Privacy Policy
Last updated: March 9, 2026
Effective date: March 9, 2026
1. Introduction
ELARYSOFT SRL ("we", "our", or "us") operates the Rideshare Companion mobile application (the "App") and the web platform at rideshare-companion.ro (the "Website"). Together they are referred to as the "Service". This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.
This Privacy Policy applies to all users of the Service, including users in the European Economic Area (EEA), United Kingdom, and California, USA.
2. Information We Collect
We collect information you provide directly and information collected automatically.
2.1 Information You Provide
Account Information
- Email address (required for account creation)
- Full name (optional)
- Profile photo (optional)
- Authentication data from Google, Apple, or Facebook login
Vehicle Information
- License plate numbers
- Vehicle Identification Number (VIN)
- Vehicle make, model, and year
- Document information (ITP, insurance, ARR authorization expiry dates)
- Maintenance records and service history
- Odometer readings
Financial Information
- Expense records you manually enter (fuel, maintenance, insurance, etc.)
- Invoice data extracted via OCR scanning (Tesseract.js, processed locally)
- TVA (VAT) computation data for expense tracking
- Income simulation parameters (tax structure preferences, estimated earnings)
Platform Integration Data (Uber & Bolt)
- Uber: OAuth-authorized access to order history, earnings, trip details, and vehicle data via the Uber Driver API
- Bolt: Authorized access to order history, earnings, trip details, and vehicle data via Bolt APIs
- We only read data from these platforms — we never modify, create, or cancel orders or settings on your behalf
User-Generated Content
- Chat messages in topic rooms and direct messages (auto-deleted after 3 days)
- Fleet reviews and ratings
- Referral codes
- ARR document form submissions (personal data, company data, vehicle data for document generation)
2.2 Information Collected Automatically
Location Data (Sensitive)
- Precise location (GPS) — Used for surge prediction heatmap, nearby events, airport/train station arrivals, and weather alerts
- Background location — Used for trip tracking only when explicitly enabled by you
- City/region detection for localized content and weather data
You can disable location access at any time in your device settings. This will limit features like surge prediction, weather alerts, and trip tracking.
Device Information
- Device type and model
- Operating system and version
- Unique device identifiers
- App version
- Language and timezone settings
Usage & Analytics Data
- Features accessed and time spent
- Actions taken within the Service
- Error logs and crash reports (via Sentry)
- Performance metrics
- Feature flag assignments for A/B testing (via GrowthBook)
- Gamification data: XP earned, streaks, achievements unlocked
3. How We Use Your Information
Core Service Functionality
- Creating and managing your account
- Storing and displaying vehicle and document information
- Syncing and displaying Uber/Bolt order history and earnings
- Generating surge prediction heatmaps based on aggregated demand data
- Calculating income simulations and tax comparisons
- Generating ARR-compliant trip sheets and fiscal reports
- Processing ARR document form submissions for auto-generation
- Delivering chat messages between users
- Displaying fleet marketplace listings, reviews, and job postings
- Sending document expiration and weather alert notifications
- Tracking expenses and processing invoice OCR
- Managing subscriptions and processing in-app purchases
- Operating the referral and gamification systems
Service Improvement
- Analyzing usage patterns to improve features
- Running A/B tests via feature flags to optimize user experience
- Diagnosing technical issues via error tracking
- Developing new features based on usage data
Communication
- Push notifications for document expiry, weather alerts, and surge events (with your consent)
- Responding to support requests
- Notifying you of policy changes or important service updates
4. How We Share Your Information
We do not sell your personal information. We do not share your data with third parties for their marketing purposes.
We share information with the following service providers, solely to operate the Service:
Infrastructure & Data Storage
- Supabase — Self-hosted PostgreSQL database and authentication (stores account, vehicle, earnings, and document data)
- Convex — Real-time database for the chat system (stores messages with 3-day TTL, typing indicators, reactions)
Analytics & Error Tracking
- Sentry — Error tracking and crash reports (receives device info, error logs, breadcrumbs)
- GrowthBook — Feature flag management and A/B testing (receives anonymized feature flag assignments)
Platform Integrations
- Uber — OAuth-authorized data exchange for order and earnings sync
- Bolt — Authorized data exchange for order and earnings sync
- Mapbox — Map rendering and geocoding (receives location coordinates for map display)
- CarsXE — Vehicle image retrieval and VIN decoding (receives VIN/plate data)
Payments & Distribution
- RevenueCat — Subscription management (processes payment status, subscription type)
- Expo — App updates (OTA) and push notification delivery
Authentication Providers
- Google (if you sign in with Google)
- Apple (if you sign in with Apple)
- Facebook (if you sign in with Facebook)
Legal Requirements
We may disclose information when required by law, legal process, or government request, or to protect our rights, privacy, safety, or property.
5. Data Retention
- Account & vehicle data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Uber/Bolt synced data: Retained while your account is active and the platform is connected. Deleted with account deletion or upon disconnection request.
- Chat messages: Automatically deleted after 3 days (enforced by system cron).
- Location history: Retained for up to 12 months, then automatically deleted.
- Expense & financial data: Retained while your account is active. Deleted with account deletion.
- Fleet reviews: Retained indefinitely for marketplace integrity, but anonymized upon account deletion.
- Usage analytics: Retained in anonymized form for up to 24 months.
- Error logs: Retained for 90 days (Sentry).
- ARR document form data: Processed for document generation only; not stored after PDF export unless you choose to save it.
- Gamification data: Retained while your account is active. Deleted with account deletion.
6. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit (TLS/SSL)
- Encryption of data at rest
- Row-level security policies (RLS) in our PostgreSQL database — each user can only access their own data
- Secure authentication with JWT tokens and OAuth 2.0
- Supabase JWT to Convex auth bridge for chat security
- Regular security audits
- Access controls and employee training
- OCR processing (invoice scanning) runs locally on your device via Tesseract.js — images are not sent to our servers
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
7. Your Rights and Choices
7.1 All Users
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your account and data
- Data Portability: Export your data in a machine-readable format
- Withdraw Consent: Opt out of optional data collection
- Disconnect Integrations: Revoke Uber/Bolt access at any time from Account settings
7.2 Device Permissions
- Location: Enable/disable GPS and background location
- Notifications: Enable/disable push notifications (document expiry, weather, surge events)
- Camera/Photos: Enable/disable access for document uploads and invoice OCR
7.3 Account Deletion
You can delete your account at any time:
- Open the App and go to Account settings
- Tap "Delete Account"
- Confirm the deletion
Alternatively, visit rideshare-companion.ro/delete-account or email us at [email protected].
8. European Users (GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, you have additional rights under GDPR:
- Legal Basis: We process your data based on (a) your consent, (b) contract performance, (c) legal obligations, or (d) legitimate interests.
- Right to Object: You may object to processing based on legitimate interests.
- Right to Restriction: You may request we restrict processing of your data.
- Supervisory Authority: You have the right to lodge a complaint with your local data protection authority (ANSPDCP in Romania).
Data Controller: ELARYSOFT SRL, Romania
9. California Residents (CCPA)
If you are a California resident, you have additional rights under CCPA:
- Right to Know: Request information about data collected about you
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information
- Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise your CCPA rights, email [email protected].
10. Children's Privacy
The Service is not intended for children under 16 years of age.
We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. We will take steps to delete such information promptly.
11. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. Our service providers (Sentry, Convex, RevenueCat, GrowthBook, CarsXE) may be located in the United States or other countries.
When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top
- Notify you through the App, Website, or via email
- Request consent for significant changes where required by law
Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
We will respond to your request within 30 days (or sooner as required by applicable law).
14. Data Collection Summary
Summary of data collected, as required by app stores:
| Data Type | Collected | Purpose | Shared With |
|---|---|---|---|
| Yes | Account, Communications | Auth providers | |
| Name | Optional | Personalization | No |
| Precise Location | With permission | Surge heatmap, Events, Weather, Trips | Mapbox (coordinates only) |
| Vehicle Data | Yes | Core features, Documents | CarsXE (VIN only) |
| Uber/Bolt Data | With authorization | Earnings, Orders, Trip Sheets | No |
| Financial Data | User-entered | Expense tracking, TVA | No |
| Chat Messages | Yes (3-day TTL) | Communication | Convex |
| Device ID | Yes | Analytics, Errors | Sentry |
| Feature Flags | Yes (anonymous) | A/B testing | GrowthBook |
| Crash Logs | Yes | Bug fixes | Sentry |
| Purchase History | Yes | Subscriptions | RevenueCat |
| Gamification | Yes | XP, Streaks | No |