Privacy Policy
INTRODUCTION
Green Yellow Red LLC, doing business as GYR-Rides ("GYR-Rides," "Company," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website (gyr-rides.com), and related services (collectively, the "Platform" or "Services").
PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. If you do not agree with this Privacy Policy, please do not access or use our Services.
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- Third-Party Services
- Data Retention
- Data Security
- Your Privacy Rights
- Children's Privacy
- International Data Transfers
- California Privacy Rights (CCPA)
- Apple App Store & Google Play Disclosures
- Changes to This Privacy Policy
- Contact Us
1. INFORMATION WE COLLECT
We collect information in several ways when you use our Services:
1.1 Information You Provide Directly
Account Information:
- Full name (first and last name)
- Email address
- Phone number
- Password (stored in encrypted form)
- Profile photograph (optional)
- Mailing/billing address
Phone Number Verification & Two-Factor Authentication (2FA):
- Phone number used for SMS-based identity verification during account registration
- Phone number used for two-factor authentication (2FA) each time you log in to your account
- SMS verification codes sent via our third-party provider, Twilio, Inc.
- Verification status and timestamps
Payment Information:
- Credit/debit card details (processed and stored securely by Stripe)
- Billing address
- Payment transaction history
Communications:
- Messages sent through the Platform (rider-driver chat)
- Customer support inquiries and correspondence
- Feedback, ratings, and reviews
- Survey responses
Identity Verification:
- Date of birth (when required)
- Government-issued identification (when required for certain features)
1.2 Information Collected Automatically
Location Information:
- Precise GPS Location: When the app is in use (foreground), we collect precise location data to match you with nearby drivers, calculate accurate fares based on distance, provide real-time ride tracking, estimate arrival times, and enable safety features (share trip, emergency assistance).
- Background Location: With your permission, we may collect location data when the app is in the background to improve pickup accuracy and provide location-based notifications.
- Trip History: Pickup and drop-off locations, routes taken, date and time of rides.
Device Information:
- Device type, model, and manufacturer
- Operating system and version
- Unique device identifiers (IDFA, IDFV, Android Advertising ID)
- Mobile carrier information
- IP address
- Time zone and language settings
- App version
Usage Information:
- App interactions and feature usage
- Screens viewed and actions taken
- Session duration and frequency
- Crash logs and performance data
- In-app preferences and settings
Technical Information:
- Browser type (for web access)
- Referring/exit pages
- Date/time stamps
- Clickstream data
1.3 Information from Third Parties
- Social Media: If you choose to link social media accounts, we may receive your public profile information.
- Payment Processors: Transaction status and confirmation from Stripe.
- Mapping Services: Location verification and address data from Mapbox.
- SMS & Verification Providers: Phone number verification and 2FA delivery status from Twilio.
- Background Check Providers: Driver screening results from Checkr, Inc. (used to verify drivers on the platform for your safety; GYR-Rides does not conduct background checks on riders).
- Analytics Providers: Aggregated usage statistics and insights.
- Marketing Partners: Information about promotional campaigns (with consent).
2. HOW WE USE YOUR INFORMATION
We use the information we collect to:
2.1 Provide and Improve Services
- Create and manage your account
- Verify your identity via SMS-based two-factor authentication (2FA)
- Process ride requests and match you with drivers
- Calculate fares and process payments
- Provide real-time ride tracking and ETA information
- Enable communication between riders and drivers
- Process refunds, adjustments, and disputes
- Improve our algorithms and service quality
- Develop new features and offerings
2.2 Safety and Security
- Verify user identity and prevent fraud
- Authenticate users through two-factor authentication (2FA) at every login
- Monitor for suspicious or unauthorized activity
- Investigate and address safety incidents
- Facilitate emergency response and assistance
- Enforce our Terms of Service and policies
- Protect the rights and safety of users, drivers, and the public
2.3 Communications
- Send ride confirmations, receipts, and notifications
- Send SMS verification codes for account authentication
- Provide customer support
- Send service updates and important notices
- Deliver promotional offers and marketing communications (with consent)
- Conduct surveys and collect feedback
2.4 Legal and Regulatory Compliance
- Comply with applicable laws and regulations
- Respond to legal process and government requests
- Enforce our legal rights and defend against claims
- Maintain records as required by law
2.5 Analytics and Research
- Analyze usage patterns and trends
- Measure the effectiveness of marketing campaigns
- Conduct internal research and development
- Generate aggregated, de-identified insights
2.6 Personalization
- Customize your experience and recommendations
- Remember your preferences and settings
- Provide location-relevant content and offers
3. HOW WE SHARE YOUR INFORMATION
We may share your information in the following circumstances:
3.1 With Drivers
When you request a ride, we share with drivers:
- Your first name and profile photo (if provided)
- Pickup and drop-off locations
- Your rating
- Messages you send through in-app chat
- Real-time location during pickup
We do not share: Your email address, phone number (calls are anonymized), or payment details with drivers.
3.2 With Service Providers
We share information with trusted third-party service providers who assist us in operating the Platform, including:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Payment card details, billing address, transaction data |
| Twilio, Inc. | SMS verification & two-factor authentication (2FA) | Phone number, verification codes, delivery status, IP address |
| Mapbox | Maps and navigation | Location data, route information |
| Firebase (Google) | Push notifications, analytics | Device tokens, app usage data |
| Amazon Web Services | Cloud hosting and storage | Encrypted application data |
| Checkr, Inc. | Driver background checks | Driver identity data, criminal/driving records (drivers only) |
| Customer support tools | Support ticket management | Communications, account info |
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
3.3 With Affiliates
We may share information with our subsidiaries and affiliates for purposes consistent with this Privacy Policy.
3.4 For Legal Reasons
We may disclose information when we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, legal process, or government request
- Enforce our Terms of Service and other agreements
- Detect, prevent, or address fraud, security, or technical issues
- Protect the rights, property, or safety of GYR-Rides, our users, or the public
3.5 Business Transfers
In connection with any merger, acquisition, financing, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you of any such change.
3.6 With Your Consent
We may share information for other purposes with your explicit consent.
3.7 Aggregated and De-Identified Data
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including research, marketing, analytics, and improving our services.
4. THIRD-PARTY SERVICES
Our Platform integrates with and relies upon third-party services. Each has its own privacy practices:
4.1 Stripe (Payment Processing)
Stripe processes all payment transactions. When you add a payment method, your payment information is transmitted directly to Stripe and stored on their secure servers. GYR-Rides does not store complete credit card numbers.
- Stripe Privacy Policy: https://stripe.com/privacy
- Stripe Security: PCI-DSS Level 1 certified
4.2 Twilio (SMS Verification & Two-Factor Authentication)
Twilio provides SMS-based phone number verification and two-factor authentication (2FA) services. When you register for an account or log in, your phone number is transmitted to Twilio to deliver a one-time verification code via SMS. Twilio may process your phone number, verification code delivery status, IP address, and related metadata.
- Twilio Privacy Policy: https://www.twilio.com/en-us/legal/privacy
- Data Processed: Phone number, SMS delivery status, IP address, timestamps
- Purpose: Account verification at registration and login authentication via 2FA
4.3 Checkr (Driver Background Checks)
Checkr provides background screening services for drivers on the GYR-Rides platform. While riders do not interact directly with Checkr, driver screening results may inform safety-related decisions that affect the rider experience. Driver background checks include criminal history, driving records, and sex offender registry checks.
- Checkr Privacy Policy: https://checkr.com/privacy-policy
4.4 Mapbox (Maps and Location)
Mapbox provides mapping, navigation, and location services.
- Mapbox Privacy Policy: https://www.mapbox.com/legal/privacy
4.5 Firebase (Google)
Firebase provides push notification services, analytics, and crash reporting.
- Firebase Privacy: https://firebase.google.com/support/privacy
- Google Privacy Policy: https://policies.google.com/privacy
4.6 Apple (iOS Platform)
Apple provides services including Apple Pay and push notifications on iOS devices.
- Apple Privacy Policy: https://www.apple.com/legal/privacy
4.7 Google (Android Platform)
Google provides services including Google Pay and push notifications on Android devices.
- Google Privacy Policy: https://policies.google.com/privacy
5. DATA RETENTION
We retain your information for as long as necessary to:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 3 years after deletion |
| Ride history | 7 years (for tax and legal compliance) |
| Payment records | 7 years (legal requirement) |
| Location data | 90 days in detailed form; aggregated thereafter |
| SMS verification & 2FA logs | 90 days (phone number retained with account) |
| Communications | 3 years or as required by law |
| Marketing preferences | Until you opt out |
| Support tickets | 3 years after resolution |
After the retention period, we securely delete or anonymize your information unless longer retention is required by law.
Account Deletion: You may request account deletion at any time. Upon deletion:
- Your account will be deactivated immediately
- Personal data will be deleted within 30 days
- Certain records may be retained as required by law
- Your phone number and 2FA records will be purged within 30 days
6. DATA SECURITY
6.1 Technical Safeguards
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
- Encryption at Rest: Sensitive data is encrypted when stored
- Secure Authentication: Passwords are hashed using industry-standard algorithms; all accounts are protected by SMS-based two-factor authentication (2FA)
- Access Controls: Role-based access limiting employee access to data
- Network Security: Firewalls, intrusion detection, and regular security monitoring
6.2 Operational Safeguards
- Regular security assessments and penetration testing
- Employee training on data protection
- Incident response procedures
- Vendor security requirements
6.3 Payment Security
- PCI-DSS compliant payment processing through Stripe
- We never store complete credit card numbers
- Tokenization of payment methods
6.4 Your Responsibilities
You are responsible for:
- Maintaining the confidentiality of your account credentials
- Safeguarding your phone and SMS verification codes — never share 2FA codes with anyone
- Logging out of shared or public devices
- Reporting suspected unauthorized access immediately
No system is 100% secure. While we take extensive measures to protect your data, we cannot guarantee absolute security. You use the Services at your own risk.
7. YOUR PRIVACY RIGHTS
Depending on your location, you may have the following rights:
7.1 Access and Portability
You have the right to:
- Request a copy of the personal data we hold about you
- Receive your data in a structured, commonly used format
- Access your ride history and account information through the app
7.2 Correction
You may update or correct your account information at any time through the app settings or by contacting support.
7.3 Deletion
You may request deletion of your personal data, subject to certain exceptions (e.g., legal obligations, fraud prevention). You can delete your account directly in the app via Settings > Account > Delete Account, or by contacting privacy@gyr-rides.com.
7.4 Opt-Out Rights
You may opt out of:
- Marketing Communications: Through email unsubscribe links or app settings
- Push Notifications: Through device settings
- Location Services: Through device settings (note: this may limit functionality)
- Targeted Advertising: Through device advertising settings or Apple's App Tracking Transparency prompt
7.5 Restriction and Objection
You may request that we restrict processing of your data or object to certain processing activities.
7.6 Withdrawal of Consent
Where processing is based on consent, you may withdraw consent at any time.
7.7 How to Exercise Your Rights
To exercise any privacy rights:
- In-App: Settings > Privacy > Data Requests
- Email: privacy@gyr-rides.com
- Mail: Green Yellow Red LLC, Attn: Privacy
We will respond to requests within 30 days (or as required by applicable law). We may need to verify your identity before processing requests.
7.8 Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
8. CHILDREN'S PRIVACY
The Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.
If you believe we have collected information from a child under 18, please contact us immediately at privacy@gyr-rides.com.
Minors may ride in GYR-Rides vehicles only when accompanied by an adult account holder.
9. INTERNATIONAL DATA TRANSFERS
GYR-Rides is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
These countries may have different data protection laws than your country of residence. By using the Services, you consent to such transfers.
We implement appropriate safeguards for international transfers, including:
- Standard Contractual Clauses
- Data Processing Agreements with service providers
- Privacy Shield frameworks where applicable
10. CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
10.1 Right to Know
You have the right to know:
- Categories of personal information collected
- Sources of personal information
- Business purposes for collection
- Categories of third parties with whom we share information
- Specific pieces of personal information collected
10.2 Categories of Information
Categories Collected:
- Identifiers (name, email, phone, device IDs)
- Payment information
- Location data
- Commercial information (ride history)
- Internet/electronic activity (app usage)
- Inferences (preferences, characteristics)
Categories Sold or Shared:
- We do not sell your personal information
- We share information with service providers as described in Section 3
10.3 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
10.4 Right to Opt-Out
California residents have the right to opt out of the "sale" of personal information. GYR-Rides does not sell personal information as defined by the CCPA.
10.5 Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
10.6 Authorized Agents
You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authorization.
10.7 Shine the Light
California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
10.8 Contact for California Residents
To exercise CCPA rights:
- Email: privacy@gyr-rides.com
11. APPLE APP STORE & GOOGLE PLAY DISCLOSURES
11.1 App Tracking Transparency (iOS)
On iOS devices, GYR-Rides respects Apple's App Tracking Transparency (ATT) framework. Before collecting your Identifier for Advertisers (IDFA) or tracking your activity across other companies' apps and websites, we will request your permission through Apple's ATT prompt. You may change your tracking preferences at any time in your device settings under Settings > Privacy & Security > Tracking.
If you opt out of tracking, we will not use your IDFA for advertising purposes. Core app functionality (ride requests, navigation, payments) is not affected by your tracking choice.
11.2 App Privacy Details (Privacy Nutrition Labels)
In accordance with Apple App Store and Google Play requirements, the following summarizes the data GYR-Rides collects and how it is used:
| Data Type | Collected | Purpose | Linked to Identity |
|---|---|---|---|
| Name | Yes | App functionality, account management | Yes |
| Email Address | Yes | App functionality, account management, communications | Yes |
| Phone Number | Yes | App functionality, 2FA authentication, account verification | Yes |
| Payment Info | Yes | Payment processing (via Stripe) | Yes |
| Precise Location | Yes | App functionality (ride matching, ETA, navigation) | Yes |
| Device ID | Yes | Analytics, app functionality | Yes |
| Crash Data | Yes | Analytics, app improvement | No |
| Performance Data | Yes | Analytics, app improvement | No |
11.3 Account Deletion
In compliance with Apple App Store Review Guidelines (Section 5.1.1(v)) and Google Play policies, GYR-Rides provides the ability to delete your account and associated data directly within the app. To delete your account:
- In-App: Navigate to Settings > Account > Delete Account
- By Email: Send a request to privacy@gyr-rides.com
Upon account deletion:
- Your account is deactivated immediately and you will be logged out
- Personal data (name, email, phone, profile photo) is deleted within 30 days
- Ride history and payment records may be retained for up to 7 years as required by tax and legal obligations
- Aggregated, de-identified data that cannot identify you may be retained
11.4 Data Linked to You vs. Not Linked to You
Data linked to your identity: Name, email, phone number, payment information, location data, ride history, user ID.
Data not linked to your identity: Crash logs, aggregated performance data, de-identified analytics.
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Notification of Changes:
- We will post the updated Privacy Policy on this page
- We will update the "Last Updated" date
- For material changes, we will provide notice through the app, email, or other prominent means
Your Continued Use: Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.
Review Regularly: We encourage you to review this Privacy Policy periodically.
13. CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Green Yellow Red LLC (d/b/a GYR-Rides)
Privacy Inquiries:
Email: privacy@gyr-rides.com
General Support:
Email: support@gyr-rides.com
Legal Department:
Email: legal@gyr-rides.com
Website: https://gyr-rides.com
Response Time: We aim to respond to all privacy inquiries within 30 days.
ADDITIONAL DISCLOSURES
Cookie Policy (Web Users)
If you access our Services via a web browser, we may use cookies and similar technologies:
- Essential Cookies: Required for basic functionality
- Analytics Cookies: Help us understand usage patterns
- Functional Cookies: Remember your preferences
You can manage cookie preferences through your browser settings.
Do Not Track
Our Services do not currently respond to "Do Not Track" browser signals. However, you can manage tracking through the privacy settings described above.
Data Processing Agreement
For business users or partners requiring a Data Processing Agreement (DPA), please contact legal@gyr-rides.com.
BY USING GYR-RIDES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.