1. Information We Collect

1.1 Personal Information

When you create an account or use our Services, we may collect:

• Account Information: Full name, phone number, email address, password (stored securely as a hash), profile photo, and language preference.
• Customer Information: Saved locations (e.g., home, work), default payment method preference, and trip history.
• Driver Information: Driver's license number and expiry date, vehicle details (make, model, year, colour, license plate), online/offline status, and verification documents.

1.2 Driver Verification Documents

For driver registration, we collect identity and vehicle verification documents including:

• Identity card (front and back images)
• Driver's license (front and back images)
• Vehicle photograph
• Vehicle registration document

These documents are securely stored and used solely for the purpose of verifying driver eligibility.

1.3 Location Data

We collect location information as follows:

• Customers: Pickup and destination coordinates when booking a trip. Location data is collected only during active trip sessions.
• Drivers: Real-time GPS location while online/available and during active trips. This enables trip matching, navigation, and real-time tracking for customers.

1.4 Transaction and Payment Data

When you make or receive payments through our platform, we collect:

• Transaction amounts and currency
• Payment method type (e.g., FPX online banking, e-wallet)
• Transaction status and timestamps
• Payment gateway reference identifiers

We do not directly store your bank account login credentials or full card numbers. Payments are processed through our third-party payment gateway, GKash.

1.5 Driver Payout Information

For driver earnings withdrawal, we collect:

• Bank account holder name and account number
• Bank name and bank code
• E-wallet details (if applicable)

1.6 Device and Technical Data

• Push Notification Tokens: Firebase Cloud Messaging (FCM) tokens to deliver push notifications to your device.
• Usage Data: Trip activity, ratings, and interaction with the platform.

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Matching customers with nearby drivers, processing trip bookings, facilitating navigation, and enabling real-time trip tracking.
• Payments: Processing ride payments, calculating fares, managing driver earnings, and facilitating withdrawals.
• Safety and Verification: Verifying driver identity and eligibility, maintaining platform safety standards, and detecting fraudulent activity.
• Communication: Sending trip updates, booking confirmations, payment receipts, and important service notifications via push notifications.
• Platform Improvement: Analysing usage patterns to improve service quality, trip matching efficiency, and user experience.
• Late Penalty System: Monitoring pickup wait times to apply late penalties when customers delay boarding beyond the configured grace period, as displayed in the app.
• Customer Support: Responding to enquiries, resolving disputes, and managing penalty overrides or adjustments.
• Referral Programme: Tracking driver referral relationships and processing referral bonuses.

3. Location Data Usage

Location data is central to our ride-hailing service. Specifically:

• Trip Matching: We use your location to find the nearest available driver when you request a ride.
• Real-Time Tracking: During an active trip, the driver's location is shared with the customer for safety and transparency.
• Route Calculation: We use location data to calculate trip distance, estimated duration, and fare.
• Driver Availability: Driver location is used to display availability status and enable efficient dispatch.

Background Location (Drivers): The Driver App may collect location data in the background while the driver is set to "online" status. This is necessary for trip matching and dispatch. Drivers can stop location sharing by going "offline" in the app.

4. Payment Information

All payment transactions are processed securely through GKash, a licensed payment gateway in Malaysia. We support the following payment methods:

• FPX Online Banking
• E-wallets (Boost, GrabPay, Touch 'n Go eWallet, ShopeePay)

Payment transactions are secured using SHA-256 signature verification. We store transaction records (amount, status, reference ID) for accounting and dispute resolution purposes but do not store your banking credentials.

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

• Between Users: During an active trip, limited information is shared between the customer and driver (e.g., name, phone number, vehicle details, real-time location).
• Payment Gateway (GKash): Transaction details are shared with GKash for payment processing.
• Google Maps Platform: Location coordinates and addresses are sent to Google Maps for route calculation, distance estimation, and map display.
• Firebase (Google): Device tokens are used via Firebase Cloud Messaging for push notification delivery.
• Cloud Storage Provider: Profile photos and verification documents are stored with our cloud storage provider.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or government request.
• Safety: We may share information to protect the safety, rights, or property of our users or the public.

We do not sell your personal information to third parties.

6. Data Retention

• Account Data: Retained for as long as your account is active. Upon account deletion, personal data is anonymised or deleted within 90 days, except where retention is required by law.
• Trip Records: Retained for record-keeping, dispute resolution, and regulatory compliance.
• Payment Records: Retained as required by Malaysian financial regulations.
• Verification Documents: Retained while the driver account is active and for a reasonable period after account closure for compliance purposes.
• Location Data: Real-time driver location data is transient and regularly overwritten. Trip-related location data is retained with trip records.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• Passwords are stored using salted cryptographic hashing
• All data transmission is encrypted using HTTPS/TLS
• Payment transactions use SHA-256 signature verification
• Access to personal data is restricted to authorised personnel
• Authentication uses JSON Web Tokens (JWT) with token refresh mechanisms
• Database access is secured with role-based access controls

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate personal information through the app or by contacting us.
• Deletion: Request deletion of your account and associated personal data.
• Withdraw Consent: You may withdraw consent for data processing at any time, though this may affect your ability to use our Services.
• Location Opt-Out: Customers can deny location permissions (booking features will be limited). Drivers can go "offline" to stop location sharing.
• Notification Opt-Out: You can disable push notifications through your device settings.

To exercise any of these rights, please contact us using the details below.

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the app or via push notification. The "Last Updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: