CityRyde
🏢 About Us 🤝 Partners 📰 Blogs 📞 Contact
Register as Driver

AGREEMENT VERSION: 1.0 (DPDP-Compliance/2026)

EFFECTIVE DATE: January 28, 2026

APPLICABLE TO: All Registered Riders and Driver Partners (Pilots)

DATA FIDUCIARY: City-Ryde transportation Services private Limited.

PART I: PRELIMINARY RECITALS & DEFINITIONS

1. Introduction

At City-Ryde ("We", "Us", "Our"), trust is the currency of our business. This Privacy Policy outlines how We collect, process, store, and share Your personal data. By accessing the Platform, You consent to the practices described herein.

Legal Status:

  • City-Ryde acts as a Data Fiduciary as defined under Section 2(i) of the Digital Personal Data Protection Act, 2023 (DPDP Act).
  • You (Rider or Pilot) act as the Data Principal as defined under Section 2(j) of the DPDP Act.

2. Definitions

  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data.
  • "Processing" means an automated operation or set of operations performed on digital personal data (collection, storage, use, sharing, erasure).
  • "Sensitive Personal Data" includes financial information, health data, official identifiers (Aadhaar/PAN), and biometric data.
  • "Consent Manager" means a person registered with the Data Protection Board of India, who acts as a single point of contact to enable a Data Principal to give, manage, review, and withdraw consent through an accessible, transparent, and interoperable platform.

PART II: DATA COLLECTION (THE "WHAT")

We collect data in three categories: (A) Data You Provide, (B) Data We Collect Automatically, and (C) Data from Third Parties.

3. Data Collected from RIDERS (Customers)

To facilitate the Service, We process the following:

  • Identity Data: Name, Mobile Number, Email Address.
  • Location Data: Precise GPS location (captured from the time You open the App until the trip ends). We collect this to enable pickup, navigation, and safety monitoring.
  • Transaction Data: Trip details, date, time, amount charged, and payment method details (Credit Card/UPI handles are tokenized and processed by PCI-DSS compliant Payment Aggregators; City-Ryde does not store raw card data).
  • Communication Data: Call logs and in-app chat history with Pilots (Phone numbers are masked via a virtual number provider).
  • Device Data: IP Address, Device Model, OS Version, and advertising identifiers (IDFA).

4. Data Collected from DRIVERS (Pilots)

In addition to the data collected from Riders, We strictly process the following for Pilots:

  • Background Verification (BGV) Data: Government ID (Aadhaar/DL/PAN), Police Verification Reports, and Court Record checks to ensure safety compliance under the Motor Vehicle Aggregator Guidelines 2025.
  • Telematics & Sensor Data: Accelerometer, Gyroscope, and GPS data to monitor driving behavior (speeding, harsh braking, rapid acceleration) for the "Driver Score" and safety audits.
  • Biometric Data (Facial Recognition): We may use facial recognition periodically to verify that the person driving the vehicle matches the registered profile ("Real-Time ID Check").
  • Financial Data: Bank Account details for payout settlements and tax deductions (TDS).
  • Health Data: Self-declared health status or medical certificates (Form 1A) required for commercial driving fitness.

PART III: PURPOSE OF PROCESSING (THE "WHY")

We process Your data only for "Legitimate Uses" as defined under Section 7 of the DPDP Act.

5. For Service Delivery

  • Matching: To algorithmically connect a Rider's request with the nearest available Pilot using geospatial data.
  • Navigation: To calculate the Estimated Time of Arrival (ETA) and optimal route.
  • Communication: To facilitate masked calls between Rider and Pilot for coordination.

6. For Safety and Security (Vital Interest)

  • Emergency Response: In the event of an SOS/Panic Button press, We share real-time location and User details with Law Enforcement Agencies (LEAs) and Emergency Contacts.
  • Fraud Prevention: Device fingerprinting is used to detect collusion between Rider and Pilot or use of "Mock Location" software.
  • Audio Recording: During a trip, if the "Safety Toolkit" is activated, the App may record encrypted audio to be used only as evidence in case of a safety incident/dispute.

7. For Legal Compliance

  • Data Retention: To retain trip records for 3 to 24 months as mandated by the State Transport Department and Aggregator Guidelines for audit trails.
  • Taxation: To issue GST invoices and file TDS returns.

PART IV: CONSENT ARCHITECTURE

8. Request for Consent

Pursuant to Section 6 of the DPDP Act:

  • We request consent in clear, plain language.
  • Consent is granular. (Example: You can allow Location access but deny Contact Book access).
  • Notice: Every request for consent is accompanied by a Privacy Notice specifying the purpose of collection.

9. Withdrawal of Consent

  • You have the right to withdraw consent at any time via the "Privacy Settings" in the App.
  • Consequence: Withdrawal of consent for core data (e.g., Location for Riders, License details for Pilots) will result in the immediate inability to use the Service, as the Service cannot function without this data.
  • Retrospective Effect: Withdrawal of consent does not affect the legality of processing performed prior to the withdrawal.

PART V: DATA SHARING AND DISCLOSURES

10. Sharing between Rider and Pilot

  • Rider sees: Pilot Name, Photo, Vehicle Number, Rating, and Live Location.
  • Pilot sees: Rider Name (First name only), Pickup/Drop Location, and Rating.
  • Post-Trip: Personal contact details are hidden. In-app chat is disabled 1 hour after trip completion.

11. Sharing with Third Parties (Data Processors)

We engage third-party Data Processors under strict Data Processing Agreements (DPAs):

  • Cloud Infrastructure: (e.g., AWS/Google Cloud) hosting data within India.
  • Map Services: (e.g., Google Maps/MapmyIndia) for navigation.
  • Background Check Agencies: For verifying Pilot criminal records.
  • Payment Gateways: For processing fares.

12. Government & Law Enforcement

We may disclose data without Your consent strictly under the following conditions provided in the DPDP Act and IT Act:

  • To comply with a court order or order from a government agency authorized under law (e.g., Section 91 CrPC).
  • To prevent a cognizable offense or in medical emergencies involving a threat to life.

PART VI: DATA LOCALIZATION AND RETENTION

13. Storage in India

In strict compliance with the Motor Vehicle Aggregator Guidelines 2025 and the RBI Payment Data Storage Directives, all critical personal data, payment data, and geospatial trip data are stored exclusively on servers located within the territorial jurisdiction of India.

14. Retention Policy

  • Trip Data: Retained for 24 months from the date of the ride for safety audits and legal disputes.
  • Deleted Accounts: If You delete Your account, We retain "Transaction Data" for 8 years as required by the Income Tax Act, 1961, but obfuscate/anonymize "Identity Data."

PART VII: RIGHTS OF THE DATA PRINCIPAL

Under the DPDP Act, 2023, You possess the following rights:

15. Right to Access and Information

You have the right to request:

  • A summary of personal data being processed.
  • The identities of all Data Processors with whom Your data has been shared.

16. Right to Correction and Erasure

  • Correction: You may update your profile (Name, Email) directly in the App. For sensitive fields (Driver License), You must submit proof to Support.
  • Erasure (Right to be Forgotten): You may request the deletion of Your data. We shall comply unless retention is necessary for a legal purpose (e.g., a pending court case or statutory tax record).

17. Right to Grievance Redressal

You have the right to readily available means of grievance redressal regarding our data handling practices (See Article 20).

18. Right to Nominate

You have the right to nominate an individual who shall exercise Your rights under this Policy in the event of Your death or incapacity.

PART VIII: DRIVER-SPECIFIC PRIVACY TERMS (The "Pilot" Addendum)

19. Telematics and Performance Monitoring

  • Automated Processing: The Pilot acknowledges that City-Ryde uses automated algorithms to process Telematics Data.
  • Impact: Consistent detection of "Unsafe Driving" (hard braking, over-speeding >110% of limit) or "Route Deviations" will negatively impact the Pilot's internal score and may lead to algorithmic de-allocation of rides or platform suspension.
  • Transparency: Pilots may request a "Logic Explanation" for algorithmic decisions affecting their earnings (e.g., why a bonus was denied based on location data).

PART IX: SECURITY AND GRIEVANCE REDRESSAL

20. Data Security Practices

We implement IS/ISO/IEC 27001 standard security practices, including:

  • Encryption: Data at rest (AES-256) and data in transit (TLS 1.3).
  • Access Control: Role-Based Access Control (RBAC) ensuring only authorized employees access sensitive data.
  • Data Breach: In the event of a Personal Data Breach, We will notify the Data Protection Board of India and the affected Data Principals in the form and manner prescribed by the DPDP Act.

21. Contacting the Data Protection Officer (DPO)

If You have questions regarding this policy or wish to exercise Your rights, contact our statutory officer:

  • Email: privacy.dpo@city-ryde.in
  • Response Time: We are legally mandated to respond to Your grievance within 72 hours of receipt.

PART X: CHANGES TO THIS POLICY

We reserve the right to modify this Privacy Policy to reflect changes in the law (e.g., new rules notified under the DPDP Act). We will provide Notice of such changes via an in-app banner or email. Continued use of the Platform after the effective date implies Valid Consent to the updated terms.

YOU, THE DATA PRINCIPAL, HAVE READ AND UNDERSTOOD THE PRIVACY POLICY. YOU HEREBY GIVE YOUR FREE, SPECIFIC, INFORMED, AND UNCONDITIONAL CONSENT TO CITYRYDE TRANSPORTATION SERVICES PRIVATE LIMITED ("CITY-RYDE") TO PROCESS YOUR PERSONAL DATA FOR THE PURPOSES DESCRIBED ABOVE.

Follow Us