Privacy Policy

Last updated: April 19, 2026

MVP / BETA VERSION

Note on MVP Stage: ShareAuto is in MVP (Minimum Viable Product) / Beta stage. This Privacy Policy describes our current data practices, which may evolve as the Platform develops. We collect only data necessary to provide our core location-matching service — no payment data, no ride transaction data, and no commercial transaction data is collected or processed.

This Privacy Policy describes how ShareAuto ("ShareAuto", "we", "us", or "our") collects, uses, discloses, and protects information when You ("You", "User", "Customer", or "Driver") use our website located at https://shareauto.in, our mobile application, or any related services (collectively, the "Platform").

This Privacy Policy is incorporated by reference into the Terms and Conditions accessible at https://shareauto.in/terms. This Privacy Policy is published in accordance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023, and the rules made thereunder.

By using the Platform and the Services, you agree and consent to the collection, use, storage, disclosure and sharing of your information as described in this Policy. If you do not agree with the Policy, please do not use or access the Platform.

1. SCOPE & NATURE OF OUR PLATFORM

1.1 This Privacy Policy explains our online and offline information practices, the kinds of information we may collect, receive, possess, process, and store, and how we intend to use, disclose or share such information.

1.2 Important context about our Platform: ShareAuto is currently a FREE, MVP/Beta technology platform that:

Facilitates discovery of nearby share-autos (connects Users with Drivers via location);
Does NOT process any payments or financial transactions;
Does NOT book rides or charge commissions;
Does NOT monetize Users or Drivers;
Does NOT collect payment information, bank details, or financial data.

Accordingly, the personal data we collect is limited to what is strictly necessary to operate the Platform.

2. DEFINITIONS

Unless otherwise defined, capitalized terms shall have the meanings set forth below:

"Customer" or "User" means a person who uses the Platform to locate and connect with Drivers.
"Driver" means an independent third-party auto-rickshaw operator registered on the Platform.
"Device" means the computer, mobile phone, tablet, or other device used to access the Services.
"Device Identifier" means the IP address or other unique identifier for the Device.
"Personal Information" means information that relates to a natural person and is capable of identifying such person.
"Sensitive Personal Data or Information" has the meaning given under the IT Rules, 2011.
"Usage Information" means information collected automatically when you use the Platform.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

We may ask you to provide certain information when you register, contact us for support, or interact with the Platform:

For all users:

Full name
Mobile phone number (10-digit Indian number)
Email address
Password (stored encrypted using industry-standard bcrypt)

For Drivers (additionally):

Gender
Residential address, state, and pincode
Driving license number
Vehicle registration number
Vehicle type

What we DO NOT collect: We do not collect bank account numbers, credit/debit card details, UPI IDs, Aadhaar numbers, PAN numbers, biometric data, or any financial information. We do not request or store criminal background check data.

3.2 Location Data

The Platform's core functionality depends on real-time location data:

For Customers: Precise GPS coordinates (latitude and longitude) while actively using the Application. Location updated approximately every 10 seconds.
For Drivers: Precise GPS coordinates while in "online" mode. Location updated approximately every 5-15 seconds.
Location broadcasting stops immediately when You close the Application, log out, or (for Drivers) go offline.

3.3 Authentication Data

OTPs generated during verification or password reset (retained for max 5 minutes);
JWT tokens issued upon successful authentication (valid up to 30 days);
Login attempt records for security and fraud prevention.

3.4 Device and Connection Data

Automatically collected when You access the Platform:

IP address
Browser type and version
Operating system
Device type and model
Date and time of access
Pages visited and actions taken within the Platform

4. HOW WE USE YOUR INFORMATION

We use the information collected for the following limited purposes:

To verify Your identity and create Your account;
To authenticate You during login and password reset via OTP;
To display nearby Drivers on the real-time map for Customers;
To enable Customers to see available Drivers in their vicinity;
To enable Drivers to be discoverable by nearby Customers;
To maintain Your account records;
To provide customer support and respond to inquiries;
To prevent fraud, unauthorized access, and illegal activity;
To detect and investigate violations of our Terms & Conditions;
To send service-related announcements (e.g., maintenance);
To send promotional communications (only with consent, with opt-out);
To improve Platform performance and user experience;
To comply with legal obligations.

We do NOT use Your data to:

Sell Your information to third parties;
Build advertising profiles about You;
Share with advertisers or marketing networks;
Use for any payment or financial transaction (the Platform does not process payments).

5. LOCATION DATA — DETAILED USE

5.1 For Customers

Shared with nearby Drivers (within a 2-10 km radius) ONLY while actively using the Platform;
Updated approximately every 10 seconds during active use;
Visible only to Drivers operating in Your vicinity;
Automatically stopped when You close the Application or log out.

5.2 For Drivers

Visible to all Customers within a 2-10 km radius while in "online" mode;
Updated approximately every 5-15 seconds while online;
Shown alongside Driver name and vehicle number to Customers;
Automatically stopped when Driver goes "offline" or logs out.

6. INFORMATION VISIBILITY

6.1 What Customers can see about Drivers:

Driver's real-time GPS location on map
Driver's first name
Vehicle registration number
Current trip route (if set)
Distance from the Customer's location

Customers CANNOT see: Driver's residential address, phone number, email address, driving license number, or full personal details.

6.2 What Drivers can see about Customers:

Customer's real-time GPS location
Customer's distance from the Driver

Drivers CANNOT see: Customer's phone number, email address, full name, or other personal details without the Customer's explicit action.

7. DATA RETENTION

We retain Your information only for as long as necessary to provide Services and fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Data Type	Retention Period
Personal Information (name, phone, email)	Until account deletion
Password (encrypted hash)	Until account deletion
Active location data	Up to 2 minutes
OTP records	5 minutes (automatically purged)
JWT authentication tokens	Up to 30 days (then expires)
IP address logs	Up to 30 days
Ride history (if enabled)	Until account deletion
Complaints and dispute records	Retained for legal compliance

Even after account termination, we may retain data for such statutory period as needed to comply with legal obligations, resolve disputes, prevent fraud, and enforce our Terms. Thereafter, data may be deleted or anonymized.

8. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade Your Personal Information to third parties for marketing purposes. We may share information only in these circumstances:

8.1 With Other Users (as described in Section 6)

8.2 With Service Providers

We may share information with trusted third-party service providers performing services on our behalf:

Cloud hosting providers (database and server hosting);
SMS and email delivery services (for OTPs and notifications);
Map and geolocation providers;
Analytics providers (using anonymized data only);
Customer support tools.

These third parties are contractually required to protect Your information and use it only for the specified purposes.

8.3 For Legal Reasons

We may access, preserve, and disclose Your information if we reasonably believe it is necessary to:

Comply with applicable laws, regulations, subpoenas, or governmental requests;
Enforce our Terms & Conditions;
Protect the safety, rights, property, or security of ShareAuto, our users, or the public;
Detect, prevent, or otherwise address fraud, security, or technical issues.

8.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, we reserve the right to transfer Your information to the successor entity, subject to this Privacy Policy.

9. DRIVER INFORMATION — LIMITED VERIFICATION

Important for Users: Driver information collected by us is based on self-declaration during registration. As an MVP platform, we do not conduct criminal background checks, driving history verification, or physical verification of documents. Users should exercise independent judgment regarding driver safety.

9.1 We collect the following from Drivers for operational purposes only:

Basic identity information (name, phone, email);
Address (for city-of-operation purposes);
Driving license number (for platform eligibility);
Vehicle registration number (for passenger verification before boarding).

9.2 We do NOT verify:

The authenticity of Driver documents beyond format checks;
Driver criminal history or background;
Vehicle insurance status;
Driver safety record or past violations.

9.3 Users are encouraged to verify Driver photograph and vehicle number at the time of boarding, and to follow the safety guidelines set out in our Terms & Conditions.

10. COOKIES AND TRACKING TECHNOLOGIES

We use limited tracking technologies:

localStorage: Used to store JWT authentication token and session data for persistent login. You can clear localStorage through browser settings to force logout.
Essential cookies: Used only as necessary for Platform functionality.

We do NOT currently use third-party advertising or cross-site tracking cookies. If this changes, the Privacy Policy will be updated and You will be notified.

11. SECURITY MEASURES

We implement industry-standard security measures to protect Your information:

Password security: Bcrypt hashing, never stored or transmitted in plain text;
Authentication: JWT-based authentication with expiration;
OTP security: 6-digit random OTPs with 5-minute expiration and attempt tracking;
Rate limiting: Applied on login, OTP, and password endpoints;
Encryption in transit: All data protected by HTTPS/TLS;
Access controls: Limited internal access on a need-to-know basis.

However, no security system is impenetrable. We cannot guarantee absolute security. You transmit information at Your own risk and are responsible for keeping Your password confidential.

12. YOUR RIGHTS

Under applicable Indian laws, including the Digital Personal Data Protection Act, 2023, You have the following rights:

Right to access: Request access to Personal Information we hold about You.
Right to correction: Request correction of inaccurate information.
Right to deletion: Request deletion of account and associated data (subject to legal retention).
Right to withdraw consent: Withdraw consent to processing at any time. Withdrawal may affect Your ability to use the Platform.
Right to data portability: Request a copy of Your data in a structured format, where technically feasible.
Right to grievance redressal: Contact our Grievance Officer to raise concerns.

To exercise any of these rights, please contact us at shareauto33@gmail.com.

13. ACCOUNT DELETION

You may request account deletion at any time by emailing shareauto33@gmail.com. Upon deletion:

Your account will be marked as inactive (soft delete);
Your location data will no longer be broadcast;
Your Personal Information will not be used for future services;
Certain data may be retained for legal compliance, dispute resolution, or fraud prevention.

14. CHILDREN'S PRIVACY

The Platform is not intended for users under 18. We do not knowingly collect Personal Information from children under 18. If we become aware of such collection, we will delete it promptly. Contact shareauto33@gmail.com if You believe a child has provided us with information.

15. THIRD-PARTY LINKS

The Platform may contain links to third-party websites. This Privacy Policy does not apply to those third parties. Please review their privacy policies before providing any information.

16. INTERNATIONAL DATA TRANSFERS

Your information is primarily stored on servers located in India or in data centers that comply with Indian data protection laws. Where data is transferred outside India, appropriate safeguards are in place as required under applicable law.

17. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Changes will be effective upon posting on the Platform. Where required by law, we will notify You by email or through a prominent notice. Please review this page periodically for the latest information.

18. GRIEVANCE OFFICER

In accordance with the Information Technology Act, 2000, the Grievance Officer designated for ShareAuto is available to address any grievances regarding this Privacy Policy or handling of Personal Information.

Grievance Officer:
ShareAuto
Email: shareauto33@gmail.com
Response time: Within 7 (seven) working days of receipt

19. CONTACT US

ShareAuto
Website: https://shareauto.in
General Support: shareauto33@gmail.com
Privacy Concerns: shareauto33@gmail.com
Grievance Officer: shareauto33@gmail.com