en
Browse web
Join us
Laayo

Privacy Policy

Last updated on May 18, 2026

Welcome to Laayo! We're thrilled to have you on board as you explore the convenience of our on-demand delivery platform. By using Laayo, you agree to our Privacy Policy, which is designed to protect your personal information while enhancing your experience. This policy works hand-in-hand with our Terms of Service, ensuring transparency and trust every step of the way. Dive in to understand how we handle your data responsibly.

I. Applicability and scope #

This Privacy Policy applies to all users of the Laayo Platform, including Customers, Vendors, and Delivery Partners. Whether you're ordering a delicious meal, listing your products, or delivering an order, this policy outlines how we collect, use, and protect your personal information. By accessing or using Laayo, you agree to the terms outlined here, which complement our Terms of Service. Our commitment is to safeguard your data while providing a seamless experience across all our services.

Laayo operates under Nepali law, ensuring compliance with local privacy regulations. Our platform is available in English and Nepali, catering to a diverse audience in Birtamod and central Jhapa. We encourage you to read this policy carefully to understand your rights and our obligations regarding your personal information.

II. Definitions #

To ensure clarity, we use specific terms throughout this Privacy Policy. These definitions align with our Terms of Service, providing consistency across our documentation. Understanding these terms will help you navigate our policy with ease.

Customer #

A 'Customer' is an individual who uses Laayo to order food, groceries, pharmacy items, or other services listed on our platform. As a Customer, your interactions with Laayo involve providing personal information necessary for account creation, order placement, and delivery coordination. We prioritize your privacy and ensure that your data is handled with care.

Vendor / Restaurant Partner / Store Partner #

A 'Vendor', 'Restaurant Partner', or 'Store Partner' refers to a business entity that lists its products or services on Laayo. These partners play a crucial role in fulfilling customer orders and are provided with only the necessary information to complete transactions. We ensure that Vendors adhere to privacy regulations and use customer data solely for order fulfillment.

Delivery Partner / Rider #

A 'Delivery Partner' or 'Rider' is an independent contractor responsible for picking up and delivering orders placed through Laayo. Riders receive essential information such as pickup and drop-off locations to ensure timely and accurate deliveries. We maintain strict confidentiality and security protocols to protect both rider and customer information.

Platform #

The 'Platform' encompasses the Laayo website, mobile apps, vendor app, rider app, web admin, and any related digital interfaces. It serves as the backbone of our services, facilitating seamless interactions between customers, vendors, and delivery partners. Our platform is designed with user privacy and data security at its core.

Services #

'Services' refer to all features offered through the Platform, including ordering, payments, delivery, support, and any Add-on Module. Our services are crafted to enhance your experience while ensuring your personal information is protected at every stage of your interaction with Laayo.

Order #

An 'Order' is a confirmed transaction placed through the Platform. It involves the exchange of personal information necessary for processing and fulfilling the request. We are committed to safeguarding this information and ensuring it is used solely for the intended purpose of completing your order.

Content #

'Content' includes anything you upload through the Platform, such as reviews, photos, prescriptions, chat messages, and profile information. We respect your contributions and ensure that your content is stored securely and used in accordance with our privacy standards.

Wallet #

The 'Wallet' is a feature within Laayo where you can hold non-cashable credits. It offers a convenient way to manage your transactions and rewards. We ensure that your Wallet information is kept confidential and secure, providing you with peace of mind as you use this feature.

Loyalty Points #

'Loyalty Points' are points earned through your interactions with Laayo, which can be redeemed for Wallet credits. This rewards system is designed to enhance your experience and incentivize continued engagement with our platform, all while maintaining the privacy of your personal data.

Gift Card #

A 'Gift Card' consists of a code and PIN that can be redeemed to your Wallet. It offers a flexible way to share the Laayo experience with others. We ensure that Gift Card transactions are secure and that your personal information is protected throughout the process.

Khata #

'Khata' is Laayo's Buy-Now-Pay-Later credit-line product. It provides a convenient payment option for eligible users, allowing for deferred payments while maintaining strict privacy and security measures to protect your financial information.

Quick Pay #

'Quick Pay' enables in-store QR payments to participating Vendors. This feature simplifies transactions and enhances your shopping experience. We ensure that all Quick Pay transactions are secure and that your personal information is handled with the utmost care.

Personal Information #

'Personal Information' refers to information that identifies you or could reasonably identify you, alone or in combination with other data. We are committed to protecting your personal information and using it only for the purposes outlined in this Privacy Policy.

III. Information you provide to us #

When you interact with Laayo, you provide us with various types of information. This section outlines the categories of information we collect directly from you, ensuring transparency and clarity in how we handle your data.

Account registration and OAuth sign-in #

To create an account on Laayo, you provide us with personal details such as your name, phone number, email, and a password (which we securely hash). If you choose to sign in using OAuth, we collect your name, email, and profile picture, as well as any other fields returned by Google or Facebook. We only request the minimum information necessary to set up your account and enhance your experience on our platform.

KYC and identity proofs #

For certain services, such as age-restricted items or Khata onboarding, we require KYC and identity proofs. This may include citizenship documents, driving license number or image, vehicle bluebook, third-party insurance, TIN/PAN, business registration, owner photo, store logo, and store cover photo. We handle this sensitive information with the highest level of security and confidentiality, ensuring compliance with applicable laws.

Saved addresses #

To facilitate seamless deliveries, you can save addresses on Laayo. This includes street, house, floor, landmark, recipient phone, and geo-coordinates, along with nicknames like Home, Work, or Other. We use this information to streamline your ordering process and ensure accurate deliveries, while keeping your location data secure and private.

Order details #

When you place an order, we collect details such as items, quantities, special instructions, allergen notes, cutlery preference, and scheduled delivery time. For pharmacy orders, prescription photos are also collected. This information is crucial for fulfilling your orders accurately and efficiently, and we ensure it is used solely for this purpose.

Payments and Wallet #

We collect payment method metadata to process transactions, but rest assured, Laayo does not store full card numbers, bank account numbers, or CVV. We also manage Wallet top-ups, Gift Card codes (hashed), and Loyalty point ledgers, ensuring all financial data is handled with the utmost security and privacy.

Content you upload (reviews, photos, chat) #

Laayo allows you to upload content such as reviews, ratings, photos, chat messages, and audio notes. This content enriches your experience and helps us improve our services. We store this information securely and use it in accordance with our privacy standards, ensuring your contributions remain private and protected.

Prescription uploads (Pharmacy) #

For pharmacy orders, you may need to upload prescription images. We treat these uploads with the highest level of confidentiality, using them only to verify and fulfill your orders. Our systems are designed to protect this sensitive information and comply with applicable health privacy regulations.

Vendor-provided information #

Vendors provide us with business-related information necessary for listing and operating on Laayo. This includes business registration details, store logos, and other relevant data. We ensure that vendor information is stored securely and used solely for the purpose of facilitating transactions and enhancing the vendor's presence on our platform.

Rider-provided information #

Riders provide information such as driving license, vehicle details, and insurance documents for onboarding. This information is crucial for verifying rider eligibility and ensuring safe and reliable deliveries. We handle rider data with strict confidentiality and use it only for operational purposes.

IV. Data of minors (under 18) #

The Laayo platform is intended for users aged 16 (sixteen) years or older. We do not knowingly collect Personal Information from anyone below 16. If you are a parent or guardian and believe that a person below 16 has provided Personal Information to Laayo without your consent, please write to privacy@laayo.com.np and we will delete that information from our systems.

Some features of the platform — including ordering of alcoholic beverages, tobacco products and items listed on stores that Laayo has tagged as "18+" or "age-restricted" — have a stricter age requirement of 18 (eighteen) years or older. For these features we may collect and verify your date of birth, and the Rider may request a valid government-issued photo identity document at delivery.

Where Laayo collects date of birth for age-gating purposes, we use that information only to verify eligibility, to enforce the relevant Laayo terms and to comply with applicable Nepali law. We do not use date-of-birth data for advertising purposes.

V. Information we collect automatically #

As you use Laayo, we automatically collect certain information to enhance your experience and ensure the smooth operation of our platform. This section details the types of data we gather without requiring direct input from you.

Device and app diagnostics #

We collect information about your device, such as device-ID, model, operating system and version, app version, platform (Android/iOS/web), screen size, language preference, FCM push token, install referrer, and time zone. This data helps us optimize the app's performance and provide a seamless user experience across different devices.

Network and IP #

We gather network-related information, including IP address, ISP, approximate network location, connection type, and latency/connectivity samples. This information is used to ensure reliable connectivity and enhance your interaction with the platform, while also aiding in fraud detection and prevention.

Crash reports and analytics #

To improve our services, we collect crash reports and analytics data, including error logs, performance metrics, screen-view events, and action funnels. This information helps us identify and resolve issues promptly, ensuring a smooth and efficient user experience on Laayo.

Cookies and local storage #

We use cookies, local storage, and session tokens on the web surface to enhance functionality and user experience. Session cookies are HTTPS-only with a SameSite=Lax policy and a ~120-minute idle timeout. These technologies help maintain session persistence and remember your preferences, while you have the option to clear or block them in your browser settings.

Location (Customer, Rider, Vendor) #

For operational purposes, we collect location data. Customers' GPS/network location is captured while placing or tracking an order. Riders' continuous foreground location is tracked during active trips, with lighter background tracking while online. Vendors' location is accessed when using the in-app POS delivery-fee estimator. This data ensures accurate deliveries and efficient service coordination.

Mock-GPS and fraud signals #

To maintain platform integrity, we monitor for mock-GPS and device-spoofing flags, particularly during rider attendance check-in/check-out. This helps us detect and prevent fraudulent activities, ensuring a secure and trustworthy environment for all users.

VI. Information we collect from third parties #

Laayo collaborates with various third-party providers to enhance our services. This section outlines the types of information we receive from these partners, ensuring transparency in how we integrate external data into our platform.

Payment gateways #

We work with multiple payment gateways, including Fonepay, eSewa, Khalti, and others. These gateways provide us with transaction status, masked card brand, last 4 digits, gateway transaction ID, and refund metadata. This information is crucial for processing payments securely and efficiently, while ensuring your financial data remains protected.

OAuth providers #

When you use OAuth to sign in, we receive basic profile information from providers like Google and Facebook, as per the scope you approve at consent. This data helps streamline your account setup and login process, enhancing your overall experience on Laayo.

Communications providers (SMS / email / WhatsApp / push) #

Our communications providers, such as msg91 SMS, WhatsApp Cloud API, and SMTP, return delivery receipts, message-ID, and failure codes. This information ensures reliable delivery of transactional notifications, keeping you informed about orders, payments, and account changes.

AI and ML providers #

We use AI and ML providers like OpenAI, Google Vision, and FAL.ai/FLUX to process inputs such as menu photos and support-chat conversations. These providers return generated content that enhances features like menu OCR, AI-assisted search, and smart cart suggestions, while adhering to strict data processing agreements.

Geocoding and maps #

Google Maps provides us with address suggestions and route data when you search or place an order. This information is vital for accurate deliveries and efficient route planning, ensuring a smooth and timely service experience on Laayo.

Anti-fraud and risk signals #

We receive anti-fraud signals, including IP-reputation, device-fingerprint, velocity checks, and gateway risk scores. These signals help us detect and prevent fraudulent activities, maintaining a secure and trustworthy environment for all Laayo users.

VII. How we use the information we collect #

Laayo uses the information we collect to provide, enhance, and secure our services. This section details the various purposes for which we process your data, ensuring transparency and accountability in our operations.

To operate the Platform #

We use your information to create and manage your account, process orders, dispatch riders, and handle payments and refunds. This ensures a seamless and efficient experience on Laayo, allowing you to enjoy our services with ease and confidence.

To personalise #

Your data helps us personalise your experience by remembering saved addresses, recently-ordered stores, and language preferences. We also use AI to provide smart cart suggestions and recommended items, enhancing your interaction with Laayo.

To communicate with you #

We use your contact information to send transactional messages about orders, payments, and account changes. If you've opted in, we may also send marketing communications. Our goal is to keep you informed and engaged with Laayo.

For safety and fraud prevention #

We process your data to detect and prevent fraud, abuse, and security incidents. This includes monitoring for multi-account farming, mock-GPS attendance, and referral abuse, ensuring a safe and secure platform for all users.

To improve the Platform #

We use aggregate analytics, A/B testing, and feature experiments to enhance our services. Crash diagnostics and user feedback help us identify and resolve issues, ensuring a smooth and efficient experience on Laayo.

Your information is used to comply with Nepali law, respond to lawful requests, and fulfill tax and accounting obligations. We also use your data to defend legal claims and ensure regulatory compliance, protecting both you and Laayo.

VIII. How we share the information we collect #

Laayo shares your information with trusted partners to provide and enhance our services. This section outlines the categories of partners we work with and the types of information shared, ensuring transparency and accountability in our data-sharing practices.

With Vendors #

We share necessary order details with Vendors, including your name, masked phone number, delivery address, and special instructions. For pharmacy orders, prescription photos are also shared. Vendors are contractually bound to use this information solely for order fulfillment.

With Riders #

Riders receive pickup and drop-off addresses, customer phone number (masked or temporary where supported), and order details during active trips. This information ensures accurate and timely deliveries, while maintaining customer privacy.

With Payment processors #

We share tokenised payment-method details, transaction amounts, and refund instructions with payment processors. This ensures secure and efficient payment processing, while protecting your financial information.

With Communications providers #

Your phone number, email, or WhatsApp ID, along with message template variables, are shared with communications providers to deliver transactional notifications. This keeps you informed about orders, payments, and account changes.

With AI / ML providers #

We share specific inputs with AI/ML providers, such as menu images for OCR, item description prompts, and support-chat messages. These providers process the input to provide the requested output, enhancing features like AI-assisted search and smart cart suggestions.

With Analytics and crash-reporting providers #

We share pseudonymous identifiers, crash stacks, device info, screen events, and action funnels with analytics and crash-reporting providers. This helps us improve our services and resolve issues promptly, ensuring a smooth user experience.

With Government and regulators #

We may share your information with government authorities, regulators, or law enforcement where required by law, court order, or to defend legal claims. This ensures compliance with legal obligations and protects both you and Laayo.

With Professional advisers and Acquirers #

Under confidentiality agreements, we may share your information with professional advisers such as auditors, lawyers, and insurers, or with acquirers in the event of a merger, acquisition, or sale. This ensures the continued operation and integrity of Laayo.

Aggregated and de-identified data #

We may share statistical or non-personal aggregates with partners, such as average delivery times in a neighborhood. These aggregates do not identify you and are used to enhance our services and partnerships.

We do NOT sell your personal information #

Laayo does not sell your personal information to data brokers or third parties. We are committed to protecting your privacy and ensuring your data is used solely for the purposes outlined in this Privacy Policy.

IX. Information shared with Vendors / Merchants #

We want to clarify the information shared with Vendors to ensure transparency and protect your privacy. Vendors only receive the information necessary to fulfill your order, including your name (or first name), masked phone number (where supported), delivery address, item list, special instructions, and prescription photos for Pharmacy orders. Vendors do not have access to your payment method details. They are contractually obligated to use your order data solely for fulfillment purposes and to comply with applicable privacy laws. This ensures that your personal information is handled with care and respect throughout the order process.

X. Information pertaining to Service Partners (Riders and other service providers) #

At Laayo, we recognize the critical role of our Service Partners, including Riders and other service providers, in delivering exceptional experiences to our Customers. To facilitate seamless operations, we collect and process specific information about our Service Partners. This includes personal details such as name, contact information, and identification documents necessary for onboarding and verification. We also gather data related to the vehicles used for deliveries, such as vehicle registration and insurance details. This information ensures compliance with legal requirements and enhances the safety and reliability of our services.

In addition to personal and vehicle information, we collect operational data such as location and trip details. This data helps us optimize delivery routes, improve service efficiency, and ensure timely deliveries. We maintain strict confidentiality and use this information solely for operational purposes, adhering to applicable privacy laws. Service Partners can access and update their information through the Laayo app, ensuring transparency and control over their data. We are committed to safeguarding the privacy and security of our Service Partners' information, employing industry-standard measures to protect against unauthorized access or misuse.

XI. Your rights #

At Laayo, we believe in empowering you with control over your Personal Information. You have several rights regarding the data we hold about you, ensuring transparency and trust in our relationship. Below, we outline your rights and how you can exercise them:

Access #

You have the right to access the Personal Information we hold about you. This can be done through the Laayo app, where you can view and download your data. We strive to provide you with easy access to your information, ensuring transparency and control over your data. If you encounter any issues accessing your data, our support team is available to assist you.

Correct #

If you find any inaccuracies in your Personal Information, you have the right to correct them. You can update your name, phone number, email, addresses, and other details directly through the app's settings. Keeping your information accurate and up-to-date is essential for us to provide you with the best possible service.

Delete (multi-step OTP) #

Should you wish to delete your account, you can initiate a multi-step OTP process through the app (Profile → Delete Account). This process ensures that your request is secure and verified. Once submitted, your request will be reviewed by our admin team, and you will be notified of the status (pending, approved, rejected, or cancelled).

Restrict and object #

You have the right to restrict or object to certain processing activities. This includes disabling optional features such as marketing notifications, background location tracking, and voice notes. We respect your preferences and provide you with the tools to manage your data processing options effectively.

If you have previously given consent for specific data processing activities, you have the right to withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. You can manage your consent preferences through the app settings.

Lodge a complaint #

If you have any concerns about how we handle your Personal Information, you can lodge a complaint with our Grievance Officer. We are committed to resolving your concerns promptly and fairly. Please refer to the 'Contact us' section for details on how to reach our Grievance Officer.

XII. Data storage, retention and security #

Laayo is committed to safeguarding your Personal Information through robust data storage, retention, and security practices. We employ industry-standard measures to protect your data from unauthorized access or misuse. Here's how we manage your data:

Where and how we store data #

Your data is stored on managed infrastructure with disk-level encryption, ensuring that it remains secure. We utilize encrypted backups and implement strict access controls to protect your information. Our data storage practices are designed to comply with applicable privacy laws and industry standards.

Encryption and tokenisation #

We use advanced encryption techniques to safeguard your data. Passwords are hashed using secure algorithms, and payment-method details are tokenised by the relevant gateway, ensuring that sensitive information is not stored by Laayo. These measures enhance the security of your data during storage and transmission.

Retention periods #

We retain your data for as long as necessary to fulfill legal, tax, accounting, fraud-prevention, and dispute-resolution obligations. Account data is retained while your account is active, plus a reasonable period after closure. Order and transaction data are typically retained for at least seven years to comply with Nepali tax and accounting law.

Backups #

We maintain backups and disaster-recovery copies of your data on a rolling, time-limited basis. These backups are encrypted and overwritten in the normal course of operations, ensuring that your data is protected against accidental loss or damage.

Pseudonymous and aggregated data #

Pseudonymous analytics data may be retained indefinitely in aggregated, non-identifying form. This allows us to improve our services and gain insights without compromising your privacy. Aggregated data does not identify you and is used solely for analytical purposes.

XIII. International transfers #

Laayo works with third-party providers that operate globally, which may involve processing your data outside Nepal. We ensure that these providers adhere to standard contractual safeguards to protect your data during international transfers. These safeguards are designed to comply with applicable privacy laws and provide you with the same level of data protection, regardless of where your data is processed.

By using our Platform, you consent to the transfer of your data to third-party providers located in different jurisdictions. We remain committed to ensuring that your data is handled securely and in accordance with this Privacy Policy, regardless of its location.

XIV. AI and automated processing #

Laayo leverages AI and automated processing to enhance your experience on our Platform. We use AI technologies from providers like OpenAI, Google Vision, and FAL.ai to assist with menu OCR, AI-generated images, support-chat assistance, smart cart-upsell suggestions, and more. These technologies help us deliver personalized and efficient services.

We ensure that the inputs sent to these providers, such as menu photos and support-chat messages, are processed only to provide the requested output. These providers are contractually obligated not to use our data to train their models, where supported by their published API agreements. You can choose to avoid AI features by using the standard ordering flow, ensuring that you have control over your experience.

XV. Cookies, sessions and local storage #

Laayo uses cookies, sessions, and local storage to enhance your experience on our Platform. Session cookies are used to maintain your login state, with an idle timeout of approximately 120 minutes. These cookies are HTTPS-only and have a SameSite=Lax attribute to enhance security.

We also use functional cookies to remember your language preference and last-selected delivery address, as well as analytics cookies to collect anonymized feature-usage telemetry on the web surface. You have the option to clear or block cookies in your browser, but doing so may disable some features, such as sign-in persistence and language preference.

XVI. Miscellaneous #

This Privacy Policy is part of Laayo's commitment to transparency and user trust. It should be read in conjunction with our Terms of Service and other related policies. This Policy is governed by Nepali law, and any disputes arising from it will be subject to the jurisdiction of the courts in Nepal.

If any provision of this Policy is found to be unenforceable, the remaining provisions will continue to be valid and enforceable. Our failure to enforce any right or provision of this Policy will not constitute a waiver of such right or provision.

XVII. Changes to this Privacy Policy #

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated to you via in-app notifications or email, and the 'Last updated' date at the top of this Policy will be revised accordingly. We encourage you to review this Policy periodically to stay informed about how we protect your Personal Information.

Your continued use of the Platform after any changes to this Policy constitutes your acceptance of the updated terms. If you do not agree with any changes, you should discontinue using the Platform and contact us to address your concerns.

XVIII. Contact us #

If you have any questions or concerns about this Privacy Policy or our data practices, please reach out to us. For privacy queries, contact us at privacy@laayo.com.np. For grievances, our Grievance Officer can be reached at grievance@laayo.com.np. We aim to acknowledge grievances within 48 hours and resolve them within 15 working days where feasible.

For other inquiries, you can reach us by postal mail at Laayo Pvt. Ltd., New Kanchanjunga Tole, Birtamod, Jhapa, Nepal, or by phone at 023591446. We are committed to addressing your concerns and ensuring a positive experience with Laayo.