Skip to content
PadiPadi Chat

Legal

Privacy Policy for Padi Chat

Effective date: May 1, 2026 Last updated: May 1, 2026

NexGen UX & Engineering LLC ("we," "us," or "our") operates the Padi Chat mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your information.

If you do not agree with this Privacy Policy, please do not use the App.

1. Information We Collect

1.1 Information you provide

  • Phone number — collected at signup for SMS one-time-password (OTP) authentication.
  • Profile information — name, profile photo, optional username.
  • Identity verification documents — government-issued ID images and selfies, required for cash-out and high-value money transfers in compliance with Sierra Leone Anti-Money-Laundering regulations.
  • Payment information — debit/credit card details (processed by Stripe; we never store full card numbers on our servers), bank account details (processed by our banking partner Unit), and transaction history.
  • Messages and call content — chat messages, voice and video call audio/video streams between you and other Padi Chat users. Messages are stored on our servers; calls are peer-to-peer (WebRTC) and not recorded by default.
  • Restaurant orders, ride history, and saved addresses — when you use the food ordering or ride-hailing features.
  • Support communications — anything you send to our support team.

1.2 Information collected automatically

  • Device information — device model, operating system version, unique device identifiers, language settings.
  • Location data — precise GPS location when you actively use ride-hailing or food delivery features. Background location is not collected.
  • Usage data — screens visited, features used, crash reports, and performance metrics.
  • Push notification tokens — to deliver real-time alerts (incoming calls, ride updates, payment confirmations).

1.3 Information from third parties

  • Sentry — anonymized crash reports and performance data for diagnostics.
  • Stripe — payment processing confirmations and fraud-check signals.
  • Unit — bank account status, balance, transaction confirmations.
  • Google Maps — geocoding and directions (location data sent to Google when you use ride or delivery features).

2. How We Use Your Information

We use the information we collect to:

  • Authenticate you (phone OTP via Twilio)
  • Enable money transfers, payments, and cash-out at agent locations
  • Match riders with drivers and route ride requests
  • Process food orders and route them to merchants
  • Deliver chat messages and route voice/video calls
  • Verify your identity for compliance with financial regulations
  • Detect and prevent fraud, abuse, and unauthorized account access
  • Provide customer support
  • Send service-related notifications (transaction receipts, ride status, security alerts)
  • Improve and debug the App

We do not sell your personal information. We do not use your data for advertising. We do not share your data with advertisers or data brokers.

3. Who We Share Your Information With

We share information only with service providers necessary to operate the App:

Provider What we share Why
Supabase Account data, messages, transaction records Primary database and storage
Twilio Phone number Send SMS one-time-password codes
Stripe Payment information Process card payments
Unit Bank account info, identity documents Issue accounts, hold balances, process payouts
Google Maps Location, addresses Geocoding, directions, map display
RevenueCat Anonymized device + subscription identifier Manage in-app subscriptions (if applicable)
Sentry Anonymized crash + performance data Error monitoring
Apple Push Notification service Push token Deliver notifications
Coturn (self-hosted) Real-time media stream metadata Relay calls when peer-to-peer fails

We may share information when required by law, court order, or to protect the rights, property, or safety of NexGen UX & Engineering LLC, our users, or the public — including for fraud prevention, regulatory reporting (e.g., Bank of Sierra Leone, FinCEN), and law enforcement requests.

4. How Long We Keep Your Information

  • Account data: kept while your account is active. After account deletion, we retain limited records required by financial regulations (typically 5 years for transaction records, per Sierra Leone AML rules).
  • Messages: retained until you or the other participant deletes them.
  • Crash reports: retained 90 days.
  • Identity verification documents: retained 5 years after last activity, per regulatory requirements.

5. Your Rights

You can:

  • Access your account data within the App (Profile → Settings → Data).
  • Edit your profile information at any time.
  • Delete your account in-app (Profile → Settings → Delete Account). Account deletion removes your profile, messages, and contacts. Some financial records are retained as required by law.
  • Export your data by emailing privacy@padi.app.
  • Withdraw consent for non-essential processing by contacting us.
  • Opt out of push notifications in your device settings.
  • Disable location sharing in your device settings (note: this will disable rides and delivery).

For users in the European Union, you have additional rights under GDPR (right to erasure, right to data portability, right to object). Contact us at privacy@padi.app to exercise these rights.

For California residents, we comply with the California Consumer Privacy Act (CCPA). We do not sell your information.

6. Children's Privacy

Padi Chat is not intended for users under 17. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us at privacy@padi.app and we will delete it.

7. Security

We use industry-standard security practices:

  • All data in transit is encrypted with TLS 1.2 or higher.
  • Passwords and tokens are hashed using bcrypt or equivalent.
  • Identity documents are stored encrypted at rest.
  • Access to production systems is limited and logged.
  • Card numbers are never stored on our servers (handled by Stripe, PCI DSS Level 1).

No system is 100% secure. We will notify affected users without undue delay in the event of a breach affecting personal information.

8. International Data Transfers

Padi Chat is operated from the United States. If you use the App from outside the U.S., your information will be transferred to and processed in the United States. By using the App, you consent to this transfer.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via in-app notification or email at least 30 days before changes take effect. The "Last updated" date at the top reflects the most recent revision.

10. Contact Us

For questions, requests, or to exercise your rights, contact:

NexGen UX & Engineering LLC Email: privacy@padi.app Mailing address: [Your business mailing address]

For App Store Connect inquiries, the Account Holder is reachable at the email associated with our Apple Developer Program membership.