Your Privacy

Privacy Policy

Plain-English explanation of how we collect, use, store, and protect your data.

Last updated: May 21, 2026
Contents
  1. Scope & Roles
  2. What We Collect
  3. How We Use Your Data
  4. Legal Basis (GDPR)
  5. Sharing & Sub-Processors
  6. Retention
  7. Your Rights
  8. Cookies & Tracking
  9. Security
  10. International Transfers
  11. Children's Privacy
  12. Changes
  13. Contact

1. Scope & Roles

This Privacy Policy explains how TaxiDex ("we", "us") collects and uses personal data when you visit our website, use the TaxiDex platform, or contact us. For data processed on behalf of our fleet customers ("Operators"), TaxiDex is the processor and the Operator is the controller. For data we collect directly (e.g., from website visitors), we are the controller.

2. What We Collect

Information you provide

  • Account & contact data: name, business email, phone, company, role.
  • Billing data: billing address and last 4 digits of payment method (processed by Stripe; we do not store full card numbers).
  • Support & sales correspondence: messages, attachments, call recordings (where required by law and disclosed at the start of the call).

Automatic data

  • Device, browser, IP address, referrer URL, pages viewed, timestamps.
  • Service performance metrics (errors, latency) tied to your account.

Driver & passenger data (on behalf of Operators)

Operators may instruct us to process: driver and passenger names, contact details, photo, vehicle license, location traces, trip history, and ratings. TaxiDex only processes this data on documented Operator instructions per our DPA.

3. How We Use Your Data

  • Provide, maintain, and secure the TaxiDex platform.
  • Respond to sales enquiries and book demos.
  • Send service-critical notifications (downtime, security incidents).
  • Improve the product using aggregated, anonymised analytics.
  • Send product updates — only if you opted in.
  • Detect, prevent, and respond to fraud and abuse.
  • Comply with legal obligations and respond to lawful requests.

We rely on: Contract (to deliver the platform), Legitimate interests (to keep the platform secure and improve it), Consent (for marketing emails & non-essential cookies), and Legal obligation (e.g., tax records).

5. Sharing & Sub-Processors

We share data only with vetted sub-processors that support our service. The current list (subject to update; we'll give 30 days' notice of additions to Operators):

  • Amazon Web Services — hosting (us-west-2, eu-west-1)
  • Stripe — payment processing
  • Twilio — SMS & voice notifications
  • SendGrid — transactional email
  • Datadog — observability & logs
  • Zendesk — customer support
  • Google Maps Platform & Mapbox — mapping & routing

We do not sell personal data.

6. Retention

Account data is retained for the life of your account and 12 months after termination, except where law requires longer retention (e.g., tax records). Audit logs are retained for 365 days. On request from a controller, we delete or return Operator data within 30 days of termination.

7. Your Rights

Depending on your jurisdiction, you may have rights to: access, rectify, erase, restrict, or port your personal data; object to processing; withdraw consent; lodge a complaint with a supervisory authority. To exercise rights, email privacy@taxidex.com. We respond within 30 days.

8. Cookies & Tracking

We use strictly necessary cookies for authentication and session continuity. Non-essential analytics cookies (e.g., page-view aggregation) load only with your consent. You can withdraw consent at any time via the cookie banner.

9. Security

TLS 1.3 in transit, AES-256-GCM at rest, SOC 2-aligned controls, annual third-party penetration testing, 15-minute incident response SLA. See the Security Center for full details.

10. International Transfers

Data may be transferred to the United States and the European Union. For EU-to-US transfers we rely on Standard Contractual Clauses (2021/914) and supplementary technical measures.

11. Children's Privacy

TaxiDex is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, email privacy@taxidex.com and we will delete it.

12. Changes to this Policy

We'll update this page when our practices change. Material changes are emailed to account admins at least 30 days before they take effect.

13. Contact

Email: privacy@taxidex.com
Phone: +1-562-504-5860
Postal: TaxiDex, c/o Privacy Office, Los Angeles, California, USA.