Privacy Policy
Last updated: April 13, 2026 — Version 2.0
1. Data Controller
GeraRide is operated by Gera Systems (registered in England and Wales), a ride-hailing and delivery platform. We are the data controller under the UK GDPR and Data Protection Act 2018.
- Website: geraride.com
- Data Protection: privacy@gera.services
2. What Personal Data We Collect
2.1 Identity and Contact Data
Full name, email address, phone number, profile photo.
2.2 Location Data (Core to the Service)
Passengers/senders: Pick-up and drop-off locations for each trip or delivery, and real-time GPS location during active trips (to match with nearby drivers).
Drivers/couriers: Continuous real-time GPS location while the app is active and during trips. Trip history. This data is required to operate the service.
Location data is retained for 90 days then anonymised for aggregate analytics.
2.3 Driver and Vehicle Data
Driving licence number, vehicle registration, MOT and insurance certificates, DBS check results, professional driving licence (where required by local regulation), and earnings history.
2.4 Transaction Data
Trip history, fare amounts, payment type and last four digits, promotions and discounts applied.
2.5 Safety Data
In-trip audio or video recordings where required by local regulation or following a safety incident (retained only with your knowledge and only as required).
2.6 Usage and Technical Data
IP address, device identifiers, OS version, app version, crash logs.
3. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Matching passengers with drivers | Contract (Art. 6(1)(b)) |
| Sharing your location with matched driver | Contract (Art. 6(1)(b)) |
| Driver background and licensing checks | Legal Obligation (Art. 6(1)(c)) |
| Processing fares and driver payouts | Contract (Art. 6(1)(b)) |
| Safety monitoring and incident investigation | Legitimate Interests + Legal Obligation (Art. 6(1)(c)(f)) |
| Fraud prevention | Legitimate Interests (Art. 6(1)(f)) |
| Regulatory compliance (taxi licensing) | Legal Obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
4. Data Retention
- Real-time location: retained for 90 days then anonymised
- Trip history: while account active + 2 years
- Driver licensing data: duration of active driving status + 2 years
- DBS check results: 6 months from decision (DBS Code of Practice)
- Financial records: 6 years (HMRC)
- Safety incident data: up to 6 years where legal proceedings are involved
- Analytics: 13 months rolling
5. Who We Share Your Data With
We do not sell your data. We share only as necessary:
- Matched driver/passenger — name, photo, and trip details (after match confirmed; real-time location during trip only)
- Local taxi licensing authorities — driver licence compliance as required
- DBS Update Service — driver background checks
- Stripe — payment processing
- Railway, Neon, Vercel — infrastructure
- PostHog (EU, anonymised); Sentry (EU, errors)
- Law enforcement — for safety incidents or as required by law
6. Your Rights
Access, rectify, erase, restrict, port, or object to your data. Note that trip history and safety data may be subject to retention requirements that limit erasure rights. Email privacy@gera.services. Complaints to the ICO.
7. Security
TLS 1.2+ in transit, AES-256 at rest, MFA on admin, continuous monitoring. Location data stored in encrypted, access-controlled environments.
8. Cookies
Essential, functional, and (with consent) analytics cookies. See our Cookie Policy.
9. Contact
- Data Protection: privacy@gera.services
- Support: support@geraride.com