Who We Are
Ridekro is a ride-booking platform operated by Ridekro Technologies, an India-based startup. Our platform connects riders with auto-rickshaw and local ride drivers through our mobile application.
This Privacy Policy applies to all users of the Ridekro mobile application (Android), our website, and any related services. By using Ridekro, you agree to the practices described in this policy.
For any privacy-related concerns, contact us at: pawadeshlok@gmail.com
Information We Collect
2.1 Account Information
When you register on Ridekro, we collect:
- Mobile phone number — used as your primary identifier and for OTP-based authentication
- Full name — to personalise your experience and display to the other party during a ride
- Email address (when provided) — used for account communications and emergency contact notifications
- Role — whether you are using the app as a passenger or a driver partner
- Profile photo (optional) — to help the other party identify you during a ride
2.2 Emergency Contact & Safety Data
Passengers can save an emergency contact in their profile for use during the SOS safety feature. We collect:
- Emergency contact name
- Emergency contact phone number
- Emergency contact email address
2.3 Location Data
Ridekro requires access to your device's location to function. We collect:
- Precise GPS location — to show your position on the map, match you with nearby drivers, and calculate routes
- Pickup and drop-off coordinates — stored as part of your ride history
- Live trip coordinates — shared with the assigned driver or passenger during an active ride for real-time tracking
- SOS coordinates — your live GPS location is included in the emergency alert sent to your emergency contact when SOS is activated
- Driver location (for drivers) — continuously tracked while the app is active in driver mode and a ride is in progress, to enable real-time tracking for passengers
2.4 Camera & Media Access
The app requests camera and media library access for the following purposes:
- Driver verification documents — capturing or selecting photos of your Aadhaar card, PAN card, and driving licence during the KYC onboarding flow
- Driver profile photo — taking or uploading a profile photo during driver registration
- Image compression — uploaded images are compressed on-device before being sent to our servers to reduce file size
Camera access is only requested when you are actively using a document upload or photo capture feature. We do not access your camera or media library at any other time.
2.5 Ride Data
- Ride requests, status updates (requested, accepted, started, completed, cancelled), and cancellation reasons
- Pickup and destination locations, timestamps, fare, and assigned driver or passenger details
- Trip OTP verification events
- Ride history across all completed and cancelled trips
- Ratings and feedback when provided after a ride
2.6 Payment & Wallet Information
Payments on Ridekro are processed by Razorpay. We do not store your full card numbers, CVV, or banking credentials on our servers. We receive and store:
- Transaction ID and payment status from Razorpay
- Payment method type (UPI, card, wallet — not the full details)
- Fare amount and timestamp
- Wallet balance and transaction history (for in-app wallet features)
- Driver earnings, commission percentage, dues, and payout history
2.7 Driver-Specific Information
Drivers registering on Ridekro provide additional information for KYC verification:
- Full name and profile photo
- Aadhaar card — image upload for identity verification
- PAN card — image upload for identity verification
- Driving licence — licence number and image upload
- Vehicle type and vehicle registration number
- Verification status and review history
- Finance data: dues, commission percent, payment history, and account status
Driver documents are stored securely in a private Supabase Storage bucket and are used solely for verification and compliance purposes. Documents are not publicly accessible.
2.8 Device & Technical Data
- Device type, operating system version, and app version
- Push notification token (for sending ride alerts)
- IP address and approximate region (for fraud prevention)
- App usage logs and crash reports
How We Use Your Information
We use the data we collect for the following purposes:
- Ride matching: Connecting passengers with nearby available drivers based on location
- Authentication: Verifying your identity via OTP sent to your registered phone number
- Navigation: Calculating routes and estimated arrival times using OpenStreetMap and OSRM
- Payment processing: Facilitating secure fare collection and wallet transactions via Razorpay
- Push notifications: Sending ride status updates, driver arrival alerts, verification updates, and important account notifications via Expo Push Notifications
- Safety & SOS: Sending your live location and ride context to your emergency contact when you activate the SOS feature
- Camera & document upload: Capturing and uploading driver KYC documents (Aadhaar, PAN, licence, profile photo) during driver onboarding
- Driver verification: Reviewing uploaded documents to approve driver accounts before they can go online
- Earnings & wallet: Tracking driver earnings, commission dues, and passenger wallet balances
- Fraud prevention: Detecting and preventing misuse, fraudulent rides, or suspicious account activity
- Customer support: Resolving disputes, complaints, and ride-related issues
- Service improvement: Analysing aggregated, anonymised usage patterns to improve the app
- Legal compliance: Meeting obligations under applicable Indian laws
OTP Authentication & Phone Number Handling
Ridekro uses One-Time Password (OTP) authentication for all sign-ins and registrations. When you log in or register:
- An OTP is sent to your mobile number via SMS through our SMS provider (Twilio)
- The OTP is valid for a limited time and is single-use only
- Your phone number is stored securely in our database and is never shared with drivers, passengers, or third parties for marketing purposes
- During an active ride, the other party sees only your first name — your phone number is not displayed directly
- A separate OTP is used to verify ride start — the passenger shares a trip OTP with the driver to confirm the ride has begun
Your phone number is your account identifier. If you wish to change it, please contact support at pawadeshlok@gmail.com.
Third-Party Services We Use
Ridekro integrates with the following third-party services to deliver its functionality. Each service has its own privacy policy:
Twilio
We use Twilio's Verify service to send OTP SMS messages for authentication. Twilio receives your phone number to deliver the OTP. Twilio does not retain your number for any purpose beyond message delivery. Twilio Privacy Policy ↗
Supabase
We use Supabase for our primary database (PostgreSQL), backend authentication infrastructure, and secure file storage for driver KYC documents. Your data is stored on Supabase's infrastructure hosted on AWS. Supabase is SOC 2 compliant. Driver documents are stored in a private bucket with no public access. Supabase Privacy Policy ↗
Razorpay
All payment transactions are processed by Razorpay, a PCI-DSS Level 1 compliant payment gateway licensed in India. Razorpay may collect and process your payment details in accordance with their privacy policy. Razorpay Privacy Policy ↗
Resend
We use Resend to send transactional emails, including SOS emergency alert emails to your emergency contact. When SOS is triggered, your emergency contact's email address and the ride context (your name, live location, driver details) are passed to Resend for delivery. Resend Privacy Policy ↗
Expo (Push Notifications)
We use Expo's push notification service to send ride alerts, verification updates, and other notifications to your device. Expo receives your device's push token for this purpose. Expo Privacy Policy ↗
Google Places
We use the Google Places API (via our backend proxy) for location search and autocomplete when you enter a pickup or destination address. Search queries are sent to Google through our backend — your account identity is not attached to these requests. Google Privacy Policy ↗
OpenStreetMap, Nominatim & OSRM
We use OpenStreetMap for map rendering, Nominatim for reverse geocoding (converting coordinates to readable addresses), and OSRM for route calculation and ETA estimation. These services receive location coordinates through our backend proxy. No personally identifiable information is attached to these requests. OpenStreetMap Privacy Policy ↗
Data Storage & Retention
Your data is stored on secure servers managed by Supabase (hosted on AWS infrastructure). All data in transit is encrypted using TLS/HTTPS. Data at rest is encrypted by Supabase's storage layer.
We retain your data as follows:
- Account data: Retained for as long as your account is active
- Ride history: Retained for 3 years for dispute resolution and legal compliance
- Payment records: Retained for 7 years as required under Indian financial regulations
- Driver documents: Retained for the duration of the driver's active status, plus 1 year after account closure
- Deleted accounts: Personal data is removed within 30 days of a verified deletion request, except where retention is legally required
Your Data Rights
As a Ridekro user, you have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Correction: Ask us to correct inaccurate or incomplete data
- Right to Deletion: Request deletion of your account and personal data (see our Account Deletion page)
- Right to Withdraw Consent: Withdraw consent for optional data processing at any time
- Right to Data Portability: Request your ride history and account data in a portable format
To exercise any of these rights, email us at pawadeshlok@gmail.com with the subject line "Data Rights Request". We will respond within 30 days.
Push Notifications
Ridekro sends push notifications to keep you informed. These include:
- Ride request alerts (for drivers)
- Ride assignment and driver en-route updates (for passengers)
- Ride start, completion, and cancellation confirmations
- Driver verification status updates
- Safety and operational alerts
- Important account notifications
You can manage notification preferences in your device settings. Disabling notifications may affect your ability to receive real-time ride updates.
Children's Privacy
Ridekro is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a user is under 18, we will promptly delete their account and associated data. If you believe a minor has registered on our platform, please contact us at pawadeshlok@gmail.com.
Data Protection Statement
Ridekro Technologies takes the security of your personal data seriously. We implement the following measures:
- All API communications are encrypted via HTTPS/TLS
- Database access is restricted to authorised personnel only
- Driver documents are stored in private, access-controlled Supabase Storage buckets
- Payment data is handled exclusively by Razorpay — we never store raw card or banking credentials
- Regular security reviews of our backend infrastructure
- Row-level security (RLS) policies enforced at the database level via Supabase
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make significant changes, we will notify you via the app or email. The "Last Updated" date at the top of this page reflects the most recent revision.
Continued use of Ridekro after changes are posted constitutes your acceptance of the updated policy.
Contact Us
For any privacy-related questions, data requests, or concerns, please reach out to us:
- Email: pawadeshlok@gmail.com
- Company: Ridekro Technologies
- Country: India
We aim to respond to all privacy-related inquiries within 30 business days.