request correction of inaccurate data;
• Request erasure or restriction of processing;
• Object to processing and request data portability;
• Withdraw consent at any time where processing is based on consent;
• Lodge a complaint with the Information Commissioner’s Office (ICO).

If your data was submitted by a courier company using Courivo, please contact that company (the controller); we will assist them in responding.

We use industry-standard measures including encryption in transit, hashed passwords, tenant data isolation and access controls. No method of transmission or storage is completely secure, but we work to protect your data and review our practices regularly.

For privacy questions or to exercise your rights, email hello@courivo.com. We may update this policy from time to time; the latest version is always published here.