Privacy Policy
Last updated: 13 July 2026
1. Who is responsible
The service is currently operated by Johans Rodriguez Salcedo, trading as Delivery Omniverse, based in Spain.
Privacy enquiries: [email protected]
2. Scope
This policy applies to the Delivery Omniverse public website, the LRlite WooCommerce integration, the Delivery Omniverse dashboard and related operational services.
3. Data we process
Merchant and integration data
- Merchant identity and internal account identifiers.
- Workspace Key or API Key used for server-to-server authentication.
- Store URL and store name.
- Plugin, WordPress and WooCommerce versions.
- Connection status, configuration and timestamps.
Quote and delivery data
- Pickup and drop-off addresses.
- WooCommerce order identifier.
- Selected delivery provider or Fleet Operator.
- Price, fees and currency.
- Customer name and phone number.
- Customer email when available and required.
- Delivery instructions or notes when provided.
- Weight or delivery parameters when supplied by WooCommerce.
Operational and financial records
- Delivery status and tracking information.
- External provider and order identifiers.
- Driver information and proof of delivery when available.
- Webhook events, operational history and diagnostic logs.
- Incident information and resolution records.
- Wallet balances, credits, debits and settlement records.
LRlite does not require WordPress administrator passwords, complete payment-card data or direct delivery-provider credentials from the WooCommerce plugin.
4. Why we process data
- To connect and maintain merchant integrations.
- To calculate and display delivery quotes.
- To create, dispatch, track and audit deliveries.
- To manage incidents, support and diagnostics.
- To process wallet activity, payments and reconciliation.
- To protect the service and comply with legal obligations.
5. Legal bases
Depending on the context, processing may be based on performance of a contract, steps requested before entering a contract, legitimate interests in operating and securing the service, compliance with legal obligations, and consent where legally required.
6. Service providers and recipients
Data may be processed by the following providers, only when required for the relevant service:
- Render for API and dashboard hosting in Frankfurt, Germany.
- MongoDB Atlas for database services in AWS Paris, France.
- Stripe for payment processing. Delivery Omniverse does not store complete card details.
- Google Workspace for corporate email and support or privacy enquiries.
- Resend for programmatic application emails when used.
- Selected delivery providers or Fleet Operators, including Shipday, Uber Direct, Stuart, Shargo or Gophr, when required to quote or execute a delivery.
Only the provider selected or required for a delivery receives the information necessary to perform that service. Data is not sent to every provider.
7. International transfers
Core API and database infrastructure is currently hosted in the European Union. Some payment, email or delivery providers may process data in other countries.
Where required, international transfers are handled using the legal and contractual safeguards made available by the relevant provider.
8. Retention
Delivery, incident, wallet, settlement and operational records are retained as necessary for service delivery, traceability, security, contractual obligations, accounting and legal compliance.
Retention periods may vary by category. Delivery Omniverse does not publish a fixed retention period where one has not yet been formally adopted.
Automated MongoDB Atlas backups and point-in-time recovery are not currently enabled.
9. Security
- HTTPS is used for public API and dashboard communications.
- Workspace Keys are merchant-scoped.
- Workspace Keys are transmitted in request headers.
- The embedded dashboard uses short-lived JWT tokens.
- The merchant API key is not exposed in iframe URLs.
- Delivery creation uses idempotency controls.
- Stripe processes payment-card data outside Delivery Omniverse.
10. Cookies and browser storage
The initial public website does not use advertising analytics or marketing cookies.
The authenticated dashboard may use technical browser storage required for authentication and application operation.
This policy will be updated before introducing non-essential analytics, advertising technologies or consent-requiring cookies.
11. Your rights
Depending on applicable law, individuals may request access, correction, export, restriction, objection or deletion of personal data.
Requests are handled manually and must be verified. Some financial, contractual, fraud-prevention or legal records may need to be retained.
Send requests to: [email protected]
Individuals may also lodge a complaint with the competent data-protection authority.
12. Changes
This policy may be updated to reflect changes in the service, providers, law or operational practices. The current version will always be published on this page.