📄 Privacy Policy

Your data, plainly explained.

What we collect, why we collect it, who we share it with, and how you stay in control. Written so you can actually read it.

Last updated · 2 June 2026

Madyo Limited (“Madyo,” “we,” or “us”) is the data controller for the personal information described in this Privacy Policy. We are based in Lilongwe, Malawi. This Policy explains how we handle personal data when you use the Madyo website at madyomw.com, our mobile applications, and related services (collectively, the “Service”).

This Policy works alongside our Terms of Service. By using the Service, you confirm that you have read and understood how we handle your data as described here.

1. The data we collect

We collect only what we need to run the Service, deliver your orders, keep our platform safe, and improve over time. Specifically:

Account & identity

  • Name, email address, phone number, and a password that we never store in plain text;
  • Optional profile information (display name, profile photo) that you choose to add.

Order & transaction data

  • What you ordered, when you ordered it, the Vendor you ordered from, the price you paid, the payment method, and any instructions you added;
  • For cash-on-delivery orders, the amount due and any related confirmations;
  • Loyalty or wallet balances tied to your account.

Delivery location data

  • The delivery addresses you save, including any landmarks, gate codes, and contact phone numbers you add;
  • Approximate or precise location (with your permission) at the time you place an order, so we can quote a delivery fee and route a Rider to you;
  • Your live location during an active delivery, where you choose to share it.

Device & usage data

  • Device type, operating system, app version, language and time-zone;
  • Crash logs and performance diagnostics needed to keep the apps working;
  • Basic interaction events (which screens you visited, which buttons you tapped) that we use to improve the product. These are described in detail in our Cookie Policy.

Support & communications

  • Messages you send through the in-app support chat, emails you send us, and any reviews or ratings you publish.

2. How we use your data

We use the data we collect for the following purposes:

  • To fulfil orders: route your order to the right Vendor and Rider, calculate the delivery fee, confirm payment, and keep you updated until the food arrives;
  • To run your account: let you sign in, recover your account, save addresses, see your order history, and contact us;
  • To keep the platform safe: detect and prevent fraud, abuse, and security threats;
  • To improve the Service:understand which features are working, which are confusing, and where we're failing customers. This is always done in aggregate where possible;
  • To talk to you: service messages (order status, password resets, important account changes) and, with your permission, marketing about new features or kitchens. You can opt out of marketing at any time;
  • To comply with the law: respond to lawful requests from regulators, courts, or law-enforcement bodies operating in Malawi.

3. Who we share data with

We do not sell your personal data. We share specific pieces of it with the following categories of recipients, only where necessary to provide the Service:

  • Vendors receive the items you ordered, any preparation instructions, and the order number. Vendors do not see your full address or phone number unless required for the order (for example, if they call you about an out-of-stock item);
  • Riders receive your name, delivery address, phone number and any delivery notes — only for the duration of an active delivery to you;
  • Payment processors (mobile-money networks, card-payment providers) process card or mobile-money payments you make. They handle that data under their own terms;
  • Service providers who help us run the platform (cloud hosting, email delivery, error monitoring) — under written agreements that bind them to confidentiality and data-protection obligations;
  • Authorities where we are legally required to disclose information.

4. How long we keep data

We keep personal data only for as long as we need it for the purposes described in this Policy, or for as long as the law requires us to. As a general rule:

  • Account data stays with us while your account is active and for a reasonable period after closure (typically two years) to handle disputes and meet legal obligations;
  • Order history is retained for the period required by Malawian tax and accounting law (currently six years from the date of the transaction);
  • Live delivery location is kept only for the duration of the delivery and a short audit window afterwards;
  • Support messages are retained for as long as needed to resolve the issue and reasonable time afterwards for quality review.

When we no longer need data, we delete it or render it permanently anonymous.

5. Your rights

You have the right to:

  • Access the personal data we hold about you;
  • Correct data that is inaccurate or out of date;
  • Delete your account and the personal data tied to it, subject to data we are legally required to keep;
  • Restrict or object to certain types of processing, including direct marketing;
  • Withdraw consent at any time where we rely on consent (for example, marketing communications or live location).

To exercise any of these rights, email us at privacy@madyomw.com. We aim to respond within thirty (30) days. For account deletion specifically, see Section 6 below for the step-by-step process.

6. How to delete your account

You can delete your Madyo account at any time. There are two ways:

From inside the Madyo customer app

  1. Open the Madyo app and sign in;
  2. Go to ProfileSettings Delete account;
  3. Confirm by tapping Delete my account and entering your password.

The request is processed immediately. You will be signed out and your account will be marked for deletion.

By email

If you cannot access the app — or you would rather have a written record — email us from the address on your Madyo account to privacy@madyomw.com with the subject line “Delete my account”. We may ask one verification question to confirm it is really you, then process the deletion within seven (7) calendar days.

What gets deleted

  • Your profile (name, email, phone, password, profile photo);
  • Your saved delivery addresses and contact details;
  • Your in-app chat history;
  • Your push notification tokens and device identifiers;
  • Your wallet balance, loyalty points, and saved preferences.

What we keep, and why

A small amount of data is retained even after account deletion, either because we are legally required to keep it or because it is permanently de-identified before it can be removed:

  • Order and payment recordsare retained for the six (6) year period required by Malawian tax and accounting law. After deletion, these records are unlinked from your identity wherever possible (for example, your name and contact details are scrubbed and replaced with a generic “Deleted customer” placeholder);
  • Anonymous, aggregated analytics that cannot reasonably be tied back to you (for example, daily order counts) may be retained indefinitely;
  • Records of any unresolved support, fraud, or legal matter are retained until that matter is fully resolved.

What happens to in-flight orders

You cannot delete your account while you have an order that is paid, accepted, or out for delivery. Please wait for the order to be marked as delivered or cancelled, then start the deletion process.

Deletion is permanent

Once we have completed deletion, your account cannot be restored. You are free to sign up again with the same email or phone number at any time — that will create a brand-new account with no connection to the deleted one.

7. Security of your data

We use commercially reasonable technical and organisational measures to protect your data. These include encryption of data in transit, restricted access to production systems, audit logs, and regular security reviews. We require staff and contractors who handle personal data to operate under strict confidentiality obligations.

No system is perfectly secure. If we become aware of a security incident that materially affects your data, we will notify you and the relevant authorities as required by Malawian law.

8. Children

Madyo is not directed to children under the age of 18, and we do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us at privacy@madyomw.com and we will delete it.

9. International transfers

Some of the service providers we rely on (cloud hosting, email, monitoring) operate from outside Malawi. Where data is transferred across borders, we make sure that the receiving provider offers an adequate level of protection through contractual safeguards.

10. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date and notify you through the app or by email. We encourage you to review this Policy periodically.

11. Contact us

If you have questions about this Privacy Policy or about how we handle your data:

Madyo Limited
Lilongwe, Malawi
Privacy: privacy@madyomw.com
General: hello@madyomw.com