TaxiDexTaxiDex

Your Privacy

Privacy Policy

Plain-English explanation of how we collect, use, store, and protect your data.

Last updated: May 21, 2026

GDPR

EU & UK aligned

CCPA

California ready

30 days

Rights request reply

Zero

Personal data sold

What we collect

The three kinds of data we handle

TaxiDex is a multi-tenant dispatch platform, so the data we touch falls into three clear buckets — what you give us, what we capture automatically, and what we process for our fleet customers on their instructions.

Information you provide

The details you give us directly when you create an account, talk to sales, or pay an invoice.

  • Account & contact data — name, business email, phone, company and role
  • Billing data — billing address and the last 4 digits of your payment method (cards are processed by Stripe; we never store full card numbers)
  • Support & sales correspondence — messages, attachments and call recordings, where required by law and disclosed at the start of the call

Automatic data

Technical signals captured automatically as you use the website and the TaxiDex console.

  • Device, browser, IP address, referrer URL, pages viewed and timestamps
  • Service performance metrics — errors and latency tied to your account so we can keep the platform fast and reliable

Driver & passenger data

Data we process on behalf of our fleet customers (Operators) strictly on their documented instructions, as their processor under our DPA.

  • Driver and passenger names, contact details, photo and vehicle license
  • Location traces, trip history and ratings generated in the white-label apps
  • Processed only on documented Operator instructions — TaxiDex never repurposes it

How we use it

What we do with your data — and why we are allowed to

We use personal data for a defined set of purposes, and for every one of them we hold a clear legal basis under the GDPR.

Provide, maintain, and secure the TaxiDex platform
Respond to sales enquiries and book demos
Send service-critical notifications (downtime, security incidents)
Improve the product using aggregated, anonymised analytics
Send product updates — only if you opted in
Detect, prevent, and respond to fraud and abuse
Comply with legal obligations and respond to lawful requests

Contract

We process the data necessary to deliver the platform you have signed up for — provisioning your console, white-label apps and dispatch tooling.

Legitimate interests

We keep the platform secure, prevent fraud and improve the product, balanced against your rights and expectations.

Consent

We rely on your consent for marketing emails and non-essential cookies — and you can withdraw it at any time.

Legal obligation

We retain certain records, such as tax and accounting data, where the law requires us to keep them.

Privacy by design

How privacy shows up inside the product

A privacy policy is only as good as the controls behind it. These are the platform features that put this policy into practice every day.

TaxiDex customers screen showing rider records that operators control as data controllers

Processor, not owner

Operator data stays the Operator's

For data processed on behalf of our fleet customers, TaxiDex is the processor and the Operator is the controller. Driver and passenger names, contact details, photos, vehicle licenses, location traces, trip history and ratings are processed only on documented Operator instructions, under our Data Processing Addendum.

Inside the console, teams and role permissions mean dispatchers, finance staff and fleet managers each see only the data their job requires, and every sensitive action is written to a 365-day audit log. On request from a controller, we delete or return Operator data within 30 days of termination.

TaxiDex incidents and SOS console showing live safety alerts with vehicle context

Security controls

Encryption, access control and incident response

We protect data in transit with TLS 1.3 and at rest with AES-256-GCM, backed by SOC 2-aligned controls, annual third-party penetration testing and a 15-minute incident response SLA. Card data never touches our servers — Stripe and Square tokenise it at capture.

Fleet-side safety has its own tooling: SOS panic alerts from the white-label apps surface instantly on the live operations map and in a dedicated incidents console, with the vehicle, the active booking and the people involved already attached. For the full picture, see our Security Center.

Sharing & sub-processors

The vetted services that help us run TaxiDex

We share data only with vetted sub-processors that support our service. The current list is subject to update — we give Operators 30 days' notice of additions. We do not sell personal data.

Amazon Web Services — hosting (us-west-2, eu-west-1)
Stripe — payment processing
Twilio — SMS & voice notifications
SendGrid — transactional email
Datadog — observability & logs
Zendesk — customer support
Google Maps Platform & Mapbox — mapping & routing

The full policy

Privacy policy in detail

The complete terms, section by section. This is the authoritative version — the summaries above are here to make it easier to navigate.

1. Scope & Roles

This Privacy Policy explains how TaxiDex("we", "us") collects and uses personal data when you visit our website, use the TaxiDex platform, or contact us. For data processed on behalf of our fleet customers ("Operators"), TaxiDex is the processor and the Operator is the controller. For data we collect directly (e.g., from website visitors), we are the controller.

2. What We Collect

Information you provide

  • Account & contact data: name, business email, phone, company, role.
  • Billing data: billing address and last 4 digits of payment method (processed by Stripe; we do not store full card numbers).
  • Support & sales correspondence: messages, attachments, call recordings (where required by law and disclosed at the start of the call).

Automatic data

  • Device, browser, IP address, referrer URL, pages viewed, timestamps.
  • Service performance metrics (errors, latency) tied to your account.

Driver & passenger data (on behalf of Operators)

Operators may instruct us to process: driver and passenger names, contact details, photo, vehicle license, location traces, trip history, and ratings. TaxiDex only processes this data on documented Operator instructions per our DPA.

3. How We Use Your Data

  • Provide, maintain, and secure the TaxiDex platform.
  • Respond to sales enquiries and book demos.
  • Send service-critical notifications (downtime, security incidents).
  • Improve the product using aggregated, anonymised analytics.
  • Send product updates — only if you opted in.
  • Detect, prevent, and respond to fraud and abuse.
  • Comply with legal obligations and respond to lawful requests.

We rely on: Contract (to deliver the platform), Legitimate interests (to keep the platform secure and improve it), Consent (for marketing emails & non-essential cookies), and Legal obligation (e.g., tax records).

5. Sharing & Sub-Processors

We share data only with vetted sub-processors that support our service. The current list (subject to update; we'll give 30 days' notice of additions to Operators):

  • Amazon Web Services — hosting (us-west-2, eu-west-1)
  • Stripe — payment processing
  • Twilio — SMS & voice notifications
  • SendGrid — transactional email
  • Datadog — observability & logs
  • Zendesk — customer support
  • Google Maps Platform & Mapbox — mapping & routing

We do not sell personal data.

6. Retention

Account data is retained for the life of your account and 12 months after termination, except where law requires longer retention (e.g., tax records). Audit logs are retained for 365 days. On request from a controller, we delete or return Operator data within 30 days of termination.

7. Your Rights

Depending on your jurisdiction, you may have rights to: access, rectify, erase, restrict, or port your personal data; object to processing; withdraw consent; lodge a complaint with a supervisory authority. To exercise rights, email privacy@taxidex.com. We respond within 30 days.

8. Cookies & Tracking

We use strictly necessary cookies for authentication and session continuity. Non-essential analytics cookies (e.g., page-view aggregation) load only with your consent. You can withdraw consent at any time via the cookie banner.

9. Security

TLS 1.3 in transit, AES-256-GCM at rest, SOC 2-aligned controls, annual third-party penetration testing, 15-minute incident response SLA. See the Security Center for full details.

10. International Transfers

Data may be transferred to the United States and the European Union. For EU-to-US transfers we rely on Standard Contractual Clauses (2021/914) and supplementary technical measures.

11. Children's Privacy

TaxiDex is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, email privacy@taxidex.com and we will delete it.

12. Changes to this Policy

We'll update this page when our practices change. Material changes are emailed to account admins at least 30 days before they take effect.

13. Contact

Email: privacy@taxidex.com
Phone: +1-562-504-5860
Postal: TaxiDex, c/o Privacy Office, Los Angeles, California, USA.

Run your entire fleet from one console. 

Dispatch, drivers, fares, payments and reporting — live in 14 days, in your brand.