Legal & Transparency

Privacy Policy

CoRide is operated by NSO Services Pvt Ltd. We are committed to protecting your data while building India's most trusted peer-to-peer ride-sharing community.

Last Update: 15 May, 2026  ·  Effective for all users

Platform Overview

CoRide is operated by NSO Services Pvt Ltd, a company registered in India. CoRide is a shared mobility platform built in India, designed to make daily commutes more affordable and sustainable. Our platform connects people heading in the same direction—allowing them to share car rides or bike rides and split the cost.

Unlike traditional taxi services, CoRide is built around community-driven travel, not commercial transport. CoRide is a technology platform that enables peer-to-peer ride sharing and does not operate as a commercial transport service. CoRide acts solely as an intermediary platform and does not control or guarantee the behavior of users.

When you install and use the CoRide app, you are engaging with a service operated by CoRide (hereafter referred to as "CoRide," "we," "our," or "us"). This Privacy Policy governs how we handle data across our Android application, website, and all related digital touchpoints.

Scope of This Policy

  • This policy applies to every person who uses CoRide — whether you are booking a ride as a passenger, offering a ride as a driver, or simply browsing our website.
  • It covers: What categories of data we gather and why; How that data moves within and outside CoRide; How long we hold onto it; The rights you hold over your own data; How to reach us with concerns or deletion requests.
  • Using CoRide means you have read and accepted the practices described here. If anything in this document raises concerns for you, we encourage you to reach out before continuing use.

2.1 Registration & Profile Details

  • When you create a CoRide account, we ask for the basics needed to identify you on the platform:
  • Your full name
  • A valid mobile number and email address for account access and ride notifications.
  • Date of birth — used strictly to confirm you meet our minimum age requirement of 18 years

2.2 Driver-Specific Verification Data

  • Drivers on CoRide undergo an additional verification step to ensure passenger safety. For this we collect:
  • Photo ID: A copy of a government-issued photo ID (Aadhaar card, passport, or voter ID)
  • Licence: Driving licence number and expiry date
  • Vehicle: Vehicle registration certificate and vehicle type (car or bike)
  • Details: Vehicle colour and model — displayed to passengers at pickup
  • This data is reviewed by our trust and safety team and stored securely. It is never displayed publicly.

2.3 Location Data (Google Play Requirement)

  • Foreground Location: Collected while you are actively using the CoRide app. Purpose: Finding nearby rides, calculating routes, and showing real-time navigation.
  • Background Location: Background location is accessed ONLY during an active ride and is strictly required for live tracking and safety. It is never used when the app is idle or closed.
  • Background Purpose: Keeping the live ride map updated for both driver and passenger is a core safety feature. Background location is NOT used for advertising, profiling, or any purpose unrelated to active rides. Background location is essential for real-time ride tracking, safety monitoring, and emergency support during an active ride.
  • Consent: By granting permissions within the app, you provide explicit consent for the collection and processing of your personal data as described in this Privacy Policy.
  • Control: You may revoke location access via: Phone Settings > Apps > CoRide > Permissions > Location. Note: Revoking location access will prevent the core ride-matching feature from working.
  • Pickup & Drop Coordinates: Stored as part of your ride record for trip history and dispute resolution.
  • Approximate Location: Used on the home screen to suggest rides near you, even before a booking.

2.4 Ride & Transaction Records

  • Details: Origin, destination, route taken, distance, and duration of each ride.
  • Payments: Ride fare, payment method category (UPI, card, wallet), and transaction reference number.
  • Feedback: Ratings and text reviews exchanged between riders and drivers after rides.
  • Security: CoRide does not store card numbers, CVV codes, or full bank account details. All payment data is tokenised and handled by our PCI-DSS compliant payment partner.

2.5 Device & App Diagnostics

  • Technical Details: Device model, Android OS version, and a unique device identifier.
  • Stability: App version in use and details of any crashes or errors encountered.
  • Connectivity: Network connection type (Wi-Fi / mobile data) and IP address.
  • Notifications: Firebase push token — used only to deliver ride-related notifications to your device.

2.6 In-App Communication

  • Chat: Messages sent between a rider and driver through CoRide's built-in chat before or during a ride.
  • Tickets: Support tickets and complaint messages submitted to our help centre.
  • Monitoring: We do not routinely monitor chat messages. However, CoRide may review conversations when required to investigate safety concerns, disputes, fraud, or legal obligations.

Why We Process Your Data

  • Ride Matching: Your location and travel preferences are used to suggest the most relevant rides nearby.
  • Live Tracking: GPS coordinates are streamed between driver and passenger while a ride is active — for navigation accuracy and mutual safety.
  • Account Verification: Name, phone, and email are needed to create a verified identity and prevent duplicate or fake accounts.
  • Driver Onboarding: ID and licence details allow our team to confirm that drivers meet legal and safety requirements before they can offer rides.
  • Fare Calculation & Payments: Route data and ride distance determine the fare; payment details enable the transaction to complete.
  • Notifications: Your device token lets us push real-time ride alerts, booking confirmations, and safety updates.
  • Trust & Safety: Behavioural data and reports are reviewed to identify misuse, harassment, or fraudulent activity on the platform.
  • Platform Improvement: Aggregated, anonymized usage patterns help us identify friction points and improve the app experience.
  • Legal Compliance: Certain data is retained to meet obligations under Indian law, including the DPDP Act 2023 and financial record-keeping requirements.
  • Failure to provide certain personal data (such as location) may result in inability to use core features of the platform.
  • Data Fiduciary: For the purposes of the Digital Personal Data Protection Act, 2023, CoRide acts as the Data Fiduciary. We have appointed a Data Protection Officer responsible for overseeing compliance.
  • No Ad Profiling: CoRide does not use your data to build advertising profiles, serve targeted ads, or sell insights to marketers.
  • Account Monitoring: CoRide may monitor user activity to ensure platform safety and prevent misuse. We reserve the right to suspend or terminate accounts for fraud, abuse, or safety concerns.
  • Data Minimization: CoRide collects only the data that is necessary to provide and improve its services and does not collect excessive or unrelated personal information.

Legal Basis for Processing

  • Consent: When you provide permission for specific data processing activities such as location tracking.
  • Contractual Necessity: To provide core services such as ride matching, payments, and communication between users.
  • Legal Obligations: To comply with applicable Indian laws, including the Digital Personal Data Protection Act, 2023.
  • Legitimate Interests: To ensure platform safety, prevent fraud, and improve service performance.

How Your Data Is Shared

  • 5.1 Between Riders and Drivers: When a ride is confirmed, passengers receive the driver's first name, vehicle details, and in-app contact button. Drivers receive the passenger's first name and pickup location. All contact happens through CoRide's in-app channel before the driver accepts the ride.
  • 5.2 With Our Technology Partners: Google Maps (maps), Firebase (analytics/notifications), Razorpay (payments), AWS/Google Cloud (hosting), KYC Partner (verification). Every partner operates under a data processing agreement.
  • 5.3 When the Law Requires It: CoRide may disclose user data to government bodies, law enforcement, or courts when legally compelled to do so — for example, in response to a valid court order or investigation under Indian law.
  • 5.4 During a Business Transition: If CoRide undergoes a significant structural change — such as an acquisition, merger, or sale of assets — your data may be part of the transferred assets.

Cross-Border Data Transfers & Decisions

  • Transfers: Some service providers (cloud hosting, analytics, etc.) may process or store data outside India. We ensure that such data transfers are protected through appropriate safeguards and comply with applicable laws.
  • Automated Decision-Making: CoRide does not rely solely on automated decision-making processes that significantly affect users without human oversight.

Third-Party SDKs Integrated in CoRide

  • Google Maps SDK: Renders maps, routes, and live location overlays within the app.
  • Firebase Analytics & Crashlytics: Captures anonymised usage events and crash logs to help us fix issues faster.
  • Firebase Cloud Messaging (FCM): Delivers push notifications for ride confirmations and safety alerts.
  • Razorpay Android SDK: Handles the secure payment flow without exposing card data to CoRide's servers.
  • KYC Verification SDK: Captures and submits driver documents during the onboarding process only.
  • None of these SDKs are permitted by contract to use CoRide user data for advertising or profiling purposes beyond their stated function in the app.

Account & Data Deletion

  • Right to Delete: CoRide provides an in-app option to request permanent deletion of your account and associated data.
  • Alternative: Email info@nsocoride.com with the subject line: 'Permanent Account Deletion'.
  • Deleted Data: Profile, ride history, saved locations, payment method references, and all personal identifiers within 30 days of a confirmed request.
  • Retention: Transaction records required by Indian tax law (up to 7 years), and safety-related records tied to an open investigation (until resolved).

Data Retention Periods

  • Account & Profile Data: Active while your account exists; deleted within 30 days of a deletion request.
  • Ride History: Stored for 24 months from ride date, to support disputes and regulatory checks.
  • Payment & Transaction Records: Retained for 7 years in compliance with the Income Tax Act and GST regulations.
  • Driver Verification Documents: Kept for the duration of the driver's active status plus 2 years afterward.
  • In-App Chat Logs: Stored for 6 months; deleted after unless flagged for an active safety review.
  • Crash & Diagnostic Logs: Auto-purged after 90 days.

Security Measures We Have in Place

  • Encryption: All data moving between your device and our servers is encrypted using TLS 1.2 or higher. Sensitive stored data (IDs, documents) is encrypted at rest using AES-256.
  • Access Control: Internal access to user data is governed by role-based permissions — staff see only what their role requires.
  • Infrastructure: Our infrastructure undergoes regular third-party security assessments. Admin accounts are protected with multi-factor authentication.
  • Incident Response: A dedicated incident response process is in place to handle any suspected data breach within 72 hours.
  • Safety Disclaimer: While we implement strong security, no system can be guaranteed 100% secure. CoRide does not assume liability for acts, omissions, or incidents occurring during rides between users.

Your Data Rights

  • See Your Data: Ask for a summary of the personal information CoRide holds about you.
  • Fix Incorrect Data: Request corrections if any stored information is wrong or outdated.
  • Delete Everything: Request full deletion of your account and data at any point.
  • Portability: Request an export of your data in a common machine-readable format.
  • Stop Marketing: Turn off promotional notifications via App Settings > Notifications > Marketing.
  • Withdraw Consent: Where we rely on your consent to process data, you can withdraw it without penalty. Withdrawal may result in partial or complete loss of access to CoRide services.
  • Request Process: Submit any of the above requests to info@nsocoride.com. We acknowledge all requests within 5 business days and aim to complete them within 30 days (up to 45 days for complex cases).

Children and Age Restrictions

  • CoRide is designed exclusively for adults aged 18 and above. We do not knowingly collect, store, or process data from anyone under this age. Age confirmation is part of our registration flow.
  • Reporting: If a parent or guardian believes their child has created an account, contact us at info@nsocoride.com immediately for deletion.

Cookies and Web Tracking

  • Mobile App: The CoRide mobile application does not use browser-based cookies.
  • Website: On our website (nsocoride.com), we use functional cookies (login/preferences) and analytics cookies (anonymised visit patterns).
  • Control: You can disable or clear cookies through your browser settings at any time. Doing so on our website will not affect your mobile app experience.

Changes to This Document

  • When we make changes that meaningfully affect your rights, we will send an in-app notification at least 7 days before the new version takes effect and email registered users with a summary.
  • Minor clarifications — such as fixing typos — will be updated quietly with a revised date at the top of this document.

Grievance Officer (India — DPDP Act 2023)

In accordance with India's **Digital Personal Data Protection Act 2023**, CoRide has designated a Grievance Officer responsible for addressing privacy complaints raised by Indian users.

Grievance Officer

Phone: +91 70773 14444

Email: info@nsocoride.com

Address

NSO CoRide
Sumitra Heights, Opp. New Court
Kachery Road, Uditnagar
Rourkela, Odisha, India – 769012

**Response Commitment:** All complaints will receive an acknowledgement within 48 hours and a resolution within 30 days. If you are not satisfied with the resolution, you may escalate your complaint to the Data Protection Board of India.

**Platform Role Disclaimer:** CoRide is a technology platform that enables users to connect for ride sharing. CoRide does not provide transportation services and does not act as a transport operator. Drivers and passengers are independent users of the platform. CoRide is not responsible for the conduct, actions, or behavior of users during rides.

CoRide — Carpooling & Bike Pooling, Made in India

Contact Officer

Made with ❤️ in India

Terms of Service Cookie Policy