Privacy Policy

DoorBite Ltd. ("Doorbite", "we", "us", or "our") operates the Doorbite food delivery platform, including the Doorbite mobile application (Customer App and Rider App), the website at doorbite.ng, and all related services.

DoorBite Ltd. is registered in the Federal Republic of Nigeria and is the data controller responsible for your personal information collected through the Doorbite platform.

This Privacy Policy is governed by and complies with the Nigeria Data Protection Act (NDPA) 2023 and all regulations issued by the Nigeria Data Protection Commission (NDPC).

We collect information from you directly when you register and use the platform, and automatically when you interact with our services.

• Account information: Full name, phone number, email address, and password when you create an account.
• Delivery address: Physical addresses you save or enter for deliveries.
• Payment information: Card details, bank account information, or mobile money details. Payment data is processed by our certified payment partners and is not stored on our servers.
• Profile information: Profile photo and any preferences you set in the app.
• Communications: Messages you send to our customer support team or through the in-app chat.
• Reviews and ratings: Feedback you leave on restaurants, riders, or orders.

• Location data: Real-time GPS location when you use the app, to show nearby restaurants, assign riders, and track deliveries.
• Device information: Device model, operating system, unique device identifiers, and mobile network information.
• Usage data: Pages visited, features used, time spent, search queries, and order history.
• Log data: IP address, browser type, and error logs for technical diagnostics.
• Cookies and similar technologies: See Section 6 for details.

Data Type	Purpose	Required?
Name & Phone	Account creation, order notifications	Yes
Email Address	Receipts, account recovery	Yes
Location	Delivery routing, restaurant discovery	Yes
Payment Details	Processing transactions	Yes (for orders)
Order History	Reorders, support, fraud prevention	Auto-collected
Profile Photo	Account personalisation	Optional
Device ID	Security, fraud prevention	Auto-collected

We use your personal information only for the purposes described below. We will not use it for any other purpose without notifying you first.

• Processing and fulfilling your food delivery orders.
• Assigning and routing Riders to your delivery location.
• Sending real-time order status updates and notifications.
• Displaying restaurants and menus relevant to your location.
• Enabling in-app communication between customers and riders.
• Processing payments and issuing digital receipts.
• Resolving disputes, refunds, and customer support queries.

• Detecting and preventing fraud, abuse, and unauthorised access.
• Verifying identities and preventing fake accounts.
• Investigating complaints and enforcing our Terms of Service.
• Maintaining the integrity of our ratings and review system.

• Sending you promotional offers, deals, and app updates — only if you have opted in.
• Service announcements that are necessary for your use of the platform.
• Requesting feedback and reviews after completed orders.

We do not sell your personal data. We share your information only in the following limited circumstances:

When you place an order, we share your delivery address and first name with the assigned Rider to enable delivery. Riders do not receive your full contact details and may not contact you outside the Doorbite platform.

Restaurants receive your order details and first name to prepare your food. They do not receive your payment information, full address, or contact number.

We work with trusted third-party companies who help us operate our platform. These include payment processors, cloud hosting providers, SMS notification services, and analytics tools. These partners are contractually required to protect your data and may not use it for their own purposes.

We may disclose your information if required to do so by law, court order, or a government authority, including the Nigeria Data Protection Commission (NDPC), the Economic and Financial Crimes Commission (EFCC), or law enforcement agencies.

If DoorBite Ltd. is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice and ensure any acquiring entity maintains equivalent data protection standards.

Your personal data is stored on secure servers located within Nigeria and in compliant international data centres. All data transfers are protected using industry-standard encryption (TLS 1.2 or higher).

• End-to-end encryption for all sensitive data in transit.
• AES-256 encryption for data at rest.
• Multi-factor authentication for internal system access.
• Regular security audits and penetration testing.
• Role-based access controls — employees only access data necessary for their job.
• Automated fraud detection and anomaly monitoring.

While we implement robust security measures, no system is completely impenetrable. In the event of a data breach that poses a risk to your rights, we will notify you and the Nigeria Data Protection Commission within 72 hours of becoming aware, as required by the NDPA 2023.

We use cookies and similar tracking technologies on our website and app to improve your experience and understand how our services are used.

Cookie Type	Purpose	Can You Opt Out?
Essential	Login sessions, security, core functionality	No — required to use the service
Functional	Remembering your preferences and settings	Yes
Analytics	Understanding how users interact with the app	Yes
Marketing	Personalised promotional content (only if opted in)	Yes

You can manage your cookie preferences through your device settings or by contacting us. Disabling non-essential cookies will not affect your ability to place orders on Doorbite.

Under the Nigeria Data Protection Act (NDPA) 2023, you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may ask us to correct inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data, subject to legal retention obligations.
• Right to Restriction: You may ask us to restrict the processing of your data in certain circumstances.
• Right to Data Portability: You may request your data in a structured, machine-readable format.
• Right to Object: You may object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact our Data Protection Officer at support@doorbite.ng. We will respond within 30 days of receiving your request. If you are unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

You may also update your personal information directly within the Doorbite app under Settings → Account → Edit Profile.

Doorbite is not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at support@doorbite.ng. We will delete any such information promptly upon verification.

Riders who sign up to the Doorbite platform provide additional information that is specific to their role as independent contractors.

• National Identification Number (NIN): Used for identity verification and background checks as required by Nigerian law.
• Vehicle type and registration: Motorcycle, bicycle, or car information for delivery routing and insurance purposes.
• Bank account details: For weekly earnings settlements via secure bank transfer.
• Real-time location: Continuous GPS tracking while a Rider is logged into the app and on an active delivery, to enable live tracking for customers and efficient routing.
• Performance data: Delivery completion rate, acceptance rate, customer ratings, and on-time delivery metrics.
• Incident reports: Records of any complaints, disputes, or accidents while on duty.

Location data is collected only while the Rider is active on the platform. It is used to assign deliveries, provide live tracking to customers, calculate distance-based earnings, and ensure zone coverage. Location tracking stops when the Rider logs off the Rider App.

Restaurant partners who list on the Doorbite platform provide business information that we use to operate the marketplace.

• Business name, legal name, and trading name.
• RC Number (Corporate Affairs Commission registration).
• Business address and operating hours.
• Contact details of the authorised representative.
• Bank account details for weekly settlement payments.
• Menu content, pricing, and food photographs.
• Sales data, order volumes, and commission records.
• Customer ratings and review data related to their restaurant.

Restaurant partners' order-level data (items sold, order counts, earnings) is used to generate settlement reports and improve the platform. Aggregated and anonymised sales trends may be used internally for platform planning.

Restaurant partners may access their own performance data through the Doorbite Partner Dashboard.

We retain your personal data only for as long as necessary to provide our services and comply with our legal obligations.

Data Category	Retention Period	Reason
Active account data	Duration of account + 6 months	Service provision
Order history	5 years from transaction date	Legal / tax obligations
Payment records	7 years	FIRS financial regulations
Location data	90 days from collection	Fraud prevention
Support communications	2 years	Dispute resolution
NIN data (Riders)	Duration of contract + 2 years	Legal compliance
Deleted account data	30 days, then permanent deletion	NDPA 2023 compliance

When you delete your Doorbite account, your personal profile data is permanently deleted within 30 days. Transactional records that are required by law (such as financial records) are retained for the legally required periods noted above.

The Doorbite app and website may contain links to third-party websites, such as restaurant social media pages, payment provider portals, or external promotions. This Privacy Policy applies only to DoorBite Ltd.'s own services.

We are not responsible for the privacy practices or content of any third-party websites or services. We encourage you to read the privacy policies of any external site you visit. The presence of a link on Doorbite does not constitute endorsement of that site's privacy practices.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

• Post the updated policy on our website and app with a new "Last Updated" date.
• Send you an in-app notification or email if the changes materially affect your rights.
• Give you at least 14 days' notice before material changes take effect.

Your continued use of the Doorbite platform after the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms. If you disagree with any changes, you may close your account before they take effect.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer:

If you are not satisfied with our response, you may escalate your complaint to the Nigeria Data Protection Commission (NDPC):

• Website: ndpc.gov.ng
• Email: [email protected]