1. Introduction
Vamp Mobility, Inc. ("Vamp," "we," "us," or "our") is committed to protecting your privacy and being transparent about how we collect, use, and share your personal information. This Privacy Policy applies to all users of our services, including passengers and drivers, and covers our website, mobile applications, and related services (collectively, the "Services").
By using our Services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we will obtain your affirmative consent before engaging in processing activities that require it, such as the use of sensitive personal information or the sale or sharing of your data for targeted advertising.
2. Information We Collect
We collect information to provide our Services, ensure safety, comply with the law, and improve our platform.
2.1 Information You Provide Directly
- Account Information: Name, email address, phone number, profile photo, and payment details when you create an account.
- Selfies / Face Data: If a selfie is taken for account verification, only image-quality attributes (like head pose, blur, exposure) are processed. No biometric templates, faceprints, or facial recognition data is stored.
- Identity Verification (Drivers): Driver's license, vehicle info, insurance documents, and background check details.
- Ride Information: Pickup/drop-off locations, ride preferences, waypoints, and special requests.
- Communications: Messages, feedback, and support requests you send to us.
2.2 Information Collected Automatically
- Location Data: GPS coordinates, IP address, and WiFi access points when using the app.
- Device Information: Device type, operating system, app version, unique identifiers, and mobile network info.
- Usage Data: Pages viewed, features used, crash reports, and app interactions.
- Transaction Data: Ride history, payment transactions, promotional code usage, and refunds.
- Sensor / Vehicle Data: Only if applicable with notice and consent; our app does not process AI safety data from sensors unless explicitly implemented.
2.3 Information From Third Parties
- Payment processors and financial institutions (e.g., Stripe)
- Background check providers
- Mapping/navigation services
- Marketing and analytics providers, only with consent
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide Services
- Match passengers with drivers
- Process payments and refunds
- Enable ride scheduling, tracking, and operational features
- Customer support and dispute resolution
- Safety and Security
- Verify identities (including selfie validation)
- Conduct background checks for drivers
- Monitor rides for safety incidents and fraud prevention
- Enforce Terms of Service and community standards
- AI and Automation
- Support AI-driven safety monitoring and deterministic dispatch (no in-app AI training on passenger data)
- Improve service quality using aggregate data, not personally identifiable information
- Communications
- Send ride receipts, service updates, and promotional offers (only if opted in)
- Respond to inquiries and support requests
- Service Improvement
- Analyze usage patterns and app performance
- Conduct research, develop new features, and optimize our platform
- Legal Compliance: Comply with laws, regulations, and legal requests.
- Marketing (Optional / Opt-in)
- Personalize experience and send promotional communications
- Only with your consent or where permitted by law
4. How We Share Your Information
We do not sell your personal information. We do not share your personal information for targeted advertising purposes without your consent. Information may be disclosed where required by law or legal process, or shared as follows:
4.1 With Other Users
Limited to facilitate rides (name, profile photo, vehicle info, masked contact info).
4.2 With Service Providers
- Payment processors (e.g., Stripe)
- Background check and identity verification providers
- Cloud storage providers (e.g., DigitalOcean, Azure)
- Push notification services (e.g., Firebase, Twilio)
- Mapping/navigation providers (e.g., Google Maps)
- Marketing and analytics providers, only after consent
4.3 Legal and Safety Reasons
- To comply with law or government requests
- To prevent fraud or enforce rights
4.4 With Your Consent
When you explicitly allow sharing with friends, third-party apps, or partners.
4.5 Business Transfers
In mergers, acquisitions, or sales of assets, personal information may be transferred to the new entity.
4.6 Advertising Partners
Only if you consent; you have the right to opt out of targeted advertising.
5. Your Privacy Rights and Choices
Depending on your state of residence, you may have the following rights regarding your personal information:
- Access – Request a copy of the personal information we have about you.
- Correction – Request that we correct inaccurate information.
- Deletion – Request deletion of your personal information, subject to exceptions for legal, safety, or operational reasons.
- Opt-Out of Sale or Sharing – If applicable under your state law, opt out of any sale or sharing of personal information for targeted advertising.
- Marketing Preferences – Unsubscribe from promotional emails, push notifications, and other marketing communications.
- Location Data – Control location permissions through your device settings.
- Data Portability – Request a copy of your information in a machine-readable, portable format.
To exercise these rights, contact us via:
Email: digital@vamp.app
In-App: Account settings or support portal
Right to Appeal: If we deny your request to exercise any of the rights described above, you may appeal our decision by contacting us at digital@vamp.app with the subject line "Privacy Rights Appeal." We will review your appeal and respond within 45 days of receipt. If your appeal is denied, you may have the right to submit a complaint to your state's attorney general or applicable data protection authority.
Texas Residents
Under the Texas Data Privacy and Security Act (TDPSA), residents of Texas have the right to request access to, correction of, or deletion of their personal information, and to opt out of certain uses of their data. To exercise these rights, please contact us at digital@vamp.app or through your account settings. We will respond in accordance with applicable law.
Note: Some rights may vary depending on your state (e.g., California, Virginia, Colorado, Connecticut, and other U.S. states with privacy laws). We strive to comply with all applicable privacy regulations.
6. Data Retention
We retain personal information for as long as necessary to provide services, comply with legal obligations, and enforce agreements. Specific retention periods include:
| Data Type | Location / Storage | Retention Notes |
|---|
| User Profiles & Account Info | MongoDB | Tombstoned after deletion job (~30-day automated job; reconciles with policy statement of up to 90 days) |
| Saved Addresses | MongoDB | Cleared on deletion |
| Trips | MongoDB | Indefinite |
| Pickup / Drop / Route Data | MongoDB trips | Indefinite; not deleted on user deletion |
| In-Trip Chat | MongoDB | Cleared on user deletion; otherwise indefinite |
| Support Conversations | MongoDB | Messages anonymized upon deletion; body retained |
| Payment Methods | MongoDB + Stripe | Removed on user deletion |
| Transactions | MongoDB | Indefinite; userId may remain after deletion |
| Driver Documents | MongoDB + Spaces | Indefinite; not cleared by user deletion job |
| Notifications | MongoDB | 30-day TTL |
| Share Sessions / Live Links | MongoDB | 24-hour TTL |
| Live GPS | Redis | ~90 seconds active |
| Order Tracking / Session Data | Redis | 24 hours / ~90 days for session tokens |
| Server Access Logs | Infrastructure | Retention varies by logging system (outside app control) |
7. Account Deletion Process
- Deletion requests trigger a scheduled job within 30 days, plus up to 24 hours for processing.
- Some data is not fully removed due to operational or legal requirements (e.g., trip addresses, transaction records).
- Support conversation sender IDs and account identifiers are anonymized; message content may remain.
- Profile photos (including selfies used for face validation) are deleted or anonymized within the retention period.
8. Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to improve your experience, analyze usage, and personalize content.
Types of Cookies/Tracking:
- Essential Cookies – Required for basic site and app functionality (e.g., session management).
- Analytics Cookies – Used for site performance, traffic analysis, and product usage metrics. Example: Google Analytics (loaded only after consent).
- Advertising / Targeting Cookies – Used to show relevant advertisements. Example: Meta Pixel (loaded only after consent).
Consent Management:
- Our website displays a cookie banner.
- Users can Accept All or Decline cookies.
- Declining prevents Meta Pixel and Google Analytics scripts from running.
- Cookie preferences can be updated via browser settings or in-app options.
9. Security Measures
- Encryption of sensitive data in transit (HTTPS / TLS).
- Access controls and authentication for systems storing personal information.
- Regular monitoring and audits of security practices.
- Policies and training for employees handling personal data.
Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, absolute security cannot be guaranteed.
Data Breach Notification: In the event of a security breach involving your personal information, we will notify affected users and, where required, applicable regulatory authorities, in accordance with applicable state and federal law. Notification will be provided in the most expedient time possible and without unreasonable delay, and in any event within the timeframes required by applicable law. We will describe the nature of the breach, the categories of information affected, and the steps we are taking to address the breach and mitigate harm.
10. Children's Privacy
- Our services are not intended for individuals under 18.
- We do not knowingly collect personal information from children.
- If we learn that we have collected such information, we will take steps to delete it promptly.
11. International Data Transfers
Information may be transferred to and processed in countries outside the U.S. We take appropriate safeguards to ensure continued protection of personal information in cross-border transfers, including through the use of Standard Contractual Clauses (SCCs) or equivalent data transfer mechanisms, and data processing agreements with third-party service providers.
12. Updates to This Privacy Policy
- We may update this Privacy Policy periodically.
- Material changes will be posted on our website and in the app, with the "Last Updated" date revised.
- Continued use of our Services after changes constitutes acceptance of the updated policy.
13. State-Specific Rights (Proactive Coverage for U.S.)
California (CCPA / CPRA)
Right to know, access, correct, delete, and data portability. Right to opt-out of the sale or sharing of personal information. Right to limit the use and disclosure of sensitive personal information (including precise geolocation data). Right to non-discrimination for exercising privacy rights. To exercise these rights, contact us at digital@vamp.app.
Virginia, Colorado, Connecticut, Texas, and Other States
Residents may have similar rights regarding access, deletion, and opt-out of targeted advertising.
Note: Rights may vary depending on your state. Contact us for details or to exercise your rights.
14. Contact Information
If you have questions or concerns about this Privacy Policy or our data practices:
Vamp Mobility, Inc.
Email: digital@vamp.app
Support: Available 24/7 via the Vamp app