Privacy Policy
Last updated: October 2025
1. Data Controller
RIDE MATE LLC
661 NE 68th Street, Miami, Florida 33138, USA
Document Number: L25000198352
Email: contact@ridemate.ai
EU Representative (Article 27 GDPR)
Sacha Hertz
Email: contact@ridemate.ai
2. Territorial Scope & Applicable Law
Primary scope (current launch in the U.S.). Ride Mate LLC is a U.S.-based controller. The U.S. has no single federal privacy law. Instead, several U.S. state privacy laws may apply depending on a user’s state of residence and whether statutory thresholds are met. For example, the California Consumer Privacy Act (as amended by the CPRA) may apply to for-profit businesses that do business in California and meet at least one of the following: (i) annual gross revenue over $25 million; (ii) buy, sell, or share the personal information of 100,000 or more consumers or households; or (iii) derive 50% or more of annual revenue from selling personal information.
GDPR (EU/EEA). The EU General Data Protection Regulation (GDPR) applies when we process personal data in the context of an EU establishment, or when we offer services to or monitor the behavior of individuals in the EU. Simply storing data in the EU does not by itself subject a U.S. controller to the GDPR. Because EU residents may interact with our service and because we maintain an EU representative, this Policy includes GDPR disclosures and rights for EU/EEA users
Storage location. We currently store core data in the EU (e.g., Google Cloud/Firebase). Storage location alone does not change which privacy regime applies to the controller. When GDPR applies, any cross-border transfers to providers outside the EU occur under Standard Contractual Clauses and other safeguards, as described below.
3. Types of Data Collected
Data Provided Directly by Users
- First and last name, email address, phone number
- Profile photo
- Identity document and driver’s license (for manual verification)
- Vehicle type and license plate (for drivers only)
- Payment method (processed via Stripe)
- Feedback and ratings given or received (driver and passenger)
- One-to-one chat messages between driver and passenger
- Notification preferences and push token
Data Collected Automatically
- Geolocation data (Google Maps) – collected only for drivers, only once at ride start and end to confirm proximity
- Ride history (trips booked and completed)
Data Not Collected
RIDEMATE does not:
- Track continuous location throughout the ride
- Store route preferences
- Collect or verify vehicle insurance (drivers self-declare validity)
4. Purpose of Processing
RIDEMATE processes Personal Data to:
- Provide and manage ride-sharing services (matching, booking, payments)
- Verify user and driver identity (manually)
- Enable direct communication between driver and passenger
- Send operational push notifications
- Verify driver’s proximity at start and end of ride
- Handle payments and refunds via Stripe
- Manage feedback and ratings
- Ensure platform security and prevent fraud
- Provide customer support and dispute resolution
5. Legal Bases for Processing (GDPR Art. 6)
- Performance of a contract – to deliver the RIDEMATE service
- Legal obligation – for tax and payment record keeping
- User consent – for geolocation (start/end only) and push notifications
- Legitimate interest – to maintain security and manage ratings and disputes
6. Data Processing and Security
Processing is performed by automated and manual means using appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, loss or destruction.
7. Storage and International Transfers
RIDEMATE stores data primarily within the European Union using Google Firebase (Cloud Platform) with EU-based storage.
Some providers (e.g. Stripe, SendGrid, Google LLC) may process data in the United States.Such transfers rely on the European Commission’s Standard Contractual Clauses (SCCs) and supplementary safeguards ensuring adequate protection.
8. Third-Party Service Providers
Service
Provider
Purpose
Data Location
Google Maps Platform
Google LLC
Geolocation (start/end check only)
USA
Firebase (Cloud & Push)
Google LLC
Cloud hosting, authentication, push notifications
EU storage / USA processing*
Stripe Payments
Stripe Payments Europe Ltd / Stripe Inc.
Payment processing and refunds
EU / USA*
SendGrid Email API
Twilio Inc.
Transactional email delivery
USA
*Transfers under SCCs and adequate safeguards.
9. Data Retention Periods
Category
Data
Legal Basis
Retention
Driver geolocation (start/end only)
Approx. location data
Consent
30 days after ride
Identity documents
ID and license scans
Legal obligation / Contrac
90 days post verification
Vehicle details
Type, license plate
Contract
While account is active
Ride history
Trip records
Contract / Legitimate interest
24 months
Chat (driver–passenger)
1:1 messages
Contract
12 months
Payments
Stripe transaction data
Legal obligation
10 years
Notifications
Device token
Consent
While enabled
User profile (photo, contacts)
Account data
Contract
Until account deletion
*Transfers under SCCs and adequate safeguards.
10. User Communications
In-app messaging is strictly one-to-one between driver and passenger of the same ride.RIDEMATE does not provide group chats or passenger-to-passenger messaging.Conversations are temporarily stored for support and dispute handling only.
11. User Rights (EU/EEA)
Users may exercise the following rights at any time:
- Access their data
- Request rectification or erasure
- Restrict or object to processing
- Withdraw consent (for geo/push data)
- Receive data in portable format
Requests: contact@ridemate.ai
EU residents may lodge a complaint with their national Data Protection Authority.
11A. Region-Specific Disclosures — U.S. State Privacy Laws (If and When Applicable)
Depending on your state of residence and whether statutory thresholds are met, you may have rights to: (a) access; (b) deletion; (c) correction; (d) portability; and (e) opt-out of targeted advertising, the “sale” of personal information, or certain profiling.
How to submit a request. You (or your authorized agent) may email contact@ridemate.ai. We will verify your identity and respond within the period required by applicable law. If we deny a request, you may appeal by replying “Appeal” to our response.
No selling/sharing for ads. Ride Mate does not sell personal information and does not engage in cross-context behavioral advertising. If this changes, we will provide required notices and opt-out mechanisms and will honor recognized browser/OS signals where required (for example, Global Privacy Control).
12. Cookies and Tracking
RIDEMATE uses only technical and functional cookies essential to operate the service (login, security, session management). For details see the Cookie Policy.
13. Minors
RIDEMATE is intended for users aged 16 and over.
14. Changes to this Policy
RIDEMATE may update this Privacy Policy from time to time.
Users will be notified via app message or email.
Continued use of the service after an update constitutes acceptance of the new Policy.
Users will be notified via app message or email.
Continued use of the service after an update constitutes acceptance of the new Policy.
Summary Table
Category
Data
Purpose
Basis
Retention
Geolocation (start/end only)
Approx. GPS of driver
Ride validation
Consent
30 days
Identity verification
ID + license
Legal verification
Legal obligation
90 days
Vehicle
Type + plate
Ride listing
Contract
Active account
Ride history
Trip records
Service & safety
Legitimate interest
24 months
Chat
1:1 messages
Ride coordination
Contract
12 months
Payments
Stripe records
Billing & compliance
Legal obligation
10 years
Ratings
Feedback & reviews
Reputation system
Legitimate interest
24 months
.webp)
Ready to ride?
Tap below to download RIDEMATE. Post or book your first ride in minutes.
Download App
.edu & ID-verified students • No surge pricing • Secure in-app payments
.webp)
