Privacy Policy

1. Information we collect

We collect only what's necessary to provide chauffeur-booked rides safely and reliably. This includes:

• Account details — name, email, phone number, and password (hashed).
• Location data — pickup and drop-off addresses, live GPS during active rides.
• Payment information — tokenised card references through our PCI-DSS compliant processors. We never store full card numbers.
• Ride history — fare amounts, routes, ratings, and notes you provide.
• Device data — browser type, IP address, and session cookies for security and diagnostics.

2. How we use your information

Your data powers the service — nothing more:

• Matching you with available chauffeurs and calculating accurate fares.
• Processing payments and issuing refunds when applicable.
• Sending booking confirmations, status updates, and receipts.
• Improving safety through fraud detection and anomaly monitoring.
• Analysing aggregate usage to improve our service (never tied to identifiable individuals).

3. Sharing your data

We share limited information only when necessary:

• Your chauffeur — receives your name, pickup/drop-off, and phone (so they can reach you if needed).
• Payment processors — Stripe and Square handle card transactions; they never receive your ride data.
• Service providers — email (SMTP) and SMS (Twilio) partners, under strict data-handling agreements.
• Legal compliance — when required by valid legal process or to protect rider and chauffeur safety.

We do not sell your personal information to third parties.

4. Your rights

Every Road2Sky rider, regardless of state, can at any time:

• Request a copy of the personal data we hold about you.
• Correct or update inaccurate information in your account.
• Delete your account and associated personal data (subject to legal retention requirements).
• Opt out of marketing communications via email unsubscribe or phone contact.

State-specific rights. Depending on where you live, you may have additional rights under your state's privacy law:

• Georgia (our home state): Georgia does not yet have a comprehensive consumer privacy statute, so the rights above — granted to all our riders — and applicable federal protections govern by default.
• New Jersey: Under the New Jersey Data Privacy Act (effective 2025), NJ residents may confirm processing, access, correct, delete, port, and opt out of targeted advertising or sale of their personal data.
• New York: Under the New York SHIELD Act, NY residents are entitled to reasonable security safeguards and timely breach notification. We follow both.
• California: California residents have rights under the CCPA / CPRA — see our State Privacy Rights page.

5. How we protect your data

We use industry-standard safeguards: TLS 1.3 encryption in transit, encrypted storage at rest, regular security audits, and role-based access controls. Card data never touches our servers — it's tokenised directly by our PCI-DSS compliant payment processors.

6. Cookies & tracking

We use cookies for essential functionality (authentication, session), and — with your permission — for functional, analytics, and marketing purposes. You can manage your preferences at any time via the Cookie Preferences link in the footer, or in your browser settings.

7. Contact us

Questions about this policy or want to exercise your rights? Reach out to our privacy team:

• Email: privacy@road2sky.com
• Phone: 1-800-CAR-RENT
• Mail: Road2Sky Privacy Office, Atlanta, Georgia, USA — full mailing address available on request via the email above.

We currently operate in Atlanta, Georgia, with planned expansion to Newark, NJ and New York City, NY. This policy applies to riders and drivers in our service areas. Where a state-specific law — for example the New Jersey Data Privacy Act, the New York SHIELD Act, or the California CCPA/CPRA — grants stronger rights to residents of that state, that law controls in their favour.

We respond to privacy requests within 30 days.