Privacy Policy

SelfDriveBLR ("we," "us," "our," or the "Platform") is a vehicle rental marketplace connecting car owners ("Partners") with individuals seeking self-drive rentals ("Users" or "Renters"). This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you use our platform, website, mobile applications, and related services.

By using SelfDriveBLR, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

This policy applies to all Users, Partners, visitors, and anyone accessing our platform. We comply with applicable Indian data protection laws, including the Digital Personal Data Protection Act (DPDP Act), 2023.

A. Identity & KYC Information:

• Full name, date of birth, gender
• Government ID (Aadhaar, PAN, Passport, or Driving License)
• Driving License details (number, validity, class of vehicles)
• Photograph and selfie verification for identity matching
• Address proof documents

B. Contact Information:

• Phone number (primary and emergency contact)
• Email address
• WhatsApp number (if different from primary)
• Residential address and current location

C. Booking & Transaction Data:

• Rental history, trip dates, pickup/drop-off locations
• Payment method details (tokenized, not full card numbers)
• Transaction IDs, invoices, refund records
• Security deposit payment records
• Damage claims and incident reports

D. Device & Technical Information:

• IP address, device type, operating system, browser type
• Device fingerprinting and unique identifiers
• App usage logs, crash reports, performance data
• Login timestamps and session data

E. Communications Data:

• Customer support calls (recorded for quality and dispute resolution)
• Chat messages, emails, WhatsApp conversations
• Reviews, ratings, and feedback submitted
• Dispute correspondence and evidence

Critical Disclosure:

Vehicles listed on the Platform may contain GPS devices, telematics systems, or IoT tracking hardware installed by Partners for security, theft prevention, trip management, and operational monitoring.

By proceeding with a booking, you explicitly consent to:

• Real-time GPS location tracking of the rented vehicle during the rental period
• Collection of trip route data, including start/end locations and waypoints
• Speed monitoring for safety and insurance compliance
• Geofencing alerts if the vehicle exits permitted zones
• Engine status, ignition on/off timestamps
• Emergency location sharing with authorities if required

Purpose of Tracking:

• Theft prevention and vehicle recovery: Immediate location data in case of unauthorized use
• Emergency response: Sharing precise location with police/ambulance during accidents
• Fraud detection: Identifying suspicious patterns (extended stops, route deviations)
• Insurance compliance: Validating trip data for claims processing
• Dispute resolution: Trip logs as evidence for damage or late return claims
• Partner protection: Ensuring vehicle safety and proper use

Important Notes:

• GPS tracking is active only during the confirmed rental period
• Partners cannot track your personal device or location outside the rental period
• Trip history is retained per our data retention policy (Section 10)
• You may request your trip data logs at any time

To maintain platform integrity and protect all users, we employ automated fraud detection and security monitoring systems. By using our platform, you consent to these protective measures.

Security Measures Include:

• Device fingerprinting: Analyzing device characteristics to detect suspicious logins
• IP analysis: Monitoring for unusual login locations or VPN/proxy usage
• Behavioral monitoring: Detecting patterns consistent with account takeover or abuse
• Payment fraud checks: Verifying transaction authenticity with payment providers
• Duplicate account detection: Identifying multiple accounts from same individual
• Identity verification: Cross-referencing KYC documents with government databases
• Risk scoring: Assigning risk ratings to bookings based on user history and behavior

Automated Decision-Making:

Our systems may automatically flag, restrict, or suspend accounts based on risk indicators. These decisions are subject to human review upon request. You have the right to contest automated decisions.

Account Suspension During Investigation:

We may temporarily restrict account functionality during fraud investigations, security incidents, or compliance reviews. Evidence related to suspected violations may be preserved beyond standard retention periods.

Primary Purposes:

• Facilitating vehicle bookings, payments, and trip management
• Verifying identity and eligibility (age, valid DL, KYC compliance)
• Processing security deposits, rental charges, and refunds
• Providing customer support and dispute resolution
• Ensuring platform safety and fraud prevention
• Legal compliance, tax reporting, and regulatory obligations

Secondary Purposes (with consent where required):

• Service improvement and platform optimization
• Marketing communications (only if you opt-in)
• Analytics and usage pattern analysis
• Insurance and legal claim processing

Legal Basis for Processing (DPDP Compliance):

• Consent: Explicit consent for KYC, GPS tracking, marketing
• Contract: Necessary to fulfill rental agreements
• Legal Obligation: Tax, regulatory, and law enforcement compliance
• Legitimate Interest: Fraud prevention, security, platform integrity

Information Shared with Vehicle Partners:

To facilitate rentals, we share the following with the Partner whose vehicle you book:

• Your full name and contact number (for pickup coordination)
• Booking dates, times, and pickup/drop-off locations
• KYC verification status (verified/unverified, not document details)
• Emergency contact name and number (if provided)
• Trip-specific notes or special requirements you specify

Partner Obligations:

• Partners may NOT use your information for marketing without explicit consent
• Partners may NOT share your data with third parties
• Partners must delete your contact information after the rental period ends (unless required for disputes)
• Partners are contractually bound to data protection obligations

Service Providers & Processors:

• Payment gateways (Razorpay, etc.) — for transaction processing
• Cloud hosting providers (Firebase, Supabase) — for data storage
• KYC verification services — for identity validation
• SMS/email/WhatsApp gateways — for communication delivery
• Analytics services — for platform improvement

Legal & Safety Disclosures:

We may disclose information where required to:

• Comply with court orders, subpoenas, or legal processes
• Respond to lawful government and law enforcement requests
• Investigate fraud, theft, accidents, or platform abuse
• Protect rights, safety, or property of Users, Partners, or SelfDriveBLR
• Enforce our Terms of Service and legal agreements

We cooperate with law enforcement and regulatory authorities in accordance with applicable laws. We may preserve, access, or disclose user information, trip records, GPS logs, communications, or KYC records where reasonably necessary for:

• Compliance with legal obligations, court orders, or statutory requirements
• Response to lawful requests from government agencies, police, or judicial authorities
• Investigation of criminal activity including theft, fraud, hit-and-run, or vehicle misuse
• Emergency situations involving imminent danger to life or public safety
• Protection of our legal rights, property, or the safety of our users and partners
• Resolution of accidents, insurance claims, or civil disputes

Data Preservation:

Upon receiving a valid legal request or becoming aware of potential legal proceedings, we may preserve relevant data beyond standard retention periods. This includes trip logs, communications, KYC records, and GPS tracking history related to specific incidents.

Transparency Reporting:

Where legally permitted, we may publish aggregated statistics about government data requests received and responded to.

While we implement commercially reasonable technical and organizational safeguards, no digital platform or transmission method can be guaranteed to be completely secure or immune from unauthorized access, cyberattacks, or system failures.

Security Measures Include:

• Encryption: AES-256 encryption for data at rest; TLS 1.3 for data in transit
• Access Controls: Role-based access with principle of least privilege
• Multi-Factor Authentication (MFA): Required for all admin and staff accounts
• Audit Logging: Comprehensive logs of data access and modifications
• Network Security: Firewalls, DDoS protection, intrusion detection
• Regular Assessments: Security audits and vulnerability testing
• Staff Training: Data protection and privacy awareness for employees

Payment Security:

Payments are processed through PCI DSS compliant third-party providers. We do not store full credit card numbers or CVV codes. Payment tokens are used for subsequent transactions.

Breach Notification:

In the event of a data breach affecting your personal information, we will notify you promptly as required by applicable law, including through email, app notifications, or prominent website notices.

Your information may be processed or stored on servers located outside your state or country, including cloud infrastructure operated by Firebase (Google), Supabase, and other service providers. These locations may include India, the United States, the European Union, and other jurisdictions.

We implement appropriate contractual and technical safeguards for cross-border transfers, including Standard Contractual Clauses (SCCs) where required by law. All processing remains subject to this Privacy Policy regardless of server location.

By using our platform, you consent to the transfer, storage, and processing of your data in jurisdictions outside your residence, which may have different data protection laws.

We retain information only for as long as reasonably necessary for legal compliance, fraud prevention, taxation, dispute resolution, enforcement of agreements, and legitimate business purposes.

Retention Periods by Category:

• Active Account Data: Retained while your account is active
• Booking & Trip Records: 5 years from trip completion (for disputes, insurance, tax)
• Financial Transactions: Up to 7 years as required by tax and accounting laws
• KYC Documents: Duration of account activity + 3 years post-closure
• GPS/Trip Logs: 2 years from trip date (unless required for legal proceedings)
• Communications (support chats/calls): 2 years for quality and dispute resolution
• Marketing Preferences: Until you withdraw consent or close account
• Fraud/Security Records: Up to 7 years for legal protection and pattern detection

Data Deletion Limitations:

Certain information may continue to be retained despite deletion requests where required for:

• Legal, taxation, or regulatory compliance obligations
• Fraud prevention and security investigation
• Dispute resolution, litigation, or legal claims
• Enforcement of our agreements and legal rights
• Valid law enforcement or government requests

In such cases, data will be retained in anonymized or restricted-access form where possible.

Under applicable data protection laws, you have the following rights:

• Access: Request copies of your personal data we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal limitations)
• Portability: Request transfer of your data to another service
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or direct marketing
• Withdraw Consent: Withdraw previously given consent (does not affect prior lawful processing)

How to Exercise Your Rights:

Submit requests via email to hello@selfdriveblr.app or through your account settings. We will respond within 30 days. We may verify your identity before processing requests to prevent fraud.

Grievance Officer:

For data protection concerns or complaints under Indian law:

• Name: Shivam
• Email: grievance@selfdriveblr.com
• Address: HSR Layout, Bangalore, Karnataka
• Grievances acknowledged within 24 hours, resolved within 7 working days

To ensure service quality, resolve disputes, and maintain security records, we may record and retain certain communications:

• Phone Calls: Customer support calls may be recorded with prior notice
• Chat Messages: In-app and WhatsApp support conversations are retained
• Email Correspondence: All business-related emails are archived
• SMS Notifications: Delivery logs retained for service verification

These records serve as evidence in disputes, help us improve service quality, and protect both Users and Partners. By contacting our support channels, you consent to such recording and retention.

We use cookies and similar technologies to enhance your experience, analyze usage, and improve our services. See our Cookie Policy for detailed information.

Types of cookies we use:

• Essential: Required for platform functionality (login, booking flow)
• Analytics: Help us understand usage patterns and improve services
• Preference: Remember your settings and preferences
• Security: Detect suspicious activity and prevent fraud

You can manage cookie preferences through your browser settings. Disabling essential cookies may limit platform functionality.

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected data from a minor, we will delete it promptly.

Vehicle rental services require a valid Driving License, which cannot legally be held by minors in India.

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or platform features. Material changes will be notified through:

• Email notification to registered users
• App notifications for active users
• Prominent notice on our website
• Updated "Last Updated" date at the top of this policy

Continued use of our services after policy updates constitutes acceptance of the revised terms. We encourage you to review this policy regularly.

Data Protection Queries:

• Email: hello@selfdriveblr.app
• WhatsApp: +91 70044 36044
• Hours: Mon-Sun 7:00-22:00 IST

Grievance Officer (as per IT Act 2000 & DPDP Act 2023):

• Name: Shivam
• Email: grievance@selfdriveblr.com
• Address: HSR Layout, Bangalore, Karnataka
• Response Time: 24 hours acknowledgment, 7 days resolution

Legal Address:

SelfDriveBLR, HSR Layout, Bangalore, Karnataka, India