Privacy Policy v1.0 · Effective 2 July 2026
These documents are provided for transparency and operational clarity. They are not a substitute for independent legal advice.
This Privacy Policy explains how KarDo (“we”, “us”, “our”) collects, uses, shares, stores, and protects personal information when you use the KarDo website, mobile apps, and related services in Pakistan and through our service providers.
KarDo is a marketplace platform for cab rides, city-to-city seats, quick tasks, grocery pickup, medicine pickup, repairs, and related services. This policy applies to customers, workers, drivers, and visitors who interact with our Platform.
By using KarDo, you acknowledge this Privacy Policy. If you do not agree, please do not use the Platform.
We collect information you provide directly, information generated through your use of the Platform, information from your device, and information from verification and support processes.
This may include your name, phone number, email (if provided), account role (customer or worker), city and area, profile details, verification status, suspension or ban flags, and authentication records managed through our auth provider.
When you post or book services, we collect descriptions, budgets or fares, pickup and drop-off text and coordinates, passenger counts, vehicle preferences, promo or reward attachments, voice notes, repair quote details, grocery or medicine cart contents, pharmacy or store selections, prescription flags, and order status history.
Workers and drivers may submit CNIC details, licence information, vehicle registration details, selfies, shop photos, skill verification materials, and related metadata extracted during review.
We may store document images in secure private storage and record reviewer decisions, rejection reasons, and timestamps.
We collect location when you search places, set pickup or drop-off points, show nearby workers or stores, or share live progress during active services.
Location may come from device GPS, map selections, or address text converted through mapping services.
On the mobile app, workers and drivers may enable background location only during an active job, cab ride, or supported city-seats trip so customers can track progress if the app is in the background.
We do not use background location for general browsing, advertising profiles, or inactive accounts. When the active service ends, background updates should stop subject to device and OS behavior.
Uploads may include CNIC images, licences, vehicle documents, selfies, shop proof, dispute evidence, grocery or medicine-related images, and short job voice notes.
Authorized KarDo staff or automated review tools may access these files for verification, fraud prevention, dispute handling, and safety investigations.
We process wallet balances, commission transactions, top-up requests, payment provider references, promo and voucher usage, customer reward ledger entries, KarDo Credits entries, and related metadata.
Payment card or wallet credentials are handled by payment partners where applicable; KarDo generally receives status and reconciliation data rather than full card numbers.
We may collect device type, operating system, app version, push notification tokens, locale, timezone, IP address, request logs, error reports, and diagnostic events.
This helps us secure accounts, debug failures, measure performance, and deliver notifications.
We use personal information to:
Customers may see worker or driver live location only for accepted or active services according to in-app rules. Workers and drivers see customer pickup and drop-off details needed to complete the job.
Map previews and routing may use third-party mapping providers. Approximate location may be used for city-to-city progress displays where exact GPS is unavailable or stale.
We use trusted infrastructure and service providers to operate KarDo. Depending on configuration, these may include:
We may access, preserve, and disclose information if we believe it is reasonably necessary to comply with law, respond to lawful requests, protect users and the public, investigate fraud, enforce Terms, or defend legal claims.
We keep information for as long as needed to provide services, resolve disputes, meet accounting and tax obligations, prevent fraud, and comply with law.
Some verification, wallet, reward, and dispute records may be kept longer than general profile data. Rejected verification documents may be deleted after review periods described in internal retention practices. Audio notes and logs may be purged on rolling schedules.
We use access controls, authenticated APIs, private storage for sensitive documents, rate limits, monitoring, and administrative review processes. No method of transmission or storage is completely secure.
You are responsible for protecting your phone, OTP codes, and device permissions.
You can update parts of your profile in the app, manage notification preferences, control device location permissions, and choose whether to enable push notifications.
Depending on applicable law, you may request access, correction, or deletion of certain personal information by contacting support.
You may request account closure or data deletion by contacting support@kardo.pk with your registered phone number and request details.
We may retain limited records where necessary for fraud prevention, unresolved disputes, commission accounting, legal compliance, or safety investigations even after account deletion.
KarDo is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us to request deletion.
KarDo is operated for users in Pakistan, but our cloud providers and partners may process data in Pakistan and in other countries where their servers are located, including the United States and other regions used by Supabase, AWS, Google, Expo, or similar vendors.
By using KarDo, you understand that data may be transferred to jurisdictions with different data protection laws, subject to contractual and security safeguards used by our providers.
We may update this Privacy Policy from time to time. The version and effective date at the top of the document will change when we do. Continued use after an update means you accept the revised policy where permitted by law.
Privacy questions and data requests: use the contact details shown at the bottom of this page.
This Privacy Policy version 1.0 is effective from the date shown at the top of this document unless a newer version is published.