RB
✦ Privacy Policy

Your data. Briefly.

We collect only what the service needs to work. No third-party advertising, no data selling, no hidden trackers.

Last updated: 31 May 2026.

1. Who we are

RomBa is a platform for trusted hand-over of duty-free goods by a faithful courier who is already flying your route. This policy describes which personal data we process, why, and who we share it with.

Data controller: HAKOBI-TECH LTD, operations in the UAE. Privacy contact: privacy@rodstvennik.org.

2. What data we collect

Contact: name from passport (for KYC), email via Stripe Customer. Payment data: card number, expiry and CVC are processed by Stripe — we only receive a token and the last 4 digits; order and payout history stays with us. Government ID: a salted SHA-256 hash of the passport is computed on-device after reading the ICAO eMRTD NFC chip; the passport image never leaves the device.

Location: precise coordinates at the moment we confirm you're in a duty-free hub or at the hand-over point (geofence of 30–45 km around the airport). User content: receipt and item photos (OCULAR), short ultrasonic audio frames (ECHO) to prove physical co-presence. Identifiers: hardware-backed device_id, Stripe account, transaction IDs. Purchase history: your orders, routes, statuses, tips. Usage & diagnostics: anonymised metrics and crash reports via Apple/Google system services.

3. Why we collect it

To run the service: match you with a faithful courier on your route, place the order and the payment, issue a per-order Stripe Issuing virtual card to buy at the duty-free, complete the OCULAR hand-over.

To keep both sides safe: KYC on both sides, anti-fraud, payment escrow, tamper-proof hand-over log. To comply with law: tax/customs, AML checks, responses to lawful regulator requests. To improve the product: aggregated analytics and crash reports — always on anonymised data.

4. Who we share data with

Stripe Payments Europe Ltd — payments, escrow, issuing virtual cards, paying out faithfuls via Stripe Connect. Stripe is an independent controller for payment operations: stripe.com/privacy. Apple and Google — system services (push notifications, crash reports).

Anthropic PBC — if you use the in-app AI assistant, its messages are sent to Anthropic via the Claude API; Anthropic does not use your prompts to train models. Legal authorities — we will disclose data only on a lawful request and, where permitted, will notify you. We never sell your data to ad networks, data brokers or any third party for marketing profiling.

5. Where and how long we keep it

Primary storage: EU-based servers. Stripe processes data on EU/US infrastructure under EU Standard Contractual Clauses (SCCs). TLS 1.3 in transit, AES-256 at rest.

Account profile: while active + 30 days. Signed hand-over contracts: 7 years (accounting/tax). Payment records: 10 years (AML/PSD2). ECHO audio and OCULAR photos: 90 days after the order closes, then auto-deletion. Metrics and logs: 12 months in identifiable form, then anonymised.

6. Your rights

If you're in the EU/UK/Switzerland, you have GDPR rights: access, rectification, erasure, restriction, portability, objection, withdrawal of consent. If you're in California, you have CCPA/CPRA rights: know, delete, correct, non-discrimination. We don't sell or share your data for targeted advertising — see our privacy choices page.

To exercise any of these rights, email privacy@rodstvennik.org. Most requests are answered within 30 days. If you're not satisfied, you have the right to lodge a complaint with your country's data-protection authority.

7. How we keep your data safe

Payment escrow: the customer's money sits in Stripe until the hand-over is signed; the faithful never has access to the customer's balance. Per-order virtual card: a one-shot Stripe Issuing card, 5 minutes at the till, never linked to your bank account.

OCULAR ultrasonic hand-over: proof of meeting is a physical ultrasonic signal — remote scams are mathematically impossible. KYC on both sides: passport (NFC or OCR), Face ID, behavioural biometrics; we only store a salted hash of the passport. Hardware-backed keys live in Secure Enclave / StrongBox.

8. Age, changes, contact

The service is for users aged 17+ — the catalog includes alcohol and tobacco. We don't knowingly collect children's data; if any reaches us, tell us and we'll delete it within 7 days.

Material changes are announced inside the app at least 30 days before they take effect. The last-updated date is at the top of this page. Continued use after a change means you agree to the new version.

Privacy questions?

Drop us a note — we answer within 5 business days. For urgent data requests, tag your email [URGENT].

[email protected]