Privacy Policy
This page describes how the eShop apps collect, use, store, and share information.
It covers the Vendor App, Sales App, and Delivery App in one place.
Last updated: May 16, 2026
Vendor App
Sales App
Delivery App
Cloudinary uploads
OTP login
This is a practical policy draft based on the current app behavior in the codebase. It should be reviewed by your legal or compliance advisor before publishing.
1. Who We Are
eShop operates a small set of connected Flutter applications used to register shops,
manage sales operations, review products and orders, and administer the platform.
The apps communicate with our backend API at http://187.127.165.193/api/v1 in the current setup.
In production, this should be replaced with the live secure endpoint used by your deployment.
2. Information We Collect
- Mobile number for OTP login and account access.
- Shop details such as shop name, owner name, and business information.
- Address details including street address, city, state, pincode, and map location.
- Documents and images such as Aadhaar card, PAN card, GST certificate, shop license, product images, or other supporting files.
- Order and delivery data such as product names, quantities, prices, order status, and delivery status.
- Location data when the app uses the map or current-location flow to set latitude and longitude.
- Authentication data such as access tokens and login state stored locally on the device.
3. How We Use Information
- To sign users in with OTP.
- To register shops and attach their verification documents.
- To show shop verification status as pending, verified, or rejected.
- To manage shop addresses and display default address details.
- To list products, categories, carts, orders, and delivery assignments.
- To allow sales staff to review shops, products, and orders.
- To allow delivery partners to view delivery tasks and order information needed to complete trips.
- To support platform operations such as verification and order handling.
4. How Information Is Stored and Shared
- Profile, shop, address, order, and verification data are stored in our backend database.
- Uploaded documents and images are first sent to the backend and then uploaded to Cloudinary.
- The backend stores the returned Cloudinary URLs in the database.
- Access tokens and login state are stored locally on the user’s device using app storage.
- Shop documents are visible to the sales app for review and verification.
- Sales users can view shops, orders, and related records needed to do their work.
- Delivery users can view trip and order data needed for delivery routing and completion.
5. Permissions and Device Access
- Internet for all API calls and image/document loading.
- Location on the Vendor App and Sales App for selecting or finding a shop position on the map.
- Files and photos for document and image uploads.
The Vendor App uses a map-based location picker and current-location action. The Sales App also uses map/location access for shop setup.
6. App-Specific Details
Vendor App
- Uses mobile number OTP login.
- Collects shop name, owner name, address, latitude/longitude, and at least one verification document.
- Uploads documents to Cloudinary through the backend.
- Shows shop profile data and verification status.
- Stores session data locally for login persistence.
Sales App
- Uses mobile number OTP login for sales staff.
- Collects shop details, address, location, and documents when adding a shop.
- Loads products, categories, orders, and shop verification information.
- Can create orders for a saved shop address.
- Uploads shop documents and product images through the backend.
Delivery App
- Uses login data for delivery partner access.
- Shows delivery orders, trip assignments, and order details needed to complete deliveries.
- May use location access depending on delivery workflow and routing features.
- Does not need shop verification documents or superadmin features.
7. Retention
We keep user, shop, order, document, and product information as long as it is needed to operate the service,
resolve disputes, meet legal requirements, and support verification and business records.
Local login tokens and app state remain on the device until the user logs out or clears app data.
8. Security
- We use token-based authentication for access to protected API routes.
- We limit document uploads to the backend and avoid direct client-side Cloudinary credentials.
- We try to keep uploaded files and business data confined to the systems needed to run the app.
9. Your Choices
- You can choose not to grant location permission, but some features may not work.
- You can log out to remove the local access token from the device.
- You can contact us to request review of stored shop information subject to platform rules and legal obligations.
10. Contact
Add your support email, business address, or privacy contact here before publishing this policy.
| Contact |
eshopglobal2026@gmail.com |
| Business |
eShop |