1. Who we are
iRhyde Mobility Holdings, Inc. (575 Market St, San Francisco, CA) and its subsidiaries act as data controller for rider and driver data, and as processor when we host the platform on behalf of enterprise clients.
2. Data we collect
- Identity data: names, profile photos, national IDs, driver licences, verification footage.
- Contact data: phone numbers, email, emergency contacts, corporate billing contacts.
- Geolocation & telemetry: precise GPS points, acceleration events, route histories, device language/OS, IP addresses.
- Financial data: masked payment tokens, payout details, invoices, tax certificates.
- Support data: chat transcripts, safety reports, recorded calls (with notice).
3. Why we process data
We rely on contractual necessity (service delivery), legitimate interests (safety, fraud prevention), legal obligations (regulatory reporting), and consent (marketing communications). Core purposes include onboarding, trip matching, navigation, payments, analytics, and dispute resolution.
4. Lawful bases summary
- Contractual necessity: creating accounts, dispatching trips, processing payments.
- Legitimate interests: preventing fraud, improving services, marketing similar services (subject to opt-out).
- Legal obligation: tax reporting, responding to lawful requests.
- Consent: optional marketing, background checks in certain jurisdictions, device permissions (camera, contacts).
4. Sharing & international transfers
Personal data may be shared with payment processors, cloud infrastructure providers, customer support vendors, regulators, or law enforcement pursuant to lawful requests. When data leaves its origin country we apply EU Standard Contractual Clauses or other approved safeguards and continuously assess sub-processors.
5. Retention
Trip and compliance records are retained for a minimum of 7 years to satisfy licensing and taxation requirements. Voice/safety data is retained for 2 years. Upon expiry we anonymize or securely destroy data unless litigation hold applies.
6. Security
We encrypt data in transit (TLS 1.3) and at rest (AES-256), enforce least-privilege access, monitor for anomalous activity, and conduct annual penetration tests. Breach notices will be issued within applicable statutory timelines.
7. Your rights
Subject to local law you may request access, correction, portability, restriction, deletion, or objection to processing. Submit requests through in-app privacy controls or via privacy@irhyde.com. EU/UK residents may raise concerns with their supervisory authority; US users may contact the FTC.
8. Profiling & automated decisions
We use automated scoring to detect risky activity (e.g., repeated cancellations, velocity of payout changes). You may request human review if a decision significantly impacts you.
9. Children
Our services are not directed to children under 16 and we do not knowingly collect their data. If we learn of such collection we delete it promptly.
10. Updates
We update this notice when laws or features change. Material updates will be highlighted in-app and on this page.
Effective 15 November 2025. Contact the Data Protection Officer at privacy@irhyde.com.