Privacy Policy

ZygoRIde ("ZygoRIde", "we", "us", "our") operates the ZygoRIde mobile application and the website at zygoride.in. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights regarding that information. By using our Services you consent to the practices described in this Policy.

This Policy is published in compliance with the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and in anticipation of the Digital Personal Data Protection Act, 2023 (DPDP Act) provisions as they come into effect.

1. Information We Collect

We collect the following categories of personal information when you use ZygoRIde:

• Account information: Your full name, email address, phone number, and profile photo when you register.
• Precise location data (Sensitive Personal Data): GPS coordinates are accessed only while a ride is active and are used solely to provide live tracking to ride participants. Background location is never collected. Location data is not stored permanently after a ride ends.
• Identity documents (Sensitive Personal Data): Government-issued photo ID submitted for verification (Aadhaar, Passport, Driving Licence, or Voter ID). Ride Providers additionally submit their Driving Licence and vehicle RC. These documents are encrypted and stored in Firebase Cloud Storage, accessible only to our verification team. Documents are permanently deleted within 7 days of successful verification. ZygoRIde does not store full Aadhaar numbers in any database. Aadhaar and other identity documents are used solely for manual identity verification and permanently deleted within 7 days. ZygoRIde is not an Aadhaar Authentication User Agency (AUA) and does not perform biometric or OTP-based Aadhaar authentication.
• Device information: Firebase Cloud Messaging (FCM) token for push notifications; device model, OS version, and app version for diagnostics and crash reporting.
• Ride data: Ride origin and destination, departure time, price per seat, number of seats, ride status, and booking history.
• In-app messages: Text messages exchanged between Ride Providers and Riders through the in-app chat. Stored in Firebase Firestore; not read by us unless required for a safety investigation or legal obligation.
• Ratings and reviews: Star ratings and optional text reviews submitted after completed rides.
• Contact form messages: Name, email, and message content submitted through the website contact form.

2. Consent for Sensitive Personal Data

In accordance with Rule 5 of the IT (SPDI) Rules, 2011, we require your explicit consent before collecting sensitive personal data such as your precise location and government-issued identity documents. By submitting this information within the app you provide that consent. You may withdraw consent at any time by deleting your account; however, withdrawal may prevent you from using features that depend on that information.

3. How We Use Your Information

• To create and manage your account and verify your identity.
• To match you with compatible rides based on your route, schedule, and preferences.
• To provide live ride tracking during active rides to all participants.
• To send ride confirmations, booking updates, and support responses via push notification and email.
• To send scheduled ride reminders and match alerts via push notification.
• To detect and prevent fraud, abuse, and safety violations.
• To investigate safety-related complaints or respond to lawful legal requests.
• To improve the application through aggregate, anonymised usage analytics.

4. Data Sharing

We do not sell, rent, or trade your personal data to third parties. Data is shared only in the following limited circumstances:

• Firebase (Google LLC): Our primary backend infrastructure for authentication, real-time database, cloud storage, and push notifications. Data is stored on Google Cloud servers (region: asia-south1, Mumbai, India where applicable). Google processes data under the Google Cloud Data Processing Addendum.
• Formspree: Contact form messages submitted on our website are delivered to us via Formspree. Your name and email are shared with Formspree solely for this purpose.
• Other ride participants: Your first name, profile photo, star rating, and vehicle details (for Ride Providers) are visible to users you are matched with. Your phone number, email address, and identity documents are never shared with other users.
• Legal and regulatory authorities: We may disclose personal information if required by Indian law, a court order, or a lawful request from a government authority.
• Google Fonts: This website loads fonts from Google Fonts (fonts.googleapis.com), which may log your IP address as part of serving font files, in accordance with Google's privacy policy. No persistent cookies are set by Google Fonts on this website.

5. Data Retention

• Account data: Retained for as long as your account is active. On account deletion, personal data is permanently deleted within 30 days.
• Identity documents: Permanently deleted within 7 days of successful verification.
• Ride data: Retained for 12 months after the ride date, then deleted or permanently anonymised.
• In-app messages: Retained for 90 days after the associated ride is completed, then automatically deleted.
• Location data: Not retained after the active ride session ends.
• Aggregate analytics: Retained indefinitely in anonymised form with no link to individual users.

6. Your Rights

Under applicable Indian law, including the IT Act, 2000, the IT (SPDI) Rules, 2011, and the DPDP Act, 2023, you have the right to:

• Access: Request a summary of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your account and associated personal data (subject to legal retention obligations).
• Withdraw consent: Withdraw consent for processing of sensitive personal data.
• Nominate: Under the DPDP Act, 2023, once applicable, nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, email us at zygoride.feedback@gmail.com. We will respond within 30 days.

7. Grievance Officer

In accordance with Rule 5(9) of the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, ZygoRIde has designated a Grievance Officer to address complaints regarding the handling of personal data:

Grievance Officer: ZygoRIde Operations
Email: zygoride.feedback@gmail.com
Complaints will be acknowledged within 7 days and resolved within 30 days of receipt.

Note for publisher: Indian IT Rules 2011, Rule 5(9) requires a real person's full legal name here — not a company name. Please replace "ZygoRIde Operations" above with the designated officer's full name before this page goes live. All grievances may be directed to the email above in the meantime.

8. Children's Privacy

ZygoRIde is intended for users aged 13 and above. Users between 13 and 17 may only use the app as Riders with written parental or legal guardian consent submitted to zygoride.feedback@gmail.com. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us immediately and we will delete it without delay.

9. Security Measures

We implement reasonable security practices and procedures as required under Rule 8 of the IT (SPDI) Rules, 2011, including:

• TLS (Transport Layer Security) encryption for all data in transit.
• AES-256 encryption at rest for sensitive documents stored in Firebase Cloud Storage.
• Firebase Security Rules to control read and write access to our database.
• Restricted access: only authorised personnel can access identity verification documents.
• Regular security reviews of our data handling practices.

In compliance with CERT-In Directions (April 2022), ZygoRIde will report cybersecurity incidents to the Indian Computer Emergency Response Team (CERT-In) within the required timeframe. In the event of a data breach affecting your personal information, we will notify you without undue delay as required under applicable law.

No method of transmission or storage over the internet is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending a push notification or email. Continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the updated Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

ZygoRIde
Operated by an individual proprietor
Email: zygoride.feedback@gmail.com
Website: zygoride.in