Privacy Policy

Last updated: January 2026

Orin Technologies BV ("Orin", "we", "us", or "our") is committed to protecting your privacy and safeguarding your personal data when you use the MinhaRota app and related Orin services ("Service").

This Privacy Policy explains what information we collect, how we use and share it, your privacy rights, and how to contact us. By using the Service, you agree to the terms described here.

This policy complies with the General Data Protection Regulation (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), and other applicable data protection laws.

1. Data Controller

Orin Technologies BV, a company registered in the Netherlands, is the controller responsible for your personal data processed through our Services.

Contact details:
Orin Technologies BV
Email: legal@orin.software
Data Protection Officer (DPO): legal@orin.software

2. Information We Collect

We only collect information necessary to provide, maintain, secure, and improve the Service. Depending on how you use the Service, we may collect:

A. Account & Contact Information

  • Full name
  • Email address
  • Mobile phone number
  • Tax identification number (when required for billing)

B. Payment & Subscription Data

  • Billing information and address
  • Payment transaction records
  • Card details are processed directly by our payment processor (Stripe) and are not stored on our servers

C. Delivery & Operations Data

  • Pickup and delivery addresses
  • Description of goods being transported
  • Recipient information (name, phone)
  • Delivery history
  • Status and events for each delivery

D. Technical Data

  • Device type and model
  • Operating system and version
  • Unique device identifiers
  • IP address (anonymized where feasible)
  • App error and crash reports
  • Usage logs for diagnostics

3. Mobile App Permissions

The MinhaRota app requests the following permissions on your mobile device:

A. Camera

We use camera access for:

  • Proof of Delivery (POD): Capturing photos at the time of delivery as evidence that goods were delivered to the recipient
  • Incident documentation: Recording photos in case of issues during delivery (damage, address not found, delivery refused)

Storage: Photos are stored on our secure servers and linked to the corresponding delivery. They are retained for the standard retention period or as required by legal and contractual obligations.

B. Push Notifications

We use push notifications to:

  • Alert you about new deliveries or trips assigned to you
  • Inform you of important updates about your deliveries
  • Communicate messages from the support team
  • Send reminders about pending deliveries

You can manage or disable notifications in your device settings.

C. Storage

We use device storage to save temporary data, map cache, and enable limited offline functionality.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract performance: To provide the Service you contracted, process deliveries, and manage your account
  • Legal obligations: To meet tax, accounting, and regulatory requirements
  • Legitimate interests: For Service security, fraud prevention, internal analytics, and feature improvements, always respecting your rights and expectations
  • Consent: When explicitly requested for optional communications, specific features, or non-essential data sharing

5. How We Use Your Data

We use your data for the following purposes:

Service Delivery

  • Creating and managing your account
  • Processing and recording deliveries
  • Generating proof of delivery
  • Enabling real-time tracking
  • Providing customer support

Operations & Improvements

  • Operating and maintaining the Service
  • Monitoring errors and troubleshooting technical issues
  • Protecting against misuse and fraud
  • Conducting internal analytics to improve features

Communications

  • Sending notifications about your deliveries
  • Communicating important Service updates
  • Responding to your support requests

We do not sell, rent, or share your personal information for third-party advertising or marketing purposes.

6. Data Sharing

We share your data only in the following situations:

A. With Your Customers

When you send a tracking link, your customer can see: delivery status and estimated arrival time. This sharing is initiated by you and can be stopped at any time.

B. Service Providers

  • Cloud hosting: Microsoft Azure (data stored on secure servers)
  • Payment processing: Stripe (PCI-DSS compliant)
  • Address autocomplete: Google Maps Platform
  • Communications: SMS/WhatsApp providers for OTP and notifications
  • Customer support: Crisp (live chat)

All providers are bound by Data Protection Agreements (DPA) and must maintain the confidentiality of your data.

C. Legal Obligations

We may disclose data when required by law, court order, or to protect the rights, property, or safety of Orin, our users, or third parties.

7. International Data Transfers

Your data may be transferred to and processed on servers located outside your country of residence, including the European Union and United States, where our infrastructure providers operate.

These transfers are conducted in compliance with GDPR and other applicable laws, using:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with adequate data protection levels
  • Technical and organizational security measures

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy:

  • Active account data: Retained while your account is active
  • Delivery data: Retained for 5 years for proof and dispute purposes
  • Proof of delivery photos (POD): Retained for 2 years or as contractually required
  • Deleted accounts: Data removed within 90 days, except where legal retention is required
  • Financial and tax records: Retained for 7 years as required by law

9. Your Privacy Rights

Depending on applicable law (GDPR, LGPD, etc.), you have the following rights regarding your personal data:

  • Access: Confirm we process your data and obtain a copy
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of data processing
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Revoke consent at any time for consent-based processing
  • Lodge a complaint: File a complaint with your local data protection authority

To exercise your rights, contact us at legal@orin.software. We will respond within the legally applicable timeframe (typically 30 days).

10. Data Security

We implement technical and organizational measures to protect your data:

  • Encryption in transit (HTTPS/TLS 1.3) and at rest
  • Secure password and PIN hashing (bcrypt)
  • Two-factor authentication available
  • Role-based access control
  • Continuous monitoring and intrusion detection
  • Encrypted and redundant backups
  • Regular security audits

Despite these measures, no system is 100% secure. In case of a security incident that may cause significant risk or harm, we will notify you and the relevant authorities as required by law.

11. Cookies and Similar Technologies

We do not use tracking cookies for advertising. We may use:

  • Essential cookies: For authentication and web app functionality
  • Local storage: To save preferences and session data
  • Anonymous analytics: To understand app usage and improve features

We do not track you across third-party websites or apps.

12. Children's Privacy

The MinhaRota Service is intended exclusively for users aged 18 and older. We do not knowingly collect data from minors. If we become aware that we have collected data from a minor without proper legal consent, we will take immediate steps to delete it.

13. Advertising

The MinhaRota app does not contain advertisements. We do not display ads from third-party advertising networks, and we do not use advertising identifiers (such as Google Advertising ID) for ad targeting or tracking purposes.

14. Changes to This Policy

We may update this Privacy Policy periodically. When changes are significant:

  • We will notify you by email or through the app
  • We will update the "last updated" date at the top of this page
  • For material changes, we will request new consent when necessary

We recommend reviewing this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact & Complaints

For questions, requests, or complaints about this Privacy Policy or how we handle your data:

Data Protection Officer (DPO):
Email: legal@orin.software

General contact:
Email: legal@orin.software

If you believe your data is processed unlawfully, you have the right to file a complaint with your local data protection authority:

  • EU: Your national Data Protection Authority
  • Brazil: ANPD (Autoridade Nacional de Proteção de Dados) - www.gov.br/anpd