A Project by Meridian Bridge Strategy
Book Consultation
Logistics

Dunzo β†—

Ready Score 40/100
Functional Gaps vs Industry Avg: 49
Sushant Pasumarty
ANALYSIS SUPERVISED BY Sushant Pasumarty
πŸ“… 13 Feb 2026

Executive Summary

Dunzo's hyper-local delivery model creates an intensely personal data profile β€” every delivery reveals what you order, where you live, and when you're home. At 40/100, alcohol deliveries, medicine pickups, and photo proofs of delivery create particularly sensitive data categories that the current policy ignores under DPDP.

⚠️ Compliance Gaps

  • No DPDP Act 2023 reference
  • Hyper-local delivery data reveals precise lifestyle patterns
  • Delivery partner access to full address and item details
  • Alcohol and medicine delivery data = sensitive personal information
  • No data retention timelines
  • Data Protection Board not referenced
  • Photo proof of delivery may capture home interiors

βœ… Strengths

  • Basic security measures described
  • Grievance officer designated

Overview

Dunzo is a hyper-local delivery platform β€” pick up anything, deliver anywhere. From medicines to alcohol, documents to groceries, Dunzo delivery partners physically access customer locations with knowledge of what’s being delivered. This creates unique privacy concerns that most delivery platforms don’t face.

DPDP Readiness: Section-by-Section Analysis

Section 6 β€” Consent & Notice πŸ”΄

Dunzo’s consent covers all delivery categories equally. But:

  • Medicine pickup reveals health conditions
  • Alcohol delivery reveals consumption habits
  • Document delivery reveals professional/legal situations
  • β€œDelivery from [specific store]” reveals brand preferences and spending

No granular consent for these sensitive delivery categories.

Section 9 β€” Data Retention πŸ”΄

No retention timelines for:

  • Delivery history (complete log of what was delivered where)
  • Photo proofs of delivery (may capture home interiors, faces)
  • Route data (delivery partner GPS trails to your location)
  • Chat between customer and delivery partner

Section 11 β€” Rights of Data Principal πŸ”΄

  • Can users delete delivery history selectively (e.g., delete alcohol/medicine deliveries)?
  • Delivery photos β€” who owns them? How long stored?
  • No portability, no nomination

Risk Assessment

CategoryRisk LevelPotential Impact
Delivery category inferenceCriticalMedicine/alcohol deliveries reveal sensitive info
Physical access dataCriticalPartners know home + what you receive
Photo proofsHighHome interior captured
Data retentionHighComplete delivery diary indefinitely

Recommendations

  1. Categorize deliveries by data sensitivity β€” Medicine and alcohol deliveries should have enhanced data handling
  2. Auto-delete delivery photos β€” Photo proofs deleted within 7 days of successful delivery
  3. Minimize partner information β€” Don’t show partners what’s inside sealed packages
  4. Define retention β€” β€œActive orders: until delivery; delivery history: 6 months; photos: 7 days; GPS trails: 48 hours”

How Does Your Policy Compare?

πŸ” Run Your Free DPDP Audit β†’

Analysis conducted by DPDP Consulting, a Meridian Bridge Strategy initiative. For a comprehensive compliance roadmap, book a free consultation.

Fix these compliance gaps today.

Book 1:1 Consultation
πŸ“ž Free Consultation