Privacy Policy

1.1 Information You Provide: Account info (name, email, phone, hashed password), booking details (addresses, date/time, vehicle type, passengers), payment info (processed by Stripe — we don't store card numbers), Carrier applications (TCP permit, insurance, vehicle info, driver license), communications (messages, support requests, dispute submissions, photo evidence).

1.2 Automatically Collected: Real-time Carrier GPS during active trips, Rider approximate location for pickup confirmation, device info, usage data, system logs (all booking events, check-ins, reschedules, cancellations, contact attempts, photo submissions), cookies.

1.3 From Third Parties: Payment/dispute data from Stripe, anonymized analytics from Google Analytics, background check data for Carriers, flight status data for force majeure review.

2.1 Service Delivery: Create/manage accounts, process bookings, generate digital waybills per CPUC regulations, execute 80/20 payment splits, weekly Carrier payouts, automatic 1099-K generation via Stripe Connect, send confirmations and receipts.

2.2 Safety, Compliance & Dispute Resolution: Monitor active trips via GPS, maintain logs for no-show determination and chargeback defense, conduct admin review of disputes, verify Carrier credentials, comply with subpoenas and law enforcement requests.

2.3 Legal Basis (GDPR): Contract performance, legal obligation (GPS logging, waybill compliance, 1099 reporting), legitimate interests (safety, fraud prevention, analytics), consent (marketing — withdrawable anytime).

iRide does not sell, rent, or trade personal information to third parties for marketing.

3.1 Operational: With Carriers (rider name, phone, pickup/dropoff — confirmed bookings only), with Riders (carrier name, phone, vehicle info — confirmed bookings only), with Stripe (payment processing, splits, payouts, 1099), with AWS (infrastructure hosting), with Google Analytics (anonymized data).

3.2 Legal & Safety: Valid legal process, protecting safety, merger/acquisition (with notice).

3.3 GDPR Transfers: Data may be processed in the US under Standard Contractual Clauses.

• Account data: active period + 3 years post-closure
• Booking records, GPS logs, photos, system logs: 5 years
• Payment records: 7 years (financial/tax compliance)
• Carrier credential documents: active period + 3 years
• 1099 and tax reporting records: 7 years per IRS
• Marketing consent records: 3 years from last interaction

5.1 California (CCPA/CPRA): Right to Know, Right to Delete, Right to Correct, Right to Opt Out (we don't sell data), Right to Limit Sensitive Data Use, Right to Non-Discrimination.

5.2 EEA/UK (GDPR): Access, Rectification, Erasure, Restriction, Portability, Objection, Withdraw Consent, Lodge complaint with supervisory authority.

5.3 How to Exercise: Submit verifiable request to privacy@irideca.com. Response within 45 days (CCPA) or 30 days (GDPR). Identity verification required.

• HTTPS/TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest in AWS S3
• Role-based access controls
• Carrier documents in encrypted, access-restricted S3 buckets
• Regular security reviews and vulnerability assessments

No internet transmission is 100% secure. We implement commercially reasonable safeguards but cannot guarantee absolute security.

• Session cookies: required for login and functionality
• Analytics: Google Analytics — opt out via browser add-on
• Advertising: Google Ads conversion tracking — opt out via Ad Settings
• No cross-site behavioral tracking cookies used

The Platform is not directed to individuals under 18. We do not knowingly collect data from minors. Contact privacy@irideca.com if you believe we have collected data from a minor.

Material changes communicated via email 30 days before taking effect. Continued use = acceptance.

Privacy: privacy@irideca.com | Support: support@irideca.com | irideca.com