Privacy Policy

We collect the following categories of personal data when you use RideAlong:

• Account data: Name, email address, mobile number, profile photo, and password (hashed).
• Ride data: Rides created, rides joined, itineraries, check-in locations, and ride history.
• Payment data: Payment method type, last 4 digits of card, UPI ID, billing address, and transaction IDs. Full card details are processed by Razorpay and never stored on our servers.
• Device & usage data: Device type, operating system, app version, IP address, crash logs, and feature usage events.
• Location data: Approximate or precise location when you share live location during a ride (only with your explicit consent).
• Communications: Messages sent through in-app chat (WhatsApp groups are operated by Meta and subject to their privacy policy).

We process your personal data for the following purposes:

• Creating and managing your RideAlong account.
• Facilitating ride discovery, creation, and group coordination.
• Processing subscription payments and managing billing.
• Sending transactional notifications (ride confirmations, itinerary updates, payment receipts).
• Improving the app through analytics and crash reporting.
• Complying with applicable laws including the DPDP Act, 2023 and the Information Technology Act, 2000.
• Preventing fraud, abuse, and ensuring platform safety.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

We share your data only in the following limited circumstances:

• Other riders: Your name, profile photo, and ride activity are visible to members of rides you join or organise.
• Payment processors: Razorpay receives necessary data to process your subscription payment.
• Infrastructure providers: Cloudflare (CDN & storage), AWS / Hetzner (hosting), and similar services that process data on our behalf under Data Processing Agreements.
• Legal obligations: When required by Indian law, court order, or government authority.

We retain your data for the following periods:

• Account data: As long as your account is active, plus 30 days after deletion for backup purposes.
• Payment records: 7 years as required by Indian tax laws.
• Usage / analytics data: 12 months in identifiable form, then aggregated anonymously.
• Crash & error logs: 90 days.

After the applicable retention period, data is securely deleted or anonymised.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights:

• Right of access: Request a copy of all personal data we hold about you.
• Right to correction: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your account and associated personal data.
• Right to data portability: Receive your data in a machine-readable format (JSON).
• Right to withdraw consent: Withdraw consent to location tracking or marketing communications at any time.
• Right to grievance redressal: Lodge a complaint with our Grievance Officer (details below).

To exercise these rights, visit your Account page or email our Grievance Officer.

We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Bcrypt password hashing with per-user salts.
• Role-based access controls and audit logs for internal systems.
• Regular security audits and penetration testing.

Despite these measures, no system is 100% secure. Please notify us immediately if you suspect unauthorised access to your account.

Our website uses minimal, privacy-respecting cookies: a session cookie for authentication, and basic analytics to understand page traffic (no cross-site tracking). The mobile app does not use cookies. You can disable cookies in your browser settings, though this may affect website functionality.

RideAlong is not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has registered, we will promptly delete their account and associated data.

We may update this policy periodically. When we make material changes, we will notify you via in-app notification and email at least 30 days before the changes take effect. Continued use of RideAlong after the effective date constitutes acceptance of the updated policy.

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act, 2023, the details of the Grievance Officer are: