XHERPA – Privacy Policy

1) Information We Collect

1.1 You provide

• Account data: name, email, password, country, phone.
• Profile & verification: photo, government ID (for KYC), date of birth (if required), membership tier.
• Listings/requests: trip routes, package details, photos, declared values, dates.
• Communications: messages, reviews, support requests.
• Payments: billing address, payout details (handled by payment processors).

1.2 Collected automatically

• Device/usage data: IP address, browser type, device identifiers, pages viewed, referring URLs, timestamps.
• Location data: if you enable location services for route features.
• Cookies & similar tech: for authentication, preferences, analytics, and advertising (see Cookies section).

1.3 From third parties

• Identity verification providers (e.g., document checks).
• Payment processors (limited transaction metadata).
• Analytics/advertising partners (aggregated insights).
• Map providers (geocoding, distance).

2) How We Use Information

• Provide and secure the Services (account creation, authentication, fraud prevention).
• Facilitate listings, matches, messaging, and transactions.
• Process payments and payouts via third-party processors.
• Identity verification and platform safety.
• Communicate with you (service messages, updates, marketing with consent).
• Personalize content and recommendations.
• Analyze usage to improve features and troubleshoot.
• Comply with legal obligations (KYC/AML where required, tax, regulatory requests).

Legal bases (GDPR): performance of contract, legitimate interests (safety, improvement, fraud prevention), consent (marketing, precise location, certain cookies), and compliance with law.

3) Sharing of Information

We share information with:

• Other Users as needed to complete a transaction (e.g., first name, rating, item/trip details, agreed pickup/drop-off info).
• Service providers acting on our behalf (hosting, analytics, customer support, identity verification, payments, maps).
• Insurance partners if you purchase coverage.
• Law enforcement or regulators where required by law or to protect rights and safety.
• Business transfers (merger, acquisition).

We do not sell personal information.

4) Cookies & Tracking

We use cookies and similar technologies to keep you signed in, remember preferences, perform analytics, and measure marketing. You can manage preferences via browser settings and our Cookie Preferences tool. Disabling certain cookies may limit functionality.

5) Data Retention

We retain personal data for as long as necessary to provide the Services, for legitimate business needs (security, fraud prevention), and to comply with legal obligations. Typical account data is retained while your account is active; transaction records may be retained for 7 years.

6) Security

We use administrative, technical, and physical safeguards, including encryption in transit (HTTPS), access controls, and secure credential storage. No system is 100% secure; please use a strong, unique password and enable available security features (e.g., 2FA).

7) International Transfers

Your data may be transferred to and processed in countries other than your own. Where required, we use lawful transfer mechanisms (e.g., SCCs) and contractually require safeguards from processors.

8) Your Rights

Depending on your location (e.g., EU/UK GDPR, California CCPA/CPRA), you may have rights to:

• access, correct, or delete personal data;
• object to or restrict processing;
• data portability;
• opt out of targeted advertising or sale/share of data (we do not sell);
• withdraw consent at any time (e.g., marketing).

Submit requests at privacy@xherpa.com. We may need to verify your identity.

9) Children's Privacy

The Services are not intended for persons under 18. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us to delete it.

10) Third-Party Links & Social Logins

When you use Google/Apple sign-in or follow links to third-party sites, their privacy policies apply. We receive tokens and basic profile data needed to authenticate you.

11) Communications Preferences

You can manage marketing emails in your account settings or via the unsubscribe link. Transactional emails (receipts, security alerts) are required to operate the Service.

12) Changes to This Policy

We may update this Privacy Policy. If changes are material, we will notify you (e.g., email or in-app) and indicate the effective date.

13) Contact Us