Privacy Policy

1. Who we are

Lasta ("we", "us", "our") operates a same-day parcel delivery platform connecting customers with independent delivery drivers in Ireland. Our registered office is in Dublin, Ireland. We are the data controller for all personal data collected through our website and mobile applications.

For any privacy-related questions, contact us at: [email protected]

2. What data we collect

Customer app users

• Name, email address, and phone number (account registration)
• Pickup and delivery addresses
• Payment information (processed securely by Stripe , we do not store card details)
• Order history and delivery preferences
• Device identifiers and push notification tokens
• App usage data and crash reports

Driver app users

• Name, email address, phone number, and profile photo
• Vehicle registration and driving licence details
• Bank account details for earnings payouts
• Precise GPS location , while the app is in use and in the background during active deliveries
• Trip history and delivery performance data
• Device identifiers and push notification tokens

3. Why we collect it (legal basis)

4. Location data

Drivers: We collect precise GPS location when the Lasta Driver app is open and, during active deliveries, in the background. This is necessary to match drivers to nearby orders and to provide customers with live delivery tracking. Background location collection stops when there is no active delivery. You may revoke location permission at any time in your device settings, but this will prevent you from accepting deliveries.

Customers: We use your device location only when you grant permission, to auto-fill pickup addresses. We do not track customer location in the background.

5. Sharing your data

We share your data only where necessary:

• Stripe , payment processing. Subject to Stripe's own privacy policy.
• Supabase , cloud database infrastructure (servers in the EU).
• Expo / Firebase , push notification delivery.
• Drivers and customers , limited profile information is shared between the matched driver and customer to complete a delivery (e.g. first name, vehicle info, live location).
• Legal authorities , where required by Irish or EU law.

We do not sell your personal data to third parties.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g. financial records for 7 years under Irish tax law).

7. Your rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access , request a copy of the data we hold about you
• Rectification , correct inaccurate data
• Erasure , request deletion of your data ("right to be forgotten")
• Restriction , ask us to limit how we use your data
• Portability , receive your data in a machine-readable format
• Objection , object to processing based on legitimate interests
• Withdraw consent , at any time, where processing is based on consent

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission (Ireland's supervisory authority).

8. Security

We use industry-standard measures to protect your data, including encrypted connections (TLS), secure cloud infrastructure, and access controls. Payment data is processed by Stripe and is never stored on our servers.

9. Cookies

Our website uses cookies. See our Cookie Policy for details.

10. Children

Our services are not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy periodically. Material changes will be notified via the app or email. The date at the top of this page reflects the latest revision.