Legal

Privacy Policy

Effective May 31, 2026 · Version 1.1

Ride My Ride ("we", "us", "our") operates the Ride My Ride mobile application (the "App"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our marketplace for vehicle experiences—including exotic cars, boats, jet skis, UTVs, and ATVs.

1. Information We Collect

1.1 Information You Provide

Account information — name, email address, username, profile photo, and role (Passenger or Owner).
Payment information — payment card details and billing address, collected and processed securely by our payment processor, Stripe. We do not store full card numbers on our servers.
Booking details — experience selections, scheduled dates and times, number of passengers, meetup preferences, and cancellation or reschedule requests.
Vehicle & experience listings (Owners) — vehicle make, model, year, category (exotic car, boat, jet ski, UTV, ATV), passenger capacity, photos, experience descriptions, pricing, and location.
Waiver signatures — digital liability waiver acceptance records, including timestamp and signature image data used to evidence acceptance.
Owner compliance acknowledgements — records showing that Owners accepted vehicle-category-specific marketplace responsibility, permit, license, insurance, safety, tax, and indemnity attestations before creating vehicles.
Communications — any messages or feedback you send to us via the App or email.
In-app chat messages — messages exchanged between Owners and Passengers in connection with a booking, including text content, sender, recipient, timestamps, and any abuse reports filed against a message. Messages are scoped to a single booking and become read-only seven days after the trip ends.

1.2 Information Collected Automatically

Location information — approximate location (city/region level) used to show nearby experiences and, when you use live trip tracking or safety sharing features, precise or current location samples during the active trip feature.
Compliance evidence metadata — IP address, user agent, app version, and timestamp associated with legal, waiver, and Owner compliance acceptances.
Device information — device model, operating system version, app version, and build number.
Usage data — screens viewed, features used, and interaction patterns to help us improve the App.

1.3 Information from Third Parties

Sign-in providers — if you sign in with Apple or Google, we receive your name and email address as authorized by you. We do not receive your password from these services.
Payment processor — Stripe provides us with transaction status, payout records, and limited card details (last four digits, expiration) for display in your account.

2. How We Use Your Information

Purpose	Data Used
Create and manage your account	Name, email, username, profile photo, role
Process bookings and payments	Booking details, payment information
Calculate platform fees (20%) and owner payouts	Booking subtotals, payment records
Process refunds per cancellation policy	Booking timing, payment intent IDs
Show nearby experiences and support live trip safety features	Coarse location and active-trip location samples
Display vehicle listings and galleries	Vehicle details, photos
Record waiver acceptance	Waiver signature timestamps and digital signature image data
Record Owner compliance acknowledgement	Owner attestations, vehicle category, timestamp, IP address, user agent, and app version
Send booking updates and reminders	Email, booking details, notification preferences
Improve the App and fix bugs	Usage data, device information, error logs
Prevent fraud and enforce our Terms	Account activity, payment records

We do not sell your personal information. We share data only in the following circumstances:

Between Owners and Passengers — when a booking is confirmed, we share limited information between parties (display name, profile photo, experience location, scheduled time, meetup details) to facilitate the experience. This also includes any in-app chat messages exchanged between the two parties, which are visible only to those two participants and to Ride My Ride staff for trust and safety review.
Stripe — payment processing, including authorization holds, captures, and refunds. Stripe's privacy policy governs their use of your data.
Supabase — cloud infrastructure for data storage and authentication. Data is encrypted in transit and at rest.
Apple / Google — if you use Sign in with Apple or Google OAuth, limited data flows through their authentication services.
Legal requirements — we may disclose information if required by law, court order, or to protect the safety and rights of our users or the public.

4. Data Retention

Active accounts — we retain your data for as long as your account is active.
Booking, waiver, and Owner compliance records — retained for 3 years after the experience date or acceptance date for financial, dispute resolution, trust and safety, and legal compliance purposes, unless a longer period is required or permitted by law.
Chat messages — messages remain visible to participants for 90 days after the trip ends, after which they are soft-deleted. Soft-deleted messages are retained internally for up to one year for dispute resolution and trust & safety review, then permanently removed. Reports filed against messages are retained for the same period to support enforcement of our Terms.
Deleted accounts — when you delete your account through the App (Account Settings → Delete Account), we permanently remove your personal data within 30 days, except where retention is required by law or for ongoing dispute resolution.
Payment records — Stripe retains transaction records per their own retention policy and applicable financial regulations.

5. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

Access — request a copy of the personal data we hold about you.
Correction — update or correct inaccurate information via your profile settings.
Deletion — delete your account and associated data directly in the App (Account Settings → Delete Account), or by emailing us.
Data portability — request your data in a portable format.
Withdraw consent — where processing is based on consent, you may withdraw it at any time.
Notification preferences — manage booking update, reminder, and host action notifications in Account Settings.

To exercise any of these rights, contact us at support@ridemyride.app.

6. Regional Privacy Rights (GDPR & CCPA)

Depending on where you live, you may have additional rights under regional privacy laws. The rights described in Section 5 apply to all users; the protections below extend or formalize them for residents of the European Union, United Kingdom, and California.

6.1 European Union & United Kingdom (GDPR / UK GDPR)

If you are in the EEA or UK, the legal bases on which we process your personal data include:

Performance of a contract — processing necessary to fulfill bookings, payouts, and account management.
Legitimate interests — fraud prevention, platform safety, and improving the App.
Legal obligation — financial recordkeeping and responding to lawful requests from authorities.
Consent — for any optional processing where we explicitly ask, such as marketing communications.

You have the right to lodge a complaint with your local supervisory authority. International transfers of your data to the United States (where Supabase and Stripe operate) are protected by Standard Contractual Clauses.

6.2 California (CCPA / CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, share, and retain.
Request deletion of your personal information, subject to legal exceptions.
Correct inaccurate personal information.
Limit the use of sensitive personal information.
Opt-out of the “sale” or “sharing” of personal information — we do not sell or share personal information for cross-context behavioral advertising.
Non-discrimination for exercising your privacy rights.

To exercise any California-specific right, contact us at support@ridemyride.app. We will verify your identity before fulfilling deletion or correction requests.

7. Security

Authentication tokens are stored in the iOS Keychain.
All network communication uses HTTPS/TLS encryption.
Payment card data is handled entirely by Stripe and never stored on our servers.
Images are stored in secure cloud storage buckets with access controls.
We use row-level security policies on our database to ensure users can only access their own data.

8. Children's Privacy

Ride My Ride is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Third-Party Links

The App may contain links to third-party websites or services (e.g., Stripe payment pages). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Tracking and Advertising

Ride My Ride does not track you across other apps or websites. We do not use advertising identifiers (IDFA), and we do not share data with advertising networks or data brokers. Our Privacy Manifest declares NSPrivacyTracking = false.

11. Apple Privacy Details

As declared in our App Store privacy nutrition label and Privacy Manifest:

Data Type	Linked to You	Used for Tracking	Purpose
Email address	Yes	No	App functionality
Name	Yes	No	App functionality
Payment info	Yes	No	App functionality
Coarse location	No	No	App functionality
Photos or videos	Yes	No	App functionality

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: support@ridemyride.app
General support: support@ridemyride.app