Privacy Policy

UrbanRyde (“we,” “us,” or “our”) operates a ride-hailing platform connecting passengers with independent riders in Nigeria. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the UrbanRyde mobile application and website (collectively, the “Service”).

By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

This policy complies with the Nigeria Data Protection Regulation (NDPR) 2019 and its Implementation Framework issued by the National Information Technology Development Agency (NITDA).

We use the information we collect to:

• Create and manage your account — authenticate you and maintain your profile
• Provide the ride service — match passengers with nearby riders, calculate fares, facilitate pickup and dropoff
• Process payments — top up your wallet, hold funds in escrow during rides, release payments to riders, process refunds and withdrawals
• Verify rider identity — review documents to confirm identity, vehicle eligibility, and licence validity before approving drivers
• Enable real-time communication — share rider location with the assigned passenger during a trip, deliver status updates
• Send notifications — push notifications and emails for ride updates, account status, security codes, and payment events
• Prevent fraud — monitor withdrawal patterns, detect suspicious activity, and protect users from financial harm
• Resolve disputes and support — investigate reports, respond to support tickets, and take corrective action
• Maintain legal and financial records — retain transaction records as required by applicable Nigerian law
• Monitor service health — use Sentry error tracking to identify and fix application issues
• Comply with legal obligations — respond to lawful requests from regulatory authorities

Location is central to the ride-hailing service. Specifically:

• Passengers grant foreground location access so we can identify their position for ride booking
• Riders grant foreground and background location access so real-time tracking can continue throughout a trip
• Rider GPS coordinates are streamed to the matched passenger during an active ride only and are not shared with any other party
• Last known rider coordinates are stored in our database to improve matching speed
• Pickup and dropoff coordinates for all completed rides are retained as part of the trip record

We send push notifications for:

• Ride status changes (accepted, rider arriving, ride started, ride completed, ride cancelled)
• Wallet and earnings events (funds credited, withdrawal processed, withdrawal approved or rejected)
• Account and security events (account suspended or reinstated, rider application approved or rejected)
• Security codes (withdrawal OTPs, valid for 5 minutes)

All payment processing is handled by Paystack, a licensed Nigerian payment service provider. When you add funds to your wallet or when we pay out rider earnings:

• Card and bank details entered during top-up are processed directly by Paystack and are not stored on our servers
• For bank payouts, we verify your account details via Paystack’s account resolution service before storing them
• A Paystack recipient code is created for each verified bank account to facilitate future transfers
• Paystack’s privacy policy governs their handling of your payment data

Our wallet system holds customer funds in escrow during active rides to protect both parties. Funds are released to riders after trip completion minus the platform commission.

We share data with the following third parties strictly to provide the Service:

• Active accounts: Data is retained for as long as your account is active
• Transaction records: Ride history, payment records, and withdrawal records are retained for a minimum of 7 years to comply with Nigerian financial and accounting regulations
• Deleted accounts: Personal identifiers (name, email, phone, photos, bank details) are anonymised within 30 days of a deletion request. The anonymised user record is retained solely to preserve the integrity of financial and ride records
• Notifications: Deleted at the time of account deletion processing
• Fraud logs: Retained for the period necessary to investigate and resolve flagged activity

You may request deletion of your account from within the app (Profile → Delete Account). The process works as follows:

• Your account is scheduled for deletion 30 days from the date of your request
• You will receive a confirmation email with the scheduled deletion date
• During the 30-day period, you may cancel the deletion by signing back in to the app
• After 30 days, your personal data is anonymised and your authentication account is permanently deleted
• Deletion will be blocked if you have an active ride in progress or a pending withdrawal

Under the Nigeria Data Protection Regulation, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate information via your profile settings
• Request deletion of your personal data (subject to legal retention obligations)
• Object to certain processing activities
• Lodge a complaint with NITDA if you believe your rights have been violated

We protect your data using:

• HTTPS/TLS encryption for all data in transit
• Encrypted database storage (Neon PostgreSQL)
• Bcrypt hashing for withdrawal PINs and OTPs — raw values are never stored
• Account lockout after 5 failed PIN attempts (30-minute lockout)
• OTP invalidation after 3 failed attempts or 5 minutes, whichever comes first
• Fraud detection monitoring for unusual withdrawal patterns
• 24-hour security cooldown after bank account changes

UrbanRyde is not intended for persons under the age of 18. We do not knowingly collect data from minors. If we become aware that a minor has created an account, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Service after the effective date constitutes acceptance of the revised policy.