Zavengo Ltd
Last updated: April 28, 2026
Zavengo Ltd ("Zavengo", "we", "us", "our") is registered in England and Wales, company number 17138225, with registered address at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
We are the data controller for personal data collected through zavengo.com, our mobile applications, and related services (together, "the Service").
For data protection enquiries: hello@zavengo.com
Account data
Name, email address, phone number, delivery addresses, password (hashed).
Driver data
Name, email, phone, postcode, vehicle type, availability, location during active deliveries, profile photo, earnings history.
Waitlist data (pre-launch)
Name, email, phone, postcode, vehicle type — collected via our driver waitlist and customer sign-up forms.
Order data
Items ordered, delivery addresses, order history, payment information (processed by Stripe — we do not store card numbers), receipt images, AI shopping assistant conversations.
Technical data
IP address, browser type, device information, push notification tokens, cookies for authentication.
•To provide the delivery service and process your orders
•To match you with available drivers in your area
•To process payments via Stripe
•To send order updates, OTP codes, and service notifications
•To notify you when the service launches in your area (waitlist)
•To improve our AI shopping assistant and price estimates
•To prevent fraud and ensure safety (age verification, dispute resolution)
•To comply with legal obligations
•Contract: processing necessary to fulfil your order and provide the Service
•Consent: waitlist sign-ups, marketing communications, AI conversation recording
•Legitimate interest: fraud prevention, service improvement, analytics
•Legal obligation: age verification for restricted products, tax records
Drivers
Your name, delivery address, and phone number are shared with the driver assigned to your order, solely for delivery purposes.
Service providers (data processors)
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Website hosting | US/EU |
| Neon | Database | EU (London) |
| Stripe | Payment processing | US/EU |
| Cloudflare | DNS, file storage | Global |
| Resend | Transactional email | EU |
| Pusher | Real-time notifications | EU (Ireland) |
| Anthropic | AI shopping assistant | US |
| Sentry | Error monitoring | EU |
| Maps, push notifications | US/EU | |
| Apple | Push notifications (iOS) | US |
Where data is transferred outside the UK, we rely on Standard Contractual Clauses (SCCs) or UK adequacy decisions to ensure appropriate safeguards.
We do not sell your personal data to third parties.
We take reasonable measures to protect your data, including:
•AES-256-GCM encryption of sensitive personal data (names, emails, phone numbers, addresses) at rest
•Passwords hashed with scrypt (never stored in plaintext)
•HTTPS encryption for all data in transit
•Role-based access control for staff
•UK geo-restriction to limit service area
•Account data: retained while your account is active, deleted within 30 days of account deletion request
•Waitlist data: retained until the service launches in your area, or until you request deletion
•Order data: retained for 6 years for tax and legal compliance (HMRC requirement)
•AI conversations: retained for 12 months for service improvement, then anonymised
•Push notification tokens: automatically cleaned up after 30 days of inactivity
Under UK GDPR, you have the right to:
•Access your personal data (Subject Access Request)
•Rectify inaccurate or incomplete data
•Erase your data ("right to be forgotten")
•Restrict processing in certain circumstances
•Data portability — receive your data in a structured, machine-readable format
•Object to processing based on legitimate interest
•Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact hello@zavengo.com. We will respond within 30 days.
We use only essential cookies required for the Service to function:
•Session cookie (next-auth.session-token) — keeps you logged in
•Site auth cookie — for development site access
We do not use advertising, analytics, or tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies.
The Service is not intended for children under 18. We do not knowingly collect data from anyone under 18. Age-restricted products (alcohol, tobacco, vapes) require Challenge 25 ID verification upon delivery.
We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification. The "last updated" date at the top reflects the most recent revision.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk