PassPost — Your trusted helper

Legal

Privacy Policy

Effective: April 26, 2026 · Version 1.0

Passpost AS ("Passpost", "we") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Passpost Platform, in compliance with the General Data Protection Regulation (GDPR) and applicable Norwegian data protection law.

1. Who We Are

Passpost AS is the data controller responsible for your personal data. We operate a peer-to-peer delivery marketplace connecting Senders and Carriers across city-to-city, cross-border, and diaspora corridors worldwide.

2. Data We Collect

2.1 Account Data

Full name, email address, phone number, and account credentials.

2.2 Identity Verification Data (Carriers)

Government-issued ID document and phone verification — used solely for verification purposes and handled with the highest security.

2.3 Transaction Data

Pickup/delivery addresses, item descriptions, Handover Codes, timestamps, and payment records.

2.4 Photo Trail Data

Photos captured at pickup and delivery, used solely for proof-of-condition and dispute resolution.

2.5 Usage Data

Device type, OS, app version, and anonymised usage patterns to improve performance. Never used to identify you individually.

2.6 Communications

Passpost does not monitor, track, or log in-app communications between Senders and Carriers. Phone numbers are never shared between Users.

3. How We Use Your Data

  • Create and manage your account;
  • Verify Carrier identity and eligibility;
  • Facilitate Task matching, pickup, and delivery;
  • Process payments and manage escrow;
  • Resolve disputes using photo trail and transaction records;
  • Send service notifications and important updates;
  • Comply with legal obligations including customs and AML requirements;
  • Improve and develop the Platform through anonymised analytics.

4. Legal Basis for Processing

  • Contract performance — to deliver our services to you;
  • Legal obligation — to comply with applicable law;
  • Legitimate interests — fraud prevention, Platform security, service improvement;
  • Consent — where you have given explicit consent (e.g. marketing).

5. Data Sharing

5.1 With Other Users

Limited profile information (first name, rating, verified status) is shared between Senders and Carriers. Full contact details, ID documents, and personal addresses are never shared.

5.2 With Service Providers

We share data with trusted third-party processors (payment, identity verification, cloud infrastructure) bound by GDPR-compliant data processing agreements.

5.3 Legal Disclosure

We may disclose data to law enforcement where required by law, court order, or to protect User safety.

5.4 No Sale of Data

Passpost does not sell, rent, or trade your personal data to third parties under any circumstances.

6. Data Retention

We retain your personal data while your account is active and for 5 years thereafter for legal/regulatory obligations. Identity verification documents are deleted within 30 days of account closure unless retention is required by law. Photo trail data is retained for 90 days after Task completion.

7. Your Rights

  • Right of access — request a copy of the data we hold about you;
  • Right to rectification — request correction of inaccurate data;
  • Right to erasure — request deletion ("right to be forgotten");
  • Right to restriction — limit how we use your data;
  • Right to portability — receive your data in machine-readable format;
  • Right to object — to processing based on legitimate interests;
  • Right to withdraw consent — at any time.

Contact legal@passpost.io — we respond within 30 days. You may also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no.

8. Cookies

We use essential cookies necessary for Platform functionality. We do not use tracking or advertising cookies without your explicit consent.

9. International Transfers

Your data may be transferred to and processed in countries outside the EEA. Where this occurs, we use Standard Contractual Clauses approved by the European Commission as appropriate safeguards.

10. Children's Privacy

Users aged 12–17 must have parental or guardian consent before using the Platform. We do not knowingly collect data from children under 12.

11. Changes to This Policy

Material changes will be communicated via in-app notification or email at least 14 days before taking effect.

12. Contact Us

Passpost AS

Legal & Compliance Department

Email: legal@passpost.io

Contact: philip.pollestad@hotmail.no

Platform: www.passpost.io

Passpost Privacy Policy v1.0 — Effective April 26, 2026 — © 2026 Passpost AS. All rights reserved.