Legal
Privacy Policy
Effective date: January 1, 2026 · Last updated: July 11, 2026
Cendiago Inc. (“Cendiago”, “we”, “our”) operates the Cendiago platform (the “Platform”), a peer-to-peer delivery marketplace connecting travelers with spare luggage space and senders who need goods transported. This Privacy Policy describes how we collect, use, and share personal information when you use our Platform.
By creating an account or using the Platform you agree to this Privacy Policy. If you do not agree, please do not use the Platform.
1. Information We Collect
Account Information
When you register, we collect your full name, email address, and password (hashed — never stored in plain text). We also collect your country and preferred language.
Identity Verification (Travelers Only)
To list a trip, travelers must complete identity verification. This requires:
- A government-issued photo ID (passport, national ID, or driver's licence)
- A live selfie for biometric face-matching
- Your phone number, verified via SMS one-time code
Verification is processed by our identity verification partner. Raw ID images are retained for no longer than 90 days after the verification decision, after which only the verified status and your legal first name are stored.
Flight Information (Travelers Only)
Travelers upload their flight ticket or itinerary. We extract the passenger name, departure airport, destination, and travel date in order to confirm the trip against live aviation data. Ticket images are deleted within 30 days of the trip's departure date.
Payment Information
Payment is processed by Stripe, Inc. We do not store full card numbers or bank account details on our servers. Stripe may collect and retain payment method data in accordance with its own Privacy Policy. We store transaction records (amounts, timestamps, trip IDs) for accounting and dispute purposes.
Usage and Device Information
We automatically collect information about how you use the Platform, including pages visited, search queries, buttons clicked, your IP address, browser type, device type, and operating system. This information is used for security, analytics, and to improve the Platform.
Communications
If you contact our support team, we retain records of that correspondence to help resolve disputes and improve our service.
2. How We Use Your Information
- To operate the Platform — matching senders to travelers, processing bookings, releasing escrow payments.
- To verify identity — confirming travelers meet our verification requirements before they can list trips.
- To prevent fraud and abuse — detecting unusual activity, investigating reports, enforcing our Terms of Service.
- To communicate with you — sending booking confirmations, status updates, and support responses.
- To improve the Platform — analysing usage patterns to fix bugs and build better features.
- To comply with legal obligations — responding to lawful requests from courts, regulators, or law enforcement.
3. Information Shared with Other Users
When a sender views a traveler's profile or trip listing, they see:
- The traveler's first name only
- Verified status badges (ID verified, flight verified)
- Departure and destination airports, travel date, and available space
- Average rating and number of completed trips
We never share a traveler's full name, contact details, flight number, ticket image, or government ID with senders. When a booking is accepted, we share only the first name and a platform-managed booking reference — not direct contact information.
4. Third-Party Services
We share data with the following categories of third-party providers, each under a data processing agreement:
- Stripe — payment processing and escrow
- Identity verification provider — ID and selfie matching
- Aviation data provider — flight validation
- Cloud infrastructure provider — hosting and database storage
- Analytics provider — anonymised usage analytics
We do not sell your personal information to advertisers or data brokers.
5. Data Retention
- Account data is retained while your account is active and for 3 years after closure, to satisfy legal and dispute obligations.
- Transaction records are retained for 7 years for tax and accounting purposes.
- ID images and selfies are deleted within 90 days of the verification decision.
- Flight ticket images are deleted within 30 days after the trip departure date.
6. Your Rights
Depending on where you are located, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your account and associated data
- Object to or restrict certain processing
- Receive your data in a portable format
To exercise any of these rights, email us at privacy@cendiago.com. We will respond within 30 days. Note that some data must be retained for legal reasons even after an account deletion request.
7. Security
All data in transit is encrypted using TLS. Data at rest is encrypted using AES-256. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication. We conduct periodic security reviews.
No system is perfectly secure. If you believe your account has been compromised, contact security@cendiago.com immediately.
8. Children's Privacy
The Platform is intended for users who are at least 18 years old. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Platform at least 14 days before the changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.
10. Contact Us
Cendiago Inc.
privacy@cendiago.com · +1 888 449 7755