Privacy Policy

Last updated: 11 May 2026

1. Who we are

"Cholo Sathi" ("we", "us", "our") operates the cholosathi.com website and the Cholo Sathi mobile applications for riders and driver-partners. We are the data controller for the personal information described in this Policy.

2. Information we collect

2.1 Information you give us

• Account details: name, mobile phone number (verified by OTP), email address (if you sign in with Google).
• Driver-partner KYC: driving licence, vehicle registration certificate, vehicle photos, insurance and permit details where applicable.
• Profile preferences: home address, frequently-run routes, vehicle type preferences, language.
• Communications: support requests, feedback, and reports you send us.
• Reviews and ratings (riders): star rating (1–5) and optional comment you post on a driver-partner's public profile. Each published review shows your display name and the date — these are visible to anyone viewing that driver-partner's profile.
• Reports (driver-partners): if you report a review left on your profile, we record the report reason and an optional note so our team can moderate fairly.

2.2 Information we collect automatically

• Device information: device model, OS version, app version, locale, push-notification token.
• Usage data: screens viewed, features used, search queries, and error logs. We do not track your trips through the Platform; the Platform does not monitor your in-trip location.
• Location (driver-partners only, when "online"): your approximate location, used to match nearby leads while you are explicitly online. Location collection stops when you go offline.

2.3 Information from third parties

• Google sign-in: if you sign in with Google, we receive your name and email address from Google. We do not receive your Google password.
• Maps services: we use Google Maps APIs to render maps and resolve addresses. Map interactions are subject to Google's privacy policy.

3. How we use your information

• Create and maintain your account; verify your identity.
• Facilitate the marketplace — show driver-partner listings to riders, and show relevant leads to driver-partners, based on routes and corridors.
• Send transactional communications (OTPs, account notices, subscription receipts) and push notifications you have enabled.
• Detect, prevent, and investigate fraud, abuse, and unsafe conduct.
• Improve the Platform — debug issues, measure feature usage, plan improvements.
• Comply with legal obligations and respond to lawful requests.

4. Sharing your information

We share personal information only in the limited ways described below. We do not sell your personal information.

• With other users (by design): when a rider views a driver-partner's listing, the driver-partner's name, vehicle details, and phone number are shown so the rider can contact them directly. This is the core purpose of the marketplace. Riders' phone numbers are revealed to driver-partners only when the rider initiates contact.
• Public reviews: reviews you post on a driver-partner's profile are public — your display name, the star rating, the optional comment, and the date are visible to everyone who views that profile. Do not include personal information you would not want to be public. You can edit or delete your review at any time from the driver's profile.
• Service providers: hosting (Amazon Web Services), database services, push notifications (Firebase Cloud Messaging), SMS (our OTP provider), and analytics. They process data on our behalf under contractual safeguards.
• Legal: when required by law, court order, or to protect rights, safety, or property.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate safeguards.

5. Storage and security

Personal information is stored on secured servers operated by our cloud providers, primarily in the Asia-Pacific region. We use encryption in transit (HTTPS) and at rest where appropriate, role-based access controls, and audit logging. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

6. Data retention

We retain personal information for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements. KYC documents are retained for the period required by applicable law. When data is no longer needed, we delete or anonymise it.

7. Your rights

Subject to applicable law, you may:

• Access and review the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your account and associated data.
• Withdraw consent for processing, where consent is the legal basis.
• Lodge a complaint with the appropriate data protection authority.

To exercise these rights, email support@cholosathi.com. We may need to verify your identity before responding.

8. Cookies and similar technologies

Our website uses essential cookies and local storage to remember your session and preferences. We do not currently use third-party advertising cookies on the marketing website.

9. Children

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will delete it.

10. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date above will reflect the most recent revision. Material changes will be communicated in-app or by email where appropriate.

11. Grievance officer

In accordance with the Information Technology Act, 2000 and applicable rules in India, the contact details of the Grievance Officer are:

• Name: [To be appointed]
• Email: support@cholosathi.com
• Response time: we aim to acknowledge complaints within 48 hours and resolve them within 30 days.

12. Contact us

Questions about this Privacy Policy or our data practices? Email support@cholosathi.com.