Effective Date: 1 March 2026
POPIA Compliant
This policy is drafted in accordance with the Protection of Personal Information Act, 2013 (POPIA) of the Republic of South Africa.
RydeSafe ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we store it, and your rights as a data subject under POPIA.
Information We Collect
Personal Information
- •Phone number - collected via Firebase Authentication for identity verification. This is your primary account identifier.
- •Email address (optional) - provided by you for billing receipts and subscription communications.
Location Data
We may process your GPS coordinates when you explicitly use location-based features, such as "High-Risk Zone" alerts or incident location tagging. Location data is never collected in the background - it is only accessed when you actively use a location feature and grant permission.
Screenshots & OCR Data
When you upload an e-hailing screenshot, our AI-powered OCR extracts structured data including the vehicle license plate, vehicle make/model, and trip details. We do not permanently store driver names. Uploaded images are stored securely on Firebase Cloud Storage and are used solely for report verification.
Safety Reports
Reports you submit (vehicle plate, safety category, optional comments) are stored in our database and displayed anonymously to other users. Your identity is never linked to your reports publicly.
Device & Usage Data
We may collect non-identifying device information (device type, browser, operating system) and usage statistics (search count, report count) for service improvement and abuse prevention.
Purpose of Processing
We process your personal information for the following specific, lawful purposes:
To verify your identity and prevent fraudulent accounts.
To match vehicle details against our crowdsourced safety database and provide safety insights.
To verify the authenticity of safety reports via OCR receipt matching.
To send you push notifications about safety alerts in your area (with your explicit consent).
To process subscription payments and send billing communications.
To improve our OCR accuracy and AI algorithms through aggregated, anonymised data analysis.
To comply with South African law and respond to lawful requests from authorities.
Lawful Basis for Processing
Under POPIA Section 11, we rely on the following conditions for processing:
- •Consent - You consent to data processing when you create an account, submit a report, or enable location/notification features.
- •Contractual necessity - Processing is required to deliver the Service you have subscribed to.
- •Legitimate interest - Aggregate safety analysis and fraud prevention serve a legitimate purpose that does not override your rights.
Data Security
We implement robust technical and organisational measures to protect your data:
- •All data is transmitted over TLS/HTTPS encryption.
- •Data is stored on Google Firebase infrastructure with encryption at rest and in transit.
- •Payment processing is handled by PayFast, a PCI-DSS compliant payment gateway. We never store your card details.
- •Safety reports are displayed anonymously. Your phone number and identity are never shared with other users or with drivers.
- •Access to personal data is restricted to authorised personnel on a need-to-know basis.
Third-Party Services
We use the following third-party service providers to operate the platform:
| Provider | Purpose |
|---|---|
| Google Firebase | Authentication, database, cloud storage, push notifications |
| PayFast | Payment processing (PCI-DSS compliant) |
| Resend | Transactional email delivery (billing receipts, alerts) |
| Google AI | OCR and screenshot analysis (no personal data retained) |
We do not sell, rent, or trade your personal information to any third party. Data shared with the above providers is strictly limited to what is necessary to deliver the Service.
Data Retention
- •Account data is retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
- •Safety reports are retained indefinitely to maintain the integrity of the community safety database. Anonymised reports may persist after account deletion.
- •Uploaded screenshots are retained for up to 90 days for verification purposes, then automatically deleted.
- •Billing records are retained for 5 years in compliance with South African tax legislation.
Your Rights Under POPIA
As a data subject, you have the right to:
Request confirmation of what personal data we hold about you and obtain a copy.
Request correction of inaccurate or incomplete personal information.
Request deletion of your personal data, subject to legal retention requirements.
Object to the processing of your personal information on reasonable grounds.
Withdraw your consent to processing at any time (this does not affect the lawfulness of processing before withdrawal).
Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been infringed.
To exercise any of these rights, contact our Information Officer at info@rydesafe.co.za. We will respond within 30 days as required by POPIA.
Children's Privacy
RydeSafe is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us immediately and we will take steps to delete such information.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via push notification or email. Continued use of the Service after changes are published constitutes acceptance of the revised policy.
Information Officer
Information Regulator (South Africa)
Complaints can be filed at: inforegulator.org.za