Data Protection Policy

Last Updated: January 17, 2026

Mani Me Ltd ("we," "our," or "us") is committed to protecting the privacy and security of your personal data. This Data Protection Policy outlines our commitment to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Our Commitment

We are committed to:

• Processing personal data lawfully, fairly, and transparently
• Collecting data for specified, explicit, and legitimate purposes
• Ensuring data is adequate, relevant, and limited to what is necessary
• Keeping data accurate and up to date
• Storing data only as long as necessary
• Processing data securely with appropriate technical and organizational measures

2. Data Controller

Mani Me Ltd is the data controller for personal data collected through our services. This means we determine the purposes and means of processing your personal data.

Contact Details:

• Company: Mani Me Ltd
• Address: London, United Kingdom
• Email: dpo@manimeapp.com
• Phone: +44 7958 086887

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with data protection laws.

DPO Contact: dpo@manimeapp.com

4. Lawful Basis for Processing

We process personal data only when we have a valid legal basis. The lawful bases we rely on include:

4.1 Contract Performance

Processing necessary to fulfill our contractual obligations to you, including:

• Processing bookings and shipments
• Arranging pickup and delivery
• Processing payments
• Providing tracking information

4.2 Legal Obligation

Processing required to comply with legal requirements, including:

• Customs declarations and documentation
• Tax and accounting records
• Responding to legal requests from authorities

4.3 Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Improving our services
• Preventing fraud
• Ensuring network and information security
• Business analytics and reporting

4.4 Consent

Processing based on your explicit consent, including:

• Marketing communications
• Location tracking for delivery optimization
• Push notifications

5. Your Data Protection Rights

Under UK GDPR, you have the following rights:

5.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will respond within one month of receiving your request.

5.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

5.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes collected.

5.4 Right to Restrict Processing

You have the right to request that we limit the processing of your personal data in certain circumstances.

5.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.

5.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

5.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

6. Exercising Your Rights

To exercise any of your data protection rights:

1. Email us at privacy@manimeapp.com
2. Include your full name and email address used for registration
3. Specify which right(s) you wish to exercise
4. Provide any additional information to help us locate your data

We will respond to your request within one month. If your request is complex, we may extend this by a further two months, but we will inform you of any extension within the initial one-month period.

7. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

• 256-bit SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Secure cloud infrastructure with ISO 27001 certification
• Regular security testing and vulnerability assessments
• Multi-factor authentication for system access
• Automated backup systems

Organizational Measures

• Data protection training for all staff
• Access controls based on role and necessity
• Confidentiality agreements with employees
• Data processing agreements with third parties
• Regular privacy impact assessments
• Incident response procedures

8. Data Breach Procedures

In the event of a personal data breach:

1. We will assess the risk to individuals' rights and freedoms
2. High-risk breaches will be reported to the ICO within 72 hours
3. Affected individuals will be notified without undue delay if there is a high risk
4. We will document all breaches, including actions taken

9. International Data Transfers

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place:

• Transfers to countries with adequate protection (as determined by the UK)
• Standard Contractual Clauses approved by the UK ICO
• Binding Corporate Rules for intra-group transfers
• Explicit consent for specific transfers

10. Data Retention

We retain personal data only as long as necessary:

Data Type	Retention Period
Account Information	Duration of account + 2 years
Shipment Records	7 years (customs/tax compliance)
Payment Records	7 years (financial regulations)
Marketing Preferences	Until consent withdrawn
Support Communications	3 years from last contact

11. Third-Party Processors

We work with trusted third-party processors who comply with UK GDPR:

• Stripe: Payment processing (PCI DSS compliant)
• MongoDB Atlas: Database hosting (SOC 2 certified)
• Firebase: Authentication and notifications
• Render: Cloud hosting infrastructure

All third-party processors are bound by data processing agreements.

12. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority:

13. Policy Updates

We review this policy annually and update it when necessary. Changes will be posted on this page with an updated "Last Updated" date.