Privacy Policy

This Privacy Policy is governed by and compliant with the laws of India, including: • Information Technology Act, 2000 and its amendments • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) • Digital Personal Data Protection Act, 2023 (DPDP Act) Drivezi Technologies Private Limited, headquartered in Kolkata, West Bengal, India, acts as the Data Fiduciary (as defined under the DPDP Act) for processing your personal data.

We collect information you provide directly to us, including: • Account Information: Name, email address, phone number, and password when you create an account. • Sensitive Personal Data: As defined under Indian law, this includes passwords and financial information (processed only with explicit consent). • Trip Data: Source and destination addresses, scheduled times, and trip preferences. • Driver Information: For chauffeurs, we collect professional credentials, driving licence details, and driving history. • Payment Information: Billing details processed securely through RBI-compliant payment partners. • Communications: Messages between car owners and drivers within the app. • Usage Data: How you interact with our services, including features used and time spent.

In accordance with the DPDP Act, 2023, we process your personal data based on: • Explicit Consent: For sensitive personal data, you provide clear, informed consent before collection. • Legitimate Uses: Processing necessary for providing our services as described in our Terms of Service. • Legal Obligations: Compliance with Indian laws, court orders, or government directives. You may withdraw your consent at any time by contacting us at drivezi@gmail.com. Withdrawal of consent will not affect the lawfulness of processing conducted prior to withdrawal.

We use the information we collect to: • Provide, maintain, and improve our services • Process and coordinate trips between car owners and chauffeurs • Send you technical notices, updates, and administrative messages • Provide AI-powered recommendations for optimal departure times and routes • Respond to your comments, questions, and customer service requests • Monitor and analyze trends, usage, and activities • Detect, investigate, and prevent fraudulent transactions and abuse • Comply with legal obligations under Indian law

We share your information only in the following circumstances: • With Your Chauffeur: Trip details, pickup locations, and contact information necessary for service. • Service Providers: Third-party vendors who assist in providing our services, bound by data processing agreements compliant with Indian law. • Legal Requirements: When required by Indian law, court orders, or directives from government authorities including CERT-In. • Business Transfers: In connection with any merger, acquisition, or sale of company assets, with prior notice to affected users. We never sell your personal information to third parties for marketing purposes. Cross-border data transfers are conducted only with adequate safeguards as required under Indian law.

In compliance with the IT (Reasonable Security Practices) Rules, 2011, we implement robust security measures: • End-to-end encryption for all communications • Secure, encrypted storage for sensitive personal data • ISO/IEC 27001 compliant security practices • Regular security audits and vulnerability assessments • Strict access controls and authentication protocols • Incident response procedures with mandatory breach reporting to CERT-In within 6 hours as required by law While we strive to protect your information, no method of transmission over the Internet is 100% secure.

Under the DPDP Act, 2023 and related regulations, you have the following rights: • Right to Access: Request confirmation of whether we process your data and obtain a summary. • Right to Correction: Request correction of inaccurate or misleading personal data. • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements. • Right to Grievance Redressal: Lodge complaints with our Grievance Officer or the Data Protection Board of India. • Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity. • Right to Withdraw Consent: Withdraw previously given consent at any time. To exercise these rights, contact our Grievance Officer at drivezi@gmail.com. We will respond within 30 days as mandated by law.

In accordance with the Information Technology Act, 2000 and DPDP Act, 2023, we have appointed a Grievance Officer: Grievance Officer Drivezi Technologies Private Limited Kolkata, West Bengal, India Email: drivezi@gmail.com The Grievance Officer shall acknowledge your complaint within 24 hours and resolve it within 30 days from the date of receipt.

We retain your information for as long as your account is active or as needed to provide services. As per Indian legal requirements: • Account data is retained for the duration of the service relationship plus 5 years • Financial transaction records are retained for 8 years as per tax regulations • Trip history is retained for 3 years for service improvement and legal compliance • Data required for ongoing legal proceedings is retained until resolution You may request earlier deletion of specific data, subject to our legal obligations under Indian law.

In compliance with Indian data localisation requirements: • Payment data is stored exclusively within India through RBI-compliant payment processors • Critical personal data is primarily stored on servers located in India • Where cross-border transfers are necessary, we ensure compliance with applicable Indian regulations and implement appropriate safeguards

We may update this Privacy Policy from time to time. We will notify you of any material changes by: • Posting the new Privacy Policy on this page • Updating the "Last Updated" date • Sending you an email notification for significant changes • Obtaining fresh consent where required under the DPDP Act Your continued use of Drivezi after changes constitutes acceptance of the updated policy.