Privacy Policy

Drively ("we", "our", or "us"), operated by Drively Mobility Solutions, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") and website.

By using Drively, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of information:

• Personal Identification Data: Full name, phone number (verified via OTP), email address, profile photo/selfie, date of birth, and gender.
• Identity Verification (KYC) Data (Drivers Only): To ensure passenger safety, we collect and verify the following government-issued documents from drivers:
  • Aadhaar Number: Verified through DigiLocker integration or Cashfree Secure ID APIs for identity authentication.
  • PAN Card Number: Verified through government-authorized verification APIs for identity cross-referencing.
  • Driving License (DL) Number: Verified to confirm the driver holds a valid license to operate vehicles.
  • Selfie / Face Photo: Used for AI-powered face-match verification and liveness detection against government photo IDs to prevent impersonation.
• Location Data: We collect precise GPS location data from your mobile device to:
  • Match you with nearby drivers
  • Track the driver's route during active trips
  • Calculate distance-based fares
  • Enable real-time trip sharing with your emergency contacts
  • Provide SOS emergency location alerts
  This includes foreground location (while app is open) and background location (during active trips only, for drivers).
• Vehicle Information: Make, model, color, year, transmission type, and registration number of the customer's vehicle (required for driver assignment).
• Camera & Photos: Camera access for capturing selfies (KYC verification), profile pictures, and document images. Photo library access for uploading existing photos.
• Device & Technical Data: Device model, operating system, app version, push notification tokens (Expo Push), IP address, and crash analytics for service improvement.
• Communication Data: In-app chat messages between customers and drivers, support chat conversations, and push notification records.
• Payment Data: Transaction history, payment method (Cash/UPI/Wallet), and wallet balance. We do not store full payment card details — these are processed by third-party payment gateways (Razorpay).
• Emergency Contacts: Names and phone numbers of contacts you designate for SOS emergency alerts.

2. How We Use Your Information

• To create, manage, and authenticate your account via OTP-based phone verification.
• To verify driver identity through government-authorized KYC processes (Aadhaar, PAN, DL, and face match).
• To match customers with available drivers based on proximity, vehicle type, and trip requirements.
• To enable real-time GPS tracking during active trips for route monitoring and fare calculation.
• To enable trip sharing so your family/friends can track your ride in real-time via a web link.
• To process payments, manage wallet balances, and generate invoices.
• To send push notifications for booking status updates (driver assigned, driver arrived, trip started/completed).
• To facilitate in-app chat between customers and drivers during active bookings.
• To enable SOS emergency alerts — notifying your emergency contacts and our team with your live location.
• To provide customer support through our in-app support chat system.
• To improve our services through anonymized analytics and crash reporting.
• To detect and prevent fraud, unauthorized access, and policy violations.

3. Third-Party Services & Data Sharing

We share your data with the following categories of third-party service providers, strictly for the purposes described:

• KYC Verification: Cashfree Payments (Secure ID product) for Aadhaar, PAN, DL verification, face-match, and liveness detection. DigiLocker integration for government document retrieval.
• OTP & Authentication: MSG91 for SMS OTP delivery and phone number verification.
• Push Notifications: Expo Push Notification service (by Expo/React Native) to deliver real-time alerts to your device.
• Cloud Storage: Cloudinary for secure storage of profile images, KYC selfies, and document photos.
• Maps & Geolocation: Google Maps Platform for mapping, geocoding, and distance/route calculations.
• Payment Processing: Razorpay for secure payment transactions. We do not store your card or UPI details.
• Hosting & Infrastructure: Railway (backend hosting), PostgreSQL database with encryption at rest.

We do not sell, rent, or trade your personal data to any third parties for marketing or advertising purposes.

With Your Assigned Driver/Customer: During an active booking, we share limited information with the other party — specifically: first name, phone number, vehicle details, and live location — solely to facilitate the service.

4. Data Storage & Security

• All data is transmitted over HTTPS/TLS encrypted connections.
• Authentication tokens are stored in Expo SecureStore (encrypted device storage) on mobile devices.
• Passwords and sensitive tokens are hashed using industry-standard algorithms (bcrypt).
• KYC documents (Aadhaar, PAN numbers) are stored in encrypted database fields and access is restricted to authorized verification processes only.
• Server infrastructure is hosted on Railway with automated backups and environment isolation.
• We implement role-based access controls and audit logging on all sensitive operations.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Active accounts: Your data is retained for as long as your account is active.
• Booking history: Trip records and transaction data are retained for 3 years for accounting, dispute resolution, and legal compliance.
• KYC data: Driver verification records are retained for as long as the driver's account is active, plus 1 year after account deletion for regulatory compliance.
• Chat messages: In-app messages are retained for the duration of the booking plus 90 days.
• Location data: Trip route data is retained for 6 months for fare disputes and safety audits, then anonymized.

6. Your Rights

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can update your profile information directly within the app.
• Deletion: You can request the deletion of your account and personal data (see Section 7).
• Portability: You can request an export of your data in a structured format.
• Withdraw Consent: You can withdraw consent for optional data processing at any time. Note that withdrawing consent for core data (e.g., location) will affect service functionality.

7. Account & Data Deletion

You have the right to request the deletion of your account and all associated personal data. You can initiate this request through either of the following methods:

• In-App: Go to Profile → Settings → Delete Account. Follow the on-screen confirmation steps.
• Email: Send an email to support@drively.app with the subject line "Account Deletion Request" and include your registered phone number.

Upon receiving a verifiable deletion request, we will delete your personal data from our active databases within 30 days. Certain data may be retained as required by law (e.g., transaction records for tax compliance, KYC records as mandated by Indian regulations).

8. Children's Privacy

Drively is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Effective Date". Continued use of the App after changes constitutes acceptance of the revised policy.

10. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is:

Name: Drively Support Team
Email: support@drively.app
Response Time: We will acknowledge your grievance within 48 hours and resolve it within 30 days.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@drively.app
Entity: Drively Mobility Solutions
Address: Hyderabad, Telangana, India