Stork Privacy Policy
Stork is a campus food and package delivery application operated by DDRHS (“we,” “us,” or “our”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and what choices you have. It applies to all users of the Stork mobile application, including students, couriers, and administrators.
We believe in being straightforward. We collect only what we need to run the service, we do not sell your data, and we do not use advertising or tracking SDKs of any kind.
1. Information We Collect
1.1 Account Information
When you create a Stork account, we collect:
- Full name — used for your profile and displayed to couriers or students during active orders.
- Email address — used for authentication and transactional notifications. Students must register with a valid @vt.edu email address.
- Role — whether you are a student, courier, or administrator.
1.2 Location Data
- Couriers: During an active delivery, we collect real-time GPS coordinates from your device approximately every 5 seconds. This allows students to track their order in real time. Location tracking stops when the delivery is completed or you go offline.
- Students: We collect the delivery address you provide, including your dorm name, room number, and geographic coordinates, so couriers can find you.
We do not collect location data in the background when you are not actively using the app for a delivery.
1.3 Photos and Images
- Student ID photo: Couriers are required to upload a photo of their student ID for identity verification. This photo is stored in a private, encrypted storage bucket and is accessible only to Stork administrators during the review process.
- Chat images: During an active order, students and couriers can exchange photos through 1:1 in-app chat. These images are stored in a private storage bucket.
- Order screenshots: Couriers may upload screenshots of order details. These are stored in a private storage bucket and associated with the relevant order.
1.4 Payment Information
All payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. Stork never receives, stores, or has access to your credit card number, debit card number, or bank account details. We store only:
- A Stripe payment intent ID (a reference code for each transaction).
- A Stripe Connect account ID (for couriers who set up payouts).
1.5 Device Information
We collect your Expo Push Notification token so we can send you order status updates, chat message notifications, and other service-related alerts. We do not collect device fingerprints, advertising identifiers, or hardware information.
1.6 Order and Usage Data
We maintain records of your order history, including items ordered, restaurants, delivery addresses, order status, timestamps, and any ratings you submit. For couriers, we also track delivery records, earnings, and performance metrics.
1.7 Communications
In-app chat messages between a student and their assigned courier for a specific order are stored to facilitate the delivery and to assist with dispute resolution. Chat is limited to 1:1 conversations tied to a specific order.
1.8 Session Data
Authentication tokens are stored on your device using expo-secure-store, which leverages the iOS Keychain and Android Keystore for encrypted, hardware-backed storage. These tokens are never transmitted to third parties.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the service — Processing orders, coordinating deliveries, enabling real-time tracking, and facilitating student-courier communication.
- Identity verification — Reviewing courier student ID photos to confirm eligibility before allowing order acceptance.
- Payments and payouts — Processing student payments and courier earnings through Stripe.
- Notifications — Sending push notifications about order status changes, chat messages, and delivery updates.
- Transactional email — Sending verification results, account-related updates, and service communications.
- Safety and disputes — Retaining location and order data for a limited period to resolve disputes, investigate safety concerns, and support customer service requests.
- Service improvement — Analyzing aggregate, non-identifiable order patterns (such as average wait times per restaurant) to improve wait time predictions and service quality.
We do not use your information for:
- Targeted advertising or ad personalization.
- Cross-app tracking or behavioral profiling.
- Sale or rental to third parties for any purpose.
- Training machine learning models on your personal data.
3. Third-Party Services
We share information with the following third-party service providers, strictly to operate the Stork platform:
3.1 Supabase
- Purpose: Database hosting, user authentication, file storage, and real-time data synchronization.
- Data shared: Account information, order records, chat messages, uploaded photos, location data.
- Hosting region: AWS us-east-1 (Northern Virginia).
3.2 Stripe
- Purpose: Payment processing for student orders and Stripe Connect payouts for couriers.
- Data shared: Name, email, and payment details (provided directly to Stripe by you, not through Stork).
- Compliance: PCI DSS Level 1.
3.3 Expo Push Notifications
- Purpose: Delivering push notifications to your device.
- Data shared: Expo Push token and notification content (order status, chat alerts).
3.4 Resend
- Purpose: Sending transactional emails (verification results, account notifications).
- Data shared: Email address and email content.
- Sending address: noreply@stork.app
We do not integrate any analytics SDKs (such as Google Analytics, Amplitude, Mixpanel, or Firebase Analytics), advertising networks, or cross-app tracking tools.
4. Data Retention
We retain your data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account information | While your account is active |
| Order history | While your account is active |
| Courier verification photos | While your account is active |
| Chat messages and images | 90 days after order completion, then auto-deleted |
| Location data (GPS coordinates) | 30 days after delivery completion, then purged |
| Push notification tokens | While your account is active |
| All personal data | Deleted within 30 days of an account deletion request |
When you delete your account, we delete all personal data associated with it within 30 days.
5. Data Security
We take the security of your data seriously and implement the following measures:
- Encryption in transit: All data is transmitted over HTTPS with TLS encryption.
- Encryption at rest: Session tokens are stored using expo-secure-store, which uses the iOS Keychain and Android Keystore for hardware-backed encryption.
- Database security: Row-Level Security (RLS) is enabled on every table in our database, ensuring users can only access data they are authorized to see.
- Private storage: All file storage buckets are private. Access is granted only through time-limited signed URLs to authorized users.
- Payment security: Payment data is handled entirely by Stripe under PCI DSS Level 1 compliance.
- Access control: Administrative functions are password-protected and restricted to authorized personnel.
No system is perfectly secure. If you become aware of a security vulnerability, please contact us at support@storkdelivery.com.
6. Your Rights and Choices
6.1 Account Deletion
You can delete your account directly within the Stork app. This will permanently remove all personal data associated with your account within 30 days.
6.2 Data Access
You can request a copy of the personal data we hold about you by emailing support@storkdelivery.com. We will respond within 30 days.
6.3 Data Correction
You can update your name and profile information at any time through the Profile section of the app.
6.4 Push Notifications
You can disable push notifications at any time through your device's system settings.
6.5 Location Permissions
Couriers can revoke location permissions through device settings at any time. Note that location access is required during active deliveries.
7. Children's Privacy
Stork is designed for use by college students and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email before the changes take effect.
9. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the Commonwealth of Virginia, United States of America.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us:
- Email: support@storkdelivery.com
- Website: storkdelivery.com
- Company: DDRHS
- Founded by: Parsa Ajami and Desmond Bekele
Copyright 2026 DDRHS. All rights reserved.