Privacy Policy
DAY2DAYS PRIVACY POLICY
Most recent update: May 2026
INDEX
1. Scope
2. Summary of Information
3. Your Personal Data Rights
4. Data Controller of Your Personal Data
5. Useful Information if You Are a Customer
5.1 Purposes and Legitimate Basis of Processing
5.2 What Data We Hold and How It Is Collected
5.3 Recipients of Your Data
5.4 How Long We Keep Your Data
6. International Transfers
7. Automated Decision-Making and Profiling
8. Security Measures
9. Cookies
10. Artificial Intelligence
11. Changes to This Policy
12. Contact
------------------------------------------------------------
1. SCOPE
Our commitment. Day2Days is committed to respecting your privacy and protecting your personal data. The purpose of this Privacy Policy is to inform you about how we collect, use, and protect your personal data when you use our website, mobile app, or services (together, the "Platform"), in accordance with the Data Protection and Privacy Act, 2019 of Uganda and other applicable data protection laws.
Purpose of this Privacy Policy. This Privacy Policy explains how Day2Days collects and processes your personal data and your rights regarding that data. We recommend that you read it carefully.
Possible changes and updates. Due to the constant evolution of our services, this Privacy Policy may be updated from time to time. Use of the Platform after this Privacy Policy has been updated shall be deemed to constitute your acceptance of the updated Policy, to the extent permitted by law. We will notify you in advance of any substantial changes by email or through the Platform.
Any questions? If you have any doubts about this Privacy Policy, contact us at info@day2days.com.
------------------------------------------------------------
2. SUMMARY OF INFORMATION
Data Controller: DishNet Africa Ltd, operating as Day2Days, 1 Speke Road, Kampala, Uganda.
Your rights: You can exercise your rights at any time by emailing info@day2days.com. Your rights include: right of access, right to rectification, right to erasure, right to restrict processing, right to object to processing, right to data portability, and right to withdraw consent.
Why we use your data: To create and manage your account; to deliver your orders; to process payments; to provide customer support; to detect and prevent fraud; to comply with legal obligations; to send you offers and updates (with your consent); and to improve our service.
Legal basis: Performance of our contract with you, your consent, our legitimate interests, and compliance with legal obligations.
Who we share data with: Delivery riders, partner stores, payment service providers, telecommunications providers, customer support services, fraud prevention providers, and regulatory authorities where required by law.
------------------------------------------------------------
3. YOUR PERSONAL DATA RIGHTS
Privacy is your right. You may exercise the following rights free of charge at any time by contacting info@day2days.com:
- Right of access — to know what personal data we hold about you and how we process it.
- Right to rectification — to correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure — to request deletion of your personal data, where applicable. (We may need to retain certain data to comply with legal obligations.)
- Right to restrict processing — when the accuracy, legality, or necessity of processing is in question.
- Right to object — to processing of your data for direct marketing or based on our legitimate interests.
- Right to data portability — to receive your data in a structured, commonly used format.
- Right to withdraw consent — at any time, where processing is based on your consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Right to unsubscribe from marketing communications — by clicking the unsubscribe link in any marketing email, or contacting us directly.
If you believe Day2Days is in breach of data protection law, you have the right to lodge a complaint with the Personal Data Protection Office (PDPO) of Uganda.
Note that in some situations the above rights may not be exercisable or may be limited — for example, where we have a legal obligation to retain certain data, or where erasure would prevent us from fulfilling a contract with you.
------------------------------------------------------------
4. DATA CONTROLLER OF YOUR PERSONAL DATA
The Data Controller of your personal data in connection with your use of the Day2Days Platform is:
DishNet Africa Ltd (operating as Day2Days)
1 Speke Road, Kampala, Uganda
Email: info@day2days.com
------------------------------------------------------------
5. USEFUL INFORMATION IF YOU ARE A CUSTOMER
5.1 What are the purposes of data processing, and what is the legal basis?
Day2Days processes your personal data for the following purposes:
1. Legal purposes
2. Contractual purposes
3. Security purposes
4. Statistical and research purposes
5. Marketing and commercial purposes
6. Non-marketing communications
Legal purposes
We process your personal data to:
- Detect and investigate fraud and possible offences committed against our Platform and users.
- Comply with legal obligations, including tax, accounting, consumer protection, and data protection regulations.
- Manage and respond to requests to exercise your rights under data protection law.
- File, defend, or pursue legal claims.
Contractual purposes
We process your personal data to:
- Allow you to create and manage your account.
- Locate the nearest partner store and delivery rider to your delivery address (using geolocation data, with your consent).
- Process payments and refunds on your behalf.
- Send your order to the selected partner store and update you on its status.
- Assist you with reordering and suggest items based on your past orders.
- Send you receipts for your orders.
- Provide customer support to resolve any issues with your orders.
- Allow direct contact between you and your delivery rider when needed.
- Notify you of changes to our terms, privacy policy, or services.
Security purposes
We process your personal data to:
- Use device, location, profile, and usage data to prevent and detect malicious or unsafe activities, including payment fraud, account hacking, and abuse.
- Monitor activity that could indicate fraud or criminal activity related to payment methods.
- Verify legal age requirements where applicable (for example, alcohol).
Statistical and research purposes
We use aggregated and anonymised data to:
- Analyse trends, purchase behaviour, and how customers use the Platform.
- Improve our services and add new features.
Marketing and commercial purposes
With your consent, we process your personal data to:
- Send you personalised offers, promotions, discounts, and product suggestions by email, SMS, WhatsApp, or push notification.
- Carry out promotional activities including contests, sample distribution, and surveys.
- Communicate with you about new features, partner offers, and seasonal campaigns.
You can opt out of marketing communications at any time by emailing info@day2days.com or using the unsubscribe link in any marketing message.
Non-marketing communications
We process your personal data to:
- Generate and send order receipts.
- Inform you of incidents or issues with your order or our service.
- Notify you of changes to our terms, privacy policy, or cookies policy.
5.2 What kind of data do we hold about you and how is it collected?
Information supplied directly by you:
- Registration data: your name, email address, mobile phone number, and password when you create an account.
- Profile information: delivery address, alternative addresses, contact preferences. You can view and edit your profile at any time.
- Payment information: processed by our authorised payment service providers. Card details are tokenized and Day2Days does not store full card numbers on our systems.
- Order data: the items you order, frequency of orders, delivery instructions, and any feedback or ratings you provide.
- Communications: messages exchanged with our customer support team or with delivery riders through our chat system.
- Additional information: any other information you choose to provide, such as billing address for invoices or photographs uploaded with reviews.
Information collected indirectly:
- Usage data: how you interact with our Platform, pages viewed, items browsed, time spent.
- Device data: IP address, browser type and version, operating system, device type, language settings.
- Geolocation data: real-time location data (only with your explicit consent) to find nearby stores and provide delivery.
- Cookies: we use cookies and similar technologies as described in our Cookies Policy.
- Third-party data: if you register or log in using a third-party service such as Google or Facebook, we receive certain profile information from that service as authorised by you.
Important security note: Day2Days will never ask you to provide your password or full card details by email, SMS, or phone call. If you receive such a request, please do not respond and contact us immediately at info@day2days.com.
5.3 Who do we share your data with, and why?
We do not sell, rent, or trade your personal data. We share it only where necessary to provide our services or to comply with the law.
When carrying out your order, we may share data with:
- The delivery rider assigned to collect and deliver your order — name, delivery address, phone number, and order details.
- Partner stores fulfilling your order — your name, delivery address, contact number, and order items.
- Payment service providers — to process payments securely (mobile money, card, cash).
- Customer support providers — to handle queries, complaints, and incidents related to your order.
- SMS, WhatsApp, and email service providers — to send order confirmations, status updates, and OTPs.
For broader business operations, we may share data with:
- Fraud prevention service providers — to detect and prevent fraudulent transactions.
- Cloud hosting and IT service providers — to securely store and process data.
- Professional advisers — including accountants, lawyers, and insurance providers, where necessary.
- Government authorities, regulators, and law enforcement — where required by law, court order, or to prevent and investigate fraud or criminal activity.
- Group companies — entities affiliated with DishNet Africa Ltd, where necessary for service provision.
All third parties we share data with are required to process it in accordance with this Privacy Policy and applicable data protection laws.
5.4 How long do we keep your data?
We retain your personal data for the duration of your relationship with Day2Days (i.e. while your account is active) and, after termination, for the period required by law to defend or file legal claims, comply with tax and accounting obligations, and meet our regulatory duties.
The general maximum retention period is up to ten (10) years after the end of the relationship, in line with Uganda's tax and commercial record-keeping requirements. Specific data may be retained for shorter or longer periods depending on its purpose:
- Account information: while your account is active; deleted on request, subject to legal retention obligations.
- Order history and receipts: 10 years (tax and accounting compliance).
- Customer support communications: up to 3 years after closure of the matter.
- Marketing consent records: until consent is withdrawn, plus a short period to evidence the withdrawal.
- Fraud-related data: up to 10 years where retention is necessary for legal claims.
- Cookies and device data: as described in our Cookies Policy.
------------------------------------------------------------
6. INTERNATIONAL TRANSFERS
Your personal data is primarily processed and stored in Uganda. However, some of our service providers (for example, cloud hosting, payment processing, or email delivery) may be located outside Uganda. Where personal data is transferred internationally, we put appropriate safeguards in place, such as contractual data protection commitments, to ensure your data remains protected.
------------------------------------------------------------
7. AUTOMATED DECISION-MAKING AND PROFILING
We do not make decisions that significantly affect you based solely on automated processing of your data. We may use automated tools to personalise your experience — for example, recommending items based on your past orders or suggesting nearby stores — but these do not have legal effects on you.
You may object to profiling at any time by emailing info@day2days.com.
------------------------------------------------------------
8. SECURITY MEASURES
Day2Days has implemented technical and organisational measures to protect your personal data against unauthorised access, alteration, loss, or disclosure. These include encrypted connections (HTTPS), access controls, secure payment processing through PCI-compliant providers, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.
------------------------------------------------------------
9. COOKIES
We use our own and third-party cookies to enable basic functionality, remember your preferences, analyse Platform usage, and (with your consent) deliver personalised advertising. For full details, please see our Cookies Policy.
------------------------------------------------------------
10. ARTIFICIAL INTELLIGENCE
We may use artificial intelligence technology, such as chatbots, to assist with customer support and to improve product recommendations. When AI tools are used, we maintain control over your data and do not share it with third parties to train AI models. Where AI is used, human review is available on request, and decisions with legal effects are not made by AI alone.
------------------------------------------------------------
11. CHANGES TO THIS POLICY
This Privacy Policy may be updated periodically. Material changes will be communicated to you by email or through a notice on the Platform before they take effect. The most recent update date is shown at the top of this Policy.
We will never modify this Policy in a way that reduces the protection of personal data we have already collected, without your consent.
------------------------------------------------------------
12. CONTACT
For any questions about this Privacy Policy, to exercise your rights, or to raise a privacy concern, please contact:
DishNet Africa Ltd (Day2Days)
Privacy Contact
1 Speke Road, Kampala, Uganda
Email: info@day2days.com
If you are not satisfied with our response, you may contact the Personal Data Protection Office (PDPO) of Uganda.
Most recent update: May 2026
INDEX
1. Scope
2. Summary of Information
3. Your Personal Data Rights
4. Data Controller of Your Personal Data
5. Useful Information if You Are a Customer
5.1 Purposes and Legitimate Basis of Processing
5.2 What Data We Hold and How It Is Collected
5.3 Recipients of Your Data
5.4 How Long We Keep Your Data
6. International Transfers
7. Automated Decision-Making and Profiling
8. Security Measures
9. Cookies
10. Artificial Intelligence
11. Changes to This Policy
12. Contact
------------------------------------------------------------
1. SCOPE
Our commitment. Day2Days is committed to respecting your privacy and protecting your personal data. The purpose of this Privacy Policy is to inform you about how we collect, use, and protect your personal data when you use our website, mobile app, or services (together, the "Platform"), in accordance with the Data Protection and Privacy Act, 2019 of Uganda and other applicable data protection laws.
Purpose of this Privacy Policy. This Privacy Policy explains how Day2Days collects and processes your personal data and your rights regarding that data. We recommend that you read it carefully.
Possible changes and updates. Due to the constant evolution of our services, this Privacy Policy may be updated from time to time. Use of the Platform after this Privacy Policy has been updated shall be deemed to constitute your acceptance of the updated Policy, to the extent permitted by law. We will notify you in advance of any substantial changes by email or through the Platform.
Any questions? If you have any doubts about this Privacy Policy, contact us at info@day2days.com.
------------------------------------------------------------
2. SUMMARY OF INFORMATION
Data Controller: DishNet Africa Ltd, operating as Day2Days, 1 Speke Road, Kampala, Uganda.
Your rights: You can exercise your rights at any time by emailing info@day2days.com. Your rights include: right of access, right to rectification, right to erasure, right to restrict processing, right to object to processing, right to data portability, and right to withdraw consent.
Why we use your data: To create and manage your account; to deliver your orders; to process payments; to provide customer support; to detect and prevent fraud; to comply with legal obligations; to send you offers and updates (with your consent); and to improve our service.
Legal basis: Performance of our contract with you, your consent, our legitimate interests, and compliance with legal obligations.
Who we share data with: Delivery riders, partner stores, payment service providers, telecommunications providers, customer support services, fraud prevention providers, and regulatory authorities where required by law.
------------------------------------------------------------
3. YOUR PERSONAL DATA RIGHTS
Privacy is your right. You may exercise the following rights free of charge at any time by contacting info@day2days.com:
- Right of access — to know what personal data we hold about you and how we process it.
- Right to rectification — to correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure — to request deletion of your personal data, where applicable. (We may need to retain certain data to comply with legal obligations.)
- Right to restrict processing — when the accuracy, legality, or necessity of processing is in question.
- Right to object — to processing of your data for direct marketing or based on our legitimate interests.
- Right to data portability — to receive your data in a structured, commonly used format.
- Right to withdraw consent — at any time, where processing is based on your consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Right to unsubscribe from marketing communications — by clicking the unsubscribe link in any marketing email, or contacting us directly.
If you believe Day2Days is in breach of data protection law, you have the right to lodge a complaint with the Personal Data Protection Office (PDPO) of Uganda.
Note that in some situations the above rights may not be exercisable or may be limited — for example, where we have a legal obligation to retain certain data, or where erasure would prevent us from fulfilling a contract with you.
------------------------------------------------------------
4. DATA CONTROLLER OF YOUR PERSONAL DATA
The Data Controller of your personal data in connection with your use of the Day2Days Platform is:
DishNet Africa Ltd (operating as Day2Days)
1 Speke Road, Kampala, Uganda
Email: info@day2days.com
------------------------------------------------------------
5. USEFUL INFORMATION IF YOU ARE A CUSTOMER
5.1 What are the purposes of data processing, and what is the legal basis?
Day2Days processes your personal data for the following purposes:
1. Legal purposes
2. Contractual purposes
3. Security purposes
4. Statistical and research purposes
5. Marketing and commercial purposes
6. Non-marketing communications
Legal purposes
We process your personal data to:
- Detect and investigate fraud and possible offences committed against our Platform and users.
- Comply with legal obligations, including tax, accounting, consumer protection, and data protection regulations.
- Manage and respond to requests to exercise your rights under data protection law.
- File, defend, or pursue legal claims.
Contractual purposes
We process your personal data to:
- Allow you to create and manage your account.
- Locate the nearest partner store and delivery rider to your delivery address (using geolocation data, with your consent).
- Process payments and refunds on your behalf.
- Send your order to the selected partner store and update you on its status.
- Assist you with reordering and suggest items based on your past orders.
- Send you receipts for your orders.
- Provide customer support to resolve any issues with your orders.
- Allow direct contact between you and your delivery rider when needed.
- Notify you of changes to our terms, privacy policy, or services.
Security purposes
We process your personal data to:
- Use device, location, profile, and usage data to prevent and detect malicious or unsafe activities, including payment fraud, account hacking, and abuse.
- Monitor activity that could indicate fraud or criminal activity related to payment methods.
- Verify legal age requirements where applicable (for example, alcohol).
Statistical and research purposes
We use aggregated and anonymised data to:
- Analyse trends, purchase behaviour, and how customers use the Platform.
- Improve our services and add new features.
Marketing and commercial purposes
With your consent, we process your personal data to:
- Send you personalised offers, promotions, discounts, and product suggestions by email, SMS, WhatsApp, or push notification.
- Carry out promotional activities including contests, sample distribution, and surveys.
- Communicate with you about new features, partner offers, and seasonal campaigns.
You can opt out of marketing communications at any time by emailing info@day2days.com or using the unsubscribe link in any marketing message.
Non-marketing communications
We process your personal data to:
- Generate and send order receipts.
- Inform you of incidents or issues with your order or our service.
- Notify you of changes to our terms, privacy policy, or cookies policy.
5.2 What kind of data do we hold about you and how is it collected?
Information supplied directly by you:
- Registration data: your name, email address, mobile phone number, and password when you create an account.
- Profile information: delivery address, alternative addresses, contact preferences. You can view and edit your profile at any time.
- Payment information: processed by our authorised payment service providers. Card details are tokenized and Day2Days does not store full card numbers on our systems.
- Order data: the items you order, frequency of orders, delivery instructions, and any feedback or ratings you provide.
- Communications: messages exchanged with our customer support team or with delivery riders through our chat system.
- Additional information: any other information you choose to provide, such as billing address for invoices or photographs uploaded with reviews.
Information collected indirectly:
- Usage data: how you interact with our Platform, pages viewed, items browsed, time spent.
- Device data: IP address, browser type and version, operating system, device type, language settings.
- Geolocation data: real-time location data (only with your explicit consent) to find nearby stores and provide delivery.
- Cookies: we use cookies and similar technologies as described in our Cookies Policy.
- Third-party data: if you register or log in using a third-party service such as Google or Facebook, we receive certain profile information from that service as authorised by you.
Important security note: Day2Days will never ask you to provide your password or full card details by email, SMS, or phone call. If you receive such a request, please do not respond and contact us immediately at info@day2days.com.
5.3 Who do we share your data with, and why?
We do not sell, rent, or trade your personal data. We share it only where necessary to provide our services or to comply with the law.
When carrying out your order, we may share data with:
- The delivery rider assigned to collect and deliver your order — name, delivery address, phone number, and order details.
- Partner stores fulfilling your order — your name, delivery address, contact number, and order items.
- Payment service providers — to process payments securely (mobile money, card, cash).
- Customer support providers — to handle queries, complaints, and incidents related to your order.
- SMS, WhatsApp, and email service providers — to send order confirmations, status updates, and OTPs.
For broader business operations, we may share data with:
- Fraud prevention service providers — to detect and prevent fraudulent transactions.
- Cloud hosting and IT service providers — to securely store and process data.
- Professional advisers — including accountants, lawyers, and insurance providers, where necessary.
- Government authorities, regulators, and law enforcement — where required by law, court order, or to prevent and investigate fraud or criminal activity.
- Group companies — entities affiliated with DishNet Africa Ltd, where necessary for service provision.
All third parties we share data with are required to process it in accordance with this Privacy Policy and applicable data protection laws.
5.4 How long do we keep your data?
We retain your personal data for the duration of your relationship with Day2Days (i.e. while your account is active) and, after termination, for the period required by law to defend or file legal claims, comply with tax and accounting obligations, and meet our regulatory duties.
The general maximum retention period is up to ten (10) years after the end of the relationship, in line with Uganda's tax and commercial record-keeping requirements. Specific data may be retained for shorter or longer periods depending on its purpose:
- Account information: while your account is active; deleted on request, subject to legal retention obligations.
- Order history and receipts: 10 years (tax and accounting compliance).
- Customer support communications: up to 3 years after closure of the matter.
- Marketing consent records: until consent is withdrawn, plus a short period to evidence the withdrawal.
- Fraud-related data: up to 10 years where retention is necessary for legal claims.
- Cookies and device data: as described in our Cookies Policy.
------------------------------------------------------------
6. INTERNATIONAL TRANSFERS
Your personal data is primarily processed and stored in Uganda. However, some of our service providers (for example, cloud hosting, payment processing, or email delivery) may be located outside Uganda. Where personal data is transferred internationally, we put appropriate safeguards in place, such as contractual data protection commitments, to ensure your data remains protected.
------------------------------------------------------------
7. AUTOMATED DECISION-MAKING AND PROFILING
We do not make decisions that significantly affect you based solely on automated processing of your data. We may use automated tools to personalise your experience — for example, recommending items based on your past orders or suggesting nearby stores — but these do not have legal effects on you.
You may object to profiling at any time by emailing info@day2days.com.
------------------------------------------------------------
8. SECURITY MEASURES
Day2Days has implemented technical and organisational measures to protect your personal data against unauthorised access, alteration, loss, or disclosure. These include encrypted connections (HTTPS), access controls, secure payment processing through PCI-compliant providers, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.
------------------------------------------------------------
9. COOKIES
We use our own and third-party cookies to enable basic functionality, remember your preferences, analyse Platform usage, and (with your consent) deliver personalised advertising. For full details, please see our Cookies Policy.
------------------------------------------------------------
10. ARTIFICIAL INTELLIGENCE
We may use artificial intelligence technology, such as chatbots, to assist with customer support and to improve product recommendations. When AI tools are used, we maintain control over your data and do not share it with third parties to train AI models. Where AI is used, human review is available on request, and decisions with legal effects are not made by AI alone.
------------------------------------------------------------
11. CHANGES TO THIS POLICY
This Privacy Policy may be updated periodically. Material changes will be communicated to you by email or through a notice on the Platform before they take effect. The most recent update date is shown at the top of this Policy.
We will never modify this Policy in a way that reduces the protection of personal data we have already collected, without your consent.
------------------------------------------------------------
12. CONTACT
For any questions about this Privacy Policy, to exercise your rights, or to raise a privacy concern, please contact:
DishNet Africa Ltd (Day2Days)
Privacy Contact
1 Speke Road, Kampala, Uganda
Email: info@day2days.com
If you are not satisfied with our response, you may contact the Personal Data Protection Office (PDPO) of Uganda.
