This Privacy Policy describes how ApniRide ("we", "us", "our") collects, uses, and shares information when you use our mobile application (the "App"). By using the App you agree to the practices described here.
1. Who we are
We operate a ride-sharing app that connects drivers with riders for inter-city travel in Pakistan. If you have any questions about this policy, contact us at support@apniride.app.
2. Information we collect
2.1 Information you give us
- Account info — your name, email address, username, and (optionally) profile photo, short bio, and home city.
- Role choice — whether you signed up as a driver or a passenger. You can change this at any time.
- Vehicles (drivers only) — make, model, plate, vehicle type.
- Payment method labels (drivers only) — the payment channel you accept (cash, JazzCash, EasyPaisa, SadaPay, bank, other) and the account string you choose to share with riders so they can pay you. We do not process card payments and do not store card numbers.
- Trip details — origin, destination, departure time, seats, price per seat, parcel acceptance, ride rules, notes.
- Booking details — pickup point you set as a rider, seat count, request status.
- In-app messages — chat between rider and driver tied to a booking.
- Ratings and reviews — the stars and optional comment you leave for the other party after a completed trip.
2.2 Information we collect automatically
- Device location — when you grant the permission, we read your approximate location (city) to populate "From" defaults and surface nearby trips. During an active trip, the driver's precise location is shared with the riders on that trip until the trip ends.
- Push notification token — a device-unique identifier issued by Expo / Firebase Cloud Messaging so we can send notifications about bookings, requests, and trip status changes.
- Diagnostic information — basic technical info (operating system, app version, crash reports via Sentry) sent when API calls are made or unhandled errors occur.
2.3 Information we do NOT collect
- We do not access your contacts, calendar, microphone, SMS, or browsing history.
- We do not record audio or video.
- We do not use advertising identifiers (IDFA / GAID) and we do not display third-party advertising.
3. How we use information
- Provide the service: match riders and drivers, confirm bookings, show your trip route on a map, deliver chat messages, send notifications about bookings and trip status, surface a "Rate your trip" prompt after the trip ends.
- Account management: let you sign in, manage your profile, manage your vehicles and payment methods, and delete your account.
- Safety and abuse prevention: detect and respond to misuse of the service (spam reports, blocked users, repeat offenders).
- Service communications: occasional emails to the address on file about important account events. We do not send marketing emails.
4. Sharing of information
We share your information in only two situations.
4.1 With other users on a trip
Other users on the same trip as you can see information that is necessary to make the trip work:
- Your name, username, profile photo, rating, and verification badge.
- Your home city.
- The pickup point a rider sets (visible to the driver only).
- The driver's live location during an active trip (visible to accepted riders on that trip only).
- Messages exchanged in a booking-scoped chat.
- Reviews left after a trip (visible publicly under your profile).
4.2 With service providers ("processors")
We use third-party processors that handle data on our behalf under contractual terms. They cannot use your data for their own purposes:
| Provider | What they handle | Privacy policy |
|---|---|---|
| Clerk | Authentication (email + Google sign-in), session tokens, name, email, profile photo metadata | clerk.com/privacy |
| Supabase | Database, file storage (avatars), realtime updates, edge functions | supabase.com/privacy |
| Google Maps Platform | Geocoding, place autocomplete, directions | policies.google.com/privacy |
| Expo Push & Firebase Cloud Messaging | Push notification delivery | expo.dev/privacy |
| Sentry | Crash and error reporting (operating system, app version, stack traces, signed-in user id) | sentry.io/privacy |
We do not sell your data. We do not share your data with advertisers. We do not share your data with data brokers.
4.3 Legal disclosures
We may disclose information if required by law, court order, or a valid government request, or if necessary to protect the safety of users or the public. We will resist over-broad requests where possible.
5. Data retention
- Active accounts: we keep your data as long as your account is active so the app works (your trips, bookings, chat history, ratings, etc.).
- Deleted accounts: when you delete your account from inside the app, we permanently remove your profile, trips, bookings, messages, ratings, vehicles, payment-method labels, push token, and uploaded photos immediately. There is no recovery after deletion.
- Some operational logs may be retained for a short period for security and debugging purposes.
6. Your rights
You can:
- Access your data — most of it is visible inside the app (profile, trips, bookings, chat, reviews). For anything not visible, email us.
- Correct your data — edit your profile, vehicles, and payment methods inside the app.
- Delete your data — Profile → "Delete account" inside the app. This is immediate and irreversible.
- Object or restrict processing — by deleting your account.
- Withdraw consent — by removing the relevant permission (location, notifications, photos) in your device settings, or by deleting your account.
If you are in a jurisdiction with stronger data-protection laws (such as the EU/UK under GDPR, or California under CCPA), those rights apply to you. Email us to exercise them.
7. Children
The App is not directed to children under 13 (or the equivalent minimum age in your country). We do not knowingly collect data from children. If you believe a child has signed up, please contact us so we can delete the account.
8. Security
We use HTTPS/TLS for all network traffic. Authentication is handled by Clerk. Database access is gated by row-level security so users can only read and write their own data. Avatars are stored in a per-user folder. We monitor for misuse and respond to reports.
No system is perfectly secure. If you discover a vulnerability, please report it to security@apniride.app.
9. International transfers
Your data may be processed on servers operated by our service providers in countries outside Pakistan (Supabase, Clerk, Sentry and Google operate globally). We rely on the contractual safeguards offered by those providers, including standard contractual clauses where applicable.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. If the changes are significant we will notify you in the app or by email.
11. Contact us
If you have questions about this Privacy Policy or our data practices, email us at support@apniride.app.