Privacy Policy
This policy explains what data Truvo collects, why we collect it, and how you can control it.
01 Data We Collect
1.1 Information you provide
- Name, surname
- Email address
- Password (hashed)
- Profile photo
- Trip details
- Messages
- Bank account IBAN (optional)
1.2 Automatically collected data
- Device and OS information
- IP address
- In-app behavior
- Payment confirmations (via Stripe)o
We do not store full card numbers.
1.3 No GPS Tracking (Currently)
We do not collect live GPS location.
02 Why We Use Your Data
- Create and manage your account
- Allow Drivers and Riders to find each other
- Enable messaging
- Process payments via Stripe
- Improve security and prevent abuse
- Comply with law enforcement requests
- Prepare future identity verification features
03 Legal Basis (GDPR)
- Contract performance
- Legitimate interests
- Consent
- Legal obligations
04 Data Sharing
- Stripe for payments
- Service providers, such as hosting partners
- Law enforcement when required
We do not sell your data.
05 Messages & Safety
Messages are not end-to-end encrypted so we can:
- Detect misuse
- Respond to safety concerns
- Cooperate with law enforcement
06 Data Security
6.1 Security Measures
We take the security of your personal data seriously and implement appropriate technical measures to protect it:
- Encryption: All data, including bank account information, is encrypted at rest in our database (Google Cloud Firestore)
- Passwords: User passwords are hashed and never stored in plain text
- Secure transmission: Data is transmitted over secure HTTPS connections
- Access controls: Limited access to user data on a need-to-know basis
6.2 Third-Party Services
We use trusted third-party services that comply with industry security standards:
- Google Cloud Firestore: Data storage (encrypted at rest)
- Stripe: Mokėjimų apdorojimui (atitinka PCI-DSS standartą)
6.3 Your Responsibility
Please keep your account credentials secure. We will never ask for your password via email or message.
6.4 Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities as required by GDPR.
07 Data Retention
We store your personal data while your account is active.
When you delete your account:
- Your account access is permanently removed
- Your profile becomes anonymized
For legal, safety, and fraud-prevention purposes, we may retain certain personal data for up to 12 months after account deletion in a restricted, non-user-accessible system.
This retained data is:
- Not accessible to other users
- Not used to restore your account
- Accessed only by authorized personnel or when legally required
After the retention period expires, the data is permanently deleted.
08 Your Rights
- Access your data
- Correct data
- Delete account
- Restrict processing
- Request a portable copy
09 Children
The Platform is not intended for those under 18.
10 Changes to This Policy
We may update this Policy at any time.
We will notify users through email or in-app notifications.