Contents
1. Introduction
Welcome to Rydex ("we", "our", or "us"). Rydex is a carpooling platform that connects drivers and passengers for shared rides. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the choices you have regarding your data.
By downloading or using the Rydex mobile application ("App"), you agree to the practices described in this policy. If you do not agree, please do not use the App.
2. Information We Collect
2.1 Information You Provide Directly
| Category | Data Points | When Collected |
|---|---|---|
| Account Registration | Full name, email address, phone number, password | Sign-up |
| Profile | Profile photo, date of birth, gender | Profile setup |
| Driver Onboarding | CNIC / national ID, driving licence number, document photos | Driver verification |
| Vehicle Information | Make, model, year, colour, registration plate, vehicle photos | Vehicle registration |
| Ride Posting | Origin, destination, departure time, available seats, fare | When posting a ride |
| Wallet / Payments | Bank account number, IBAN, deposit receipt images | Wallet top-up or withdrawal requests |
| Support Tickets | Issue description, category, attachments | When contacting support |
| Ratings & Reviews | Star rating (1–5), tags, written review | After a completed ride |
| Messages | In-app chat messages between driver and passenger | During ride coordination |
2.2 Information We Collect Automatically
- Device information: device model, operating system version, unique device identifiers, app version.
- Usage data: screens visited, features used, timestamps, session duration.
- Crash and diagnostic data: error logs and performance data to improve app stability.
- IP address: used for security and fraud prevention.
2.3 Location Information
We collect precise GPS location data when you use the App. See Section 5 for full details.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Create and manage your account | Name, email, phone, password | Contract performance |
| Verify driver identity and documents | CNIC, licence, document photos | Contract / legal obligation |
| Match drivers and passengers | Location, ride preferences | Contract performance |
| Display ride routes on map | Origin, destination, live GPS | Contract performance |
| Process in-app wallet transactions | Wallet balance, bank details, receipts | Contract performance |
| Manage escrow payments | Booking fare, wallet balance | Contract performance |
| In-app messaging | Chat messages, phone numbers | Contract performance |
| Send ride updates & notifications | Email, phone, device token | Legitimate interest / consent |
| Resolve support tickets | Ticket data, account history | Legitimate interest |
| Improve app performance | Usage & crash data | Legitimate interest |
| Prevent fraud & ensure safety | Account data, IP, device info | Legitimate interest / legal obligation |
| Comply with legal requirements | Any data required by law | Legal obligation |
5. Location Data
Foreground Location (while using the App)
- Used to display your position on the map, show nearby rides, and navigate routes.
- Collected only when the App is open and a ride is active.
Background Location (optional)
- If you are a Driver with an active ride, we may request background location to track the ride route and share your ETA with passengers.
- You will be explicitly prompted for background location permission before it is used.
- You can revoke this permission at any time in your device settings without losing access to the App.
Location Data Retention
Live location is not stored permanently. Ride route data (origin/destination) is retained as part of the ride record for billing and dispute resolution.
6. Payments & Wallet
Rydex operates an in-app wallet for ride payments. Fares are handled via an escrow system:
- When a driver accepts a booking, the fare is reserved from the passenger's wallet.
- Upon ride completion, the fare enters a 15-minute hold before being released to the driver.
- Cancellations trigger an automatic refund of reserved funds to the passenger.
Wallet top-ups are processed via manual bank transfer. You provide your bank receipt image for verification by our finance team. Withdrawal requests are reviewed before funds are sent to your provided bank account or IBAN.
We do not store full bank account credentials beyond what is necessary to process a single withdrawal request. Deposit receipt images are stored securely in private cloud storage.
7. Data Storage & Security
Your data is stored on Supabase infrastructure, which uses PostgreSQL databases hosted on AWS. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
We apply the following security measures:
- Row-Level Security (RLS) policies ensuring users can only access their own data.
- Role-based access control for admin operations (finance admin, support admin, moderator).
- Secure, signed URLs for private file storage (e.g., deposit receipts, profile images).
- Regular security reviews and access audits.
Despite these measures, no system is 100% secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorised access to your account.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion, then 30 days for recovery |
| Ride history | 3 years (for billing and dispute resolution) |
| Wallet transactions | 5 years (financial record-keeping) |
| Chat messages | 90 days after ride completion |
| Support tickets | 2 years |
| Document verification photos | Until account deletion |
| Crash / diagnostic logs | 30 days |
You may request earlier deletion of your data (see Section 9). Financial records may be retained longer where required by law.
9. Your Rights & Choices
You have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you.
- Correction: Update or correct inaccurate information via your profile settings.
- Deletion: Request deletion of your account and associated data. Some financial records may be retained as required by law.
- Data Portability: Request your data in a structured, machine-readable format.
- Withdraw Consent: Revoke location or notification permissions via device settings at any time.
- Opt Out of Communications: Unsubscribe from marketing emails using the link in any email we send.
To exercise any of these rights, contact us at support@rydex.bcshub.studio. We will respond within 30 days.
10. Children's Privacy
Rydex is intended for users aged 18 and over. We do not knowingly collect personal information from children under 13 (or the applicable age of digital consent in your jurisdiction).
If we learn that a child under 13 has provided us with personal information, we will delete it promptly. If you believe a child has registered on our platform, please contact us immediately.
11. Third-Party Services
The App integrates with the following third-party services that have their own privacy policies:
- Supabase: supabase.com/privacy
- Google Maps Platform: policies.google.com/privacy
- Google Play Services: policies.google.com/privacy
We are not responsible for the privacy practices of these third parties. We encourage you to review their policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the Effective Date at the top of this page.
- Display an in-app notification or send an email to your registered address.
Your continued use of the App after changes become effective constitutes acceptance of the revised policy. If you do not agree to the changes, you should stop using the App and may request account deletion.
13. Contact Us
If you have any questions, concerns, or requests about this Privacy Policy or your personal data, please reach out to us:
Rydex — Privacy & Data Protection
Email: support@rydex.bcshub.studio
Support: support@rydex.bcshub.studio
Developer: ByteCraftSoft