Privacy Policy for Drivit App
Effective Date: 3 November 2025
Notice: This comprehensive template is tailored for a car rental app. You may need legal review to align with your operating jurisdictions.
1. Introduction
We respect your privacy and are committed to protecting your personal data. This policy explains how [Company/App Name] collects, uses, retains, and shares your personal data when you use our app and services.
2. Scope & Definitions
Applies to: app users, owners/hosts, additional drivers, and visitors.
Definitions: "Personal data" means any information relating to an identified or identifiable individual; "Processing" means any operation performed on personal data.
3. Data We Collect
We collect the following categories as needed:
· Account & Identity Data: name, email, phone, hashed password, profile photo, date of birth, driver’s license, government ID, biometric verification (if enabled), selfie images for verification.
· Trip & Booking Data: pickup/return locations, dates/times, vehicle type, add-ons (child seat, extra coverage), your preferences.
· Location Data: approximate location via IP and precise location via GPS/Bluetooth (with your device permissions).
· Device & Usage Data: device model, OS, advertising/device IDs, crash logs, cookies and similar tech (SDKs/local storage).
· Payment & Billing Data: partial payment details (processed by payment provider), billing addresses, anti-fraud results, transaction records.
· Communications: support messages, recorded calls (if any), in-app chats, ratings and reviews.
· Third-Party Data: ID/license verification providers, insurers, analytics/ad partners, loyalty partners.
· Vehicle/Telematics Data (if applicable): fuel/battery level, odometer, location at drop-off, vehicle condition, alerts (overspeed/collision).
4. Legal Bases & Purposes
We process your data under the following legal bases (e.g., GDPR):
· Contract: account creation, bookings, payments, trip management, support.
· Legitimate Interests: safety, fraud prevention, performance improvements, analytics, non-intrusive marketing.
· Legal Obligation: responding to lawful requests, taxes, AML/KYC.
· Consent: precise location, marketing notifications, ad tracking, biometric checks.
Purposes include providing services, personalization, communications (including push), security, analytics, measured advertising, dispute resolution, and insurance claims.
5. Data Sharing
We may share data as needed with:
· Service providers: hosting, databases, payments, ID verification, messaging, analytics.
· Owners/hosts and renters: necessary booking/contact data for the transaction and safety.
· Insurers and claims adjusters.
· Marketing/advertising partners (with consent where required).
· Law enforcement/authorities: where legally required.
· Corporate transactions: mergers, acquisitions, or asset sales (with safeguards).
6. International Transfers
Your data may be transferred outside your country. We use appropriate safeguards (e.g., Standard Contractual Clauses or adequacy decisions) where required.
7. Data Retention
We retain data for the duration of the contractual relationship and as required for legal compliance and dispute resolution, then delete or anonymize per an internal schedule. Examples: transaction records up to 10 years (if required), support records 3 years, telematics logs up to 24 months unless otherwise required.
8. Security
We implement reasonable technical and organizational measures: encryption in transit/at rest (where applicable), least-privilege access, access logging, periodic security testing, and business continuity. However, no system is perfectly secure.
9. Your Rights
Subject to applicable laws (e.g., GDPR), you may have rights to: access, rectify, erase, restrict processing, object, data portability, and withdraw consent without affecting prior lawful processing. You may lodge a complaint with your supervisory authority.
For certain regions (e.g., CCPA/CPRA): you may have additional rights such as opting out of "sale" or "sharing" of personal information for cross-context behavioral advertising.
10. Children
Our services are not directed to children under 16, and we do not knowingly collect their data. If you believe a child provided data, contact us to delete it.
11. Automated Decision-Making & Profiling
We may use analytics and algorithmic fraud detection. You can request human review where results materially affect you, subject to applicable law.
12. Marketing Preferences & Cookies
Manage your preferences via in-app settings, unsubscribe links, and your device/browser settings for cookies and advertising IDs.
13. Service Providers & Third Parties
We work with compliant providers offering adequate guarantees. We maintain an internal list and can provide categories upon request.
14. Contact Us
If you have any questions about this Privacy Policy, please contact us at : support@drivit.app].
15. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via the app or email before they take effect.
16. Requests & Exercising Rights
To exercise your rights or ask questions, submit a request via the in-app privacy section or email us. We will respond within the timeframes required by law.