Rovyo
Legal

GDPR · DPDP · CCPA

Rovyo is built to satisfy the strictest privacy rule across every jurisdiction it operates in. Here is what that means for you.

EU users · GDPR

We act as the data controller for personal data we process in connection with your Rovyo account. The lawful bases we rely on are consent (for location processing and marketing communications) and contract performance (to deliver the service you signed up for).

Your rights:

  • Access: receive a copy of your personal data.
  • Rectification: correct inaccurate data.
  • Erasure: delete your account and all associated data.
  • Portability: receive your data in a machine-readable format.
  • Restriction and objection: limit how we use your data.
  • Withdraw consent at any time.
  • Lodge a complaint with your local data protection authority.

Exercise any right in Settings → Privacy in the app, or email privacy@rovyo.app. We respond within 30 days.

India users · DPDP Act

We respect your rights under the Digital Personal Data Protection Act, 2023, including the right to access, correct, and erase your data, and to nominate a representative.

Grievance officer: grievance@rovyo.app. We acknowledge complaints within 24 hours and respond within 30 days.

California users · CCPA / CPRA

California residents have additional rights:

  • Right to know what personal information we collect and how it is used.
  • Right to delete personal information.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing. Rovyo does not sell or share your personal information for cross-context behavioural advertising. The opt-out is offered as a compliance courtesy.
  • Right to non-discrimination for exercising your rights.

Submit a verifiable request at privacy@rovyo.app.

Common questions

Will deleting my account remove me from all rides?

Yes. You are removed from active rides, your historic ride entries are anonymised, and your personal data is hard-deleted within 30 days of your request.

How long do you keep audit logs?

Security audit logs are retained for 12 months for fraud prevention. They contain account IDs and event types, never raw location.

Do you process special category data?

Location data is sensitive but not "special category" under GDPR. We do not process health, biometric, religious, or political data.

Contact

Data protection officer: dpo@rovyo.app. EU representative: eu-rep@rovyo.app.