Privacy Policy

How Dibs collects, uses, and protects your personal information.

Last updated: April 15, 2026
Contents
  1. Information We Collect
  2. How We Use Your Information
  3. Information Sharing
  4. Location Data
  5. Data Retention
  6. Your Rights
  7. Cookies & Analytics
  8. Children's Privacy
  9. Changes to This Policy
  10. Contact Us

Dibs Technologies Inc. ("Dibs", "we", "us", or "our") operates the Dibs mobile application and the website dibsrun.com (collectively, the "Service"). Dibs is a peer-to-peer same-day delivery platform that connects Buyers, Sellers, and Runners — people who purchase items, people who list items for sale, and people who deliver those items.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the choices you have. By using the Service, you agree to the collection and use of information in accordance with this policy. Our Service is operated from Canada and is subject to applicable Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation.

01
Information We Collect

Account Information

When you register for a Dibs account, we collect the information you provide directly, including:

  • Full name — used to identify you within the platform and to address communications.
  • Email address — used for authentication (via Supabase Auth), transactional notifications, and support communications.
  • Phone number — used to verify your identity and to facilitate in-app communication between parties on an active order.
  • Profile photo — optional; displayed to other users during active transactions to build trust.
  • Role information — whether you are registered as a Buyer, Seller, Runner, or some combination.

Location Data

We collect location information in the following contexts:

  • Buyers — your delivery address is collected at checkout and stored as part of the order record.
  • Sellers — your pickup address (home or listing address) is collected when you create a listing and stored as part of that listing record.
  • Runners — your precise GPS location is collected continuously while you have an active delivery in progress and location sharing is enabled in-app. We do not collect background location when no delivery is active. See Section 4 for full details.

Payment Information

Payments on Dibs are processed by Stripe, Inc., a third-party payment processor. We do not collect or store full card numbers, CVV codes, or other sensitive payment card data on our servers. We receive and store:

  • A Stripe customer ID and payment method token (a non-sensitive reference) associated with your account.
  • Transaction records including amounts, timestamps, order references, and payout status.
  • For Sellers and Runners: Stripe Connect account IDs and payout information necessary to disburse earnings to your bank account.

Facebook Marketplace Listing Data

Sellers may optionally paste a Facebook Marketplace listing URL to auto-populate a listing on Dibs. When you do this, we retrieve and store the publicly available listing content (title, description, photos, and price) associated with that URL. We do not access your Facebook account, credentials, or private data. We store only the content that is already publicly visible on Facebook Marketplace.

Device & Push Notification Tokens

When you install the Dibs app and permit notifications, we collect your device's Expo push notification token. This token is used solely to deliver transactional push notifications (order updates, runner location events, payment confirmations) to your device. We also collect basic device metadata (device model, operating system version, app version) to support debugging and compatibility.

Usage & Analytics Data

We collect anonymized or pseudonymized information about how you use the Service, including:

  • Screens viewed, buttons tapped, and features used within the app.
  • Session duration and frequency of use.
  • Error and crash reports to help us identify and fix bugs.
  • IP address and approximate geographic region at the time of access.

This information is used to improve product quality and is not linked to your identity for advertising purposes.

02
How We Use Your Information

We use the personal information we collect for the following purposes:

  • Processing orders — to create, manage, and fulfill orders between Buyers, Sellers, and Runners, including confirming item availability, scheduling pickups, and confirming delivery.
  • Matching Runners to deliveries — to identify available Runners near a pickup location and present them with delivery opportunities relevant to their location and vehicle type.
  • Calculating delivery routes — we use Mapbox to compute optimal routes between pickup and drop-off addresses and to display live delivery progress on the in-app map.
  • Sending push notifications — to alert you to relevant order events such as a Runner accepting your job, arriving at pickup, completing delivery, or an order being cancelled.
  • Processing payments and payouts — to charge Buyers at checkout, hold funds in escrow during delivery, release earnings to Sellers and Runners after confirmed delivery, and issue refunds when applicable.
  • Fraud prevention and platform safety — to detect and prevent fraudulent transactions, account abuse, and policy violations, including verifying delivery confirmation codes and monitoring for unusual payment activity.
  • Customer support — to respond to your enquiries, investigate disputes, and resolve issues with orders, payments, or accounts.
  • Legal and regulatory compliance — to meet our obligations under Canadian law, including tax record-keeping and responding to lawful requests from public authorities.
  • Service improvement — to understand how users interact with the app and to develop new features and improvements.

We process your personal information only where we have a lawful basis to do so: performance of a contract (fulfilling orders you place or accept), legitimate business interests (fraud prevention, analytics), your consent (push notifications, location sharing), or legal obligation.

03
Information Sharing

We do not sell your personal information. We never sell, rent, or trade your personal data to third parties for marketing or advertising purposes.

Within a Transaction

To facilitate a delivery, limited information is shared between the parties involved:

  • Delivery address (Buyer's address) is shared only with the Runner assigned to that specific order, and only for the duration of the active delivery. It is not shared with Sellers.
  • Pickup address (Seller's address) is shared only with the assigned Runner, and only while the delivery is active. Once the delivery is completed or cancelled, the Runner's access to the address is revoked.
  • First name and profile photo of each party may be displayed to other parties on the same order to enable identification at handoff.
  • Phone number may be shared between a Runner and a Buyer or Seller only as necessary to resolve an active delivery issue, and only when both parties are connected to the same order.

Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, under contractual obligations to protect your data and use it only for the specified purpose:

  • Stripe — payment processing, fraud prevention, and payout disbursement.
  • Supabase — authentication, database infrastructure, and secure storage for account, order, and listing data.
  • Mapbox — map rendering, route calculation, and delivery tracking.
  • Expo — push notification delivery infrastructure.

Legal Disclosures

We may disclose your personal information if required to do so by law or in response to a valid order from a court, law enforcement agency, or other governmental authority. We will make reasonable efforts to notify you of such disclosures where permitted by law.

Business Transfers

In the event that Dibs is involved in a merger, acquisition, asset sale, or similar corporate transaction, your personal information may be transferred as part of that transaction. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.

04
Location Data

Location data is among the most sensitive information we handle. We treat it with particular care and apply the following practices:

Runner Location Sharing

Runners who accept a delivery job are asked to enable location sharing within the app. Location data (GPS coordinates) is transmitted to our servers and shared in real time with the Buyer (and visible on the order tracking map) only while an active delivery is in progress — that is, from the moment a Runner accepts a job until the delivery is confirmed as complete or the order is cancelled.

We do not collect or store a Runner's location data in the background when no delivery is active. If you close the app or no delivery is in progress, no location data is transmitted.

Buyer and Seller Addresses

Addresses entered by Buyers at checkout and by Sellers when creating listings are stored as part of the order and listing records respectively. These are used to generate delivery routes and calculate delivery fees.

Location Data Retention

Live location events (GPS pings transmitted during an active delivery) are purged from our systems within 30 days of the delivery completing. After this period, only the pickup and drop-off addresses (as static text fields on the order record) are retained for order history and dispute resolution purposes.

Your Control

Runners can disable location sharing at any time through the app or through their device's privacy settings. Disabling location sharing while a delivery is active will prevent real-time tracking from working correctly and may affect your ability to complete deliveries. You may also revoke location permissions from your device's app settings at any time.

05
Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by law. The following retention periods apply:

Data Type Retention Period Reason
Account information (name, email, phone) Duration of active account + 2 years after closure Account management, dispute resolution, fraud prevention
Order history (items, amounts, addresses, parties) 7 years from order date Tax compliance and regulatory record-keeping obligations
Payment transaction records 7 years from transaction date Financial record-keeping and tax compliance
Live location events (GPS pings) Purged within 30 days of delivery completion Minimal retention; location data is not required after delivery
Push notification tokens Duration of active account; removed on account deletion or token expiry Delivery of transactional notifications
Usage and analytics data Up to 24 months, then aggregated or deleted Product improvement; anonymized after retention period
Support communications 3 years from last interaction Reference for ongoing or recurring issues

When you delete your account, we initiate the deletion of your personal information within 30 days, except where retention is required by law (such as financial transaction records). Aggregate, anonymized data derived from your usage may be retained indefinitely as it no longer identifies you.

06
Your Rights

Depending on your location, you may have the following rights with respect to your personal information. We honour these rights for all users regardless of jurisdiction:

  • Right of Access — You may request a copy of the personal information we hold about you, including what data we have, how it is used, and with whom it has been shared.
  • Right to Correction — If any of the personal information we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. You can update most information directly in the app under More → Profile.
  • Right to Deletion — You may request that we delete your personal information. At this time, account deletion requests are handled through the app’s support flow and account deletion request option. Certain data may be retained where we have a legal obligation to do so (see Section 5).
  • Right to Data Portability — You may request a copy of your personal data in a structured, commonly used, machine-readable format so that you can transfer it to another service.
  • Right to Withdraw Consent — Where we process your data based on your consent (such as location sharing or push notifications), you may withdraw that consent at any time through your device or app settings without affecting the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint — If you believe we have not handled your personal information in accordance with applicable law, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy authority.

To exercise any of the above rights, please contact us at privacy@dibsrun.com. We will respond to verified requests within 30 days. We may need to verify your identity before processing your request.

07
Cookies & Analytics

Mobile App

The Dibs mobile application does not use browser cookies. The app uses local device storage (AsyncStorage) only to cache session data (such as your authentication token) to keep you logged in between app launches. This data does not leave your device except as part of authenticated API requests to our servers.

Website (dibsrun.com)

Our marketing website uses minimal, privacy-respecting analytics to understand aggregate traffic patterns (such as which pages are visited and from what geographic region). We do not use cross-site tracking cookies, third-party advertising cookies, or behavioral profiling technologies. We do not build advertising profiles based on your browsing activity.

If we add analytics tools to the website in future, they will be disclosed in an updated version of this policy and, where required, will be subject to your consent.

No Cross-Site Tracking

We do not share your browsing data with advertising networks, social media platforms, or data brokers for retargeting or behavioral advertising purposes.

08
Children's Privacy

Dibs is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18.

By creating an account, you confirm that you are at least 18 years old. If we become aware that we have collected personal information from a person under 18 without verifiable parental consent, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@dibsrun.com and we will act promptly to remove it.

09
Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will indicate the date of the most recent revision at the top of this page.

For material changes — those that significantly affect how we collect, use, or share your personal information — we will provide notice via email to the address associated with your account at least 14 days before the change takes effect. Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

For minor or clarifying changes that do not materially affect your rights, we may update this page without sending a direct notification. We encourage you to review this policy periodically.

If you do not agree to a material change, you may close your account before the change takes effect by contacting us at privacy@dibsrun.com.

10
Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact our Privacy team:

We aim to acknowledge all privacy inquiries within 5 business days and to resolve them within 30 days. For general support issues unrelated to privacy, please visit dibsrun.com/support or email support@dibsrun.com.