Dory← Back

Privacy Policy

Last updated: May 2026

Introduction

Dory ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that data.

We operate as a Kodiak-based delivery platform. Our philosophy is simple: we collect only what we need to operate the service, and we're transparent about how we use it.

What We Collect

For Customers

  • Phone number (for account and SMS-based two-factor authentication)
  • Delivery address(es) and GPS location during active orders
  • Order history (what you ordered, when, from where, cost)
  • Payment information (processed by Stripe; we don't store card details)
  • Ratings and reviews you submit for restaurants or drivers
  • App usage analytics (pages viewed, time in app, feature usage)

For Restaurant Partners

  • Restaurant name, address, phone number, email, hours
  • Bank account information (for Stripe Connect payouts; Stripe stores this, not us)
  • Menu items and pricing
  • Order volume, customer ratings, and sales data
  • Stripe account ID for payment settlement

For Drivers

  • Phone number (for account and SMS-based two-factor authentication)
  • Real-time GPS location (only while on an active delivery)
  • Name and driver profile information
  • Bank account information (for Stripe Connect payouts; Stripe stores this, not us)
  • Delivery history, ratings, and earnings data

How We Use Your Information

  • To operate the service: Match customers with drivers, route deliveries, process payments, notify all parties of order status
  • To improve the app: Analyze usage patterns, identify bugs, and make features better
  • For compliance: Respond to legal requests, prevent fraud, enforce our Terms of Service
  • To contact you: SMS notifications for order updates, account security, or (if you opted in) marketing about new features
  • For analytics: Understand how Dory is used so we can optimize the experience

We do NOT sell your data to third parties. Period.

Third-Party Integrations

Dory uses the following services, which may have access to limited data:

  • Stripe: Payment processing and payouts (bank account info, payment intent data)
  • Stripe Connect: Restaurant and driver payout management
  • Twilio: SMS delivery for OTP codes and order notifications
  • Mapbox GL: Live map tracking (GPS location during active orders)
  • Supabase: Database hosting for user profiles, orders, menu data

Each of these services has its own privacy policy. We only share the minimum data necessary for each service to function.

Data Retention

Active account data: We keep your profile, address(es), and order history as long as your account is active.

After account deletion: We delete personal identifying information within 30 days, but may retain anonymized order data for business analytics (e.g., "orders per day in Kodiak," without names or addresses).

Payment records: Stripe retains payment data according to their privacy policy and payment processing requirements (typically 7 years for tax compliance).

Support messages: If you contact Dory support, we retain your message for 2 years to track support history.

Your Rights

  • Access: You can request all personal data we hold about you
  • Correction: You can update or correct inaccurate information in your profile
  • Deletion: You can request account deletion. We'll remove identifying data within 30 days
  • Opt-out of marketing: You can disable marketing SMS; order notifications are required for service
  • Data portability: You can request a copy of your data in a standard format

To exercise these rights, contact Ashmar directly at contact@dory.delivery.

Compliance & Legal Bases

GDPR (European users): If you're in Europe, we process your data based on: (1) contract necessity (to fulfill your delivery), (2) legal compliance (fraud prevention, tax records), or (3) legitimate business interest (improving our service).

CCPA (California users): If you're in California, you have the right to know what data we collect and how it's used, plus the right to delete and opt-out of data selling (which we don't do anyway).

Alaska: Dory complies with applicable Alaska privacy and consumer protection laws.

Security

We use industry-standard encryption (HTTPS/TLS) for all data in transit. Passwords are hashed, and we don't store payment card details. However, no system is 100% secure — if you suspect a data breach, contact us immediately.

Changes to This Policy

We may update this Privacy Policy as our service evolves. If we make material changes, we'll notify you via email or in-app notification. Your continued use of Dory means you accept the updated policy.

Questions?

If you have privacy concerns or questions about how we use your data, reach out directly to Ashmar at contact@dory.delivery.