Your Privacy
Privacy Policy
Plain-English explanation of how we collect, use, store, and protect your data.
Last updated: May 21, 2026
GDPR
EU & UK aligned
CCPA
California ready
30 days
Rights request reply
Zero
Personal data sold
What we collect
The three kinds of data we handle
TaxiDex is a multi-tenant dispatch platform, so the data we touch falls into three clear buckets — what you give us, what we capture automatically, and what we process for our fleet customers on their instructions.
Information you provide
The details you give us directly when you create an account, talk to sales, or pay an invoice.
- Account & contact data — name, business email, phone, company and role
- Billing data — billing address and the last 4 digits of your payment method (cards are processed by Stripe; we never store full card numbers)
- Support & sales correspondence — messages, attachments and call recordings, where required by law and disclosed at the start of the call
Automatic data
Technical signals captured automatically as you use the website and the TaxiDex console.
- Device, browser, IP address, referrer URL, pages viewed and timestamps
- Service performance metrics — errors and latency tied to your account so we can keep the platform fast and reliable
Driver & passenger data
Data we process on behalf of our fleet customers (Operators) strictly on their documented instructions, as their processor under our DPA.
- Driver and passenger names, contact details, photo and vehicle license
- Location traces, trip history and ratings generated in the white-label apps
- Processed only on documented Operator instructions — TaxiDex never repurposes it
How we use it
What we do with your data — and why we are allowed to
We use personal data for a defined set of purposes, and for every one of them we hold a clear legal basis under the GDPR.
Contract
We process the data necessary to deliver the platform you have signed up for — provisioning your console, white-label apps and dispatch tooling.
Legitimate interests
We keep the platform secure, prevent fraud and improve the product, balanced against your rights and expectations.
Consent
We rely on your consent for marketing emails and non-essential cookies — and you can withdraw it at any time.
Legal obligation
We retain certain records, such as tax and accounting data, where the law requires us to keep them.
Privacy by design
How privacy shows up inside the product
A privacy policy is only as good as the controls behind it. These are the platform features that put this policy into practice every day.

Processor, not owner
Operator data stays the Operator's
For data processed on behalf of our fleet customers, TaxiDex is the processor and the Operator is the controller. Driver and passenger names, contact details, photos, vehicle licenses, location traces, trip history and ratings are processed only on documented Operator instructions, under our Data Processing Addendum.
Inside the console, teams and role permissions mean dispatchers, finance staff and fleet managers each see only the data their job requires, and every sensitive action is written to a 365-day audit log. On request from a controller, we delete or return Operator data within 30 days of termination.

Security controls
Encryption, access control and incident response
We protect data in transit with TLS 1.3 and at rest with AES-256-GCM, backed by SOC 2-aligned controls, annual third-party penetration testing and a 15-minute incident response SLA. Card data never touches our servers — Stripe and Square tokenise it at capture.
Fleet-side safety has its own tooling: SOS panic alerts from the white-label apps surface instantly on the live operations map and in a dedicated incidents console, with the vehicle, the active booking and the people involved already attached. For the full picture, see our Security Center.
Sharing & sub-processors
The vetted services that help us run TaxiDex
We share data only with vetted sub-processors that support our service. The current list is subject to update — we give Operators 30 days' notice of additions. We do not sell personal data.
The full policy
Privacy policy in detail
The complete terms, section by section. This is the authoritative version — the summaries above are here to make it easier to navigate.
Contents
1. Scope & Roles
This Privacy Policy explains how TaxiDex("we", "us") collects and uses personal data when you visit our website, use the TaxiDex platform, or contact us. For data processed on behalf of our fleet customers ("Operators"), TaxiDex is the processor and the Operator is the controller. For data we collect directly (e.g., from website visitors), we are the controller.
2. What We Collect
Information you provide
- Account & contact data: name, business email, phone, company, role.
- Billing data: billing address and last 4 digits of payment method (processed by Stripe; we do not store full card numbers).
- Support & sales correspondence: messages, attachments, call recordings (where required by law and disclosed at the start of the call).
Automatic data
- Device, browser, IP address, referrer URL, pages viewed, timestamps.
- Service performance metrics (errors, latency) tied to your account.
Driver & passenger data (on behalf of Operators)
Operators may instruct us to process: driver and passenger names, contact details, photo, vehicle license, location traces, trip history, and ratings. TaxiDex only processes this data on documented Operator instructions per our DPA.
3. How We Use Your Data
- Provide, maintain, and secure the TaxiDex platform.
- Respond to sales enquiries and book demos.
- Send service-critical notifications (downtime, security incidents).
- Improve the product using aggregated, anonymised analytics.
- Send product updates — only if you opted in.
- Detect, prevent, and respond to fraud and abuse.
- Comply with legal obligations and respond to lawful requests.
4. Legal Basis (GDPR)
We rely on: Contract (to deliver the platform), Legitimate interests (to keep the platform secure and improve it), Consent (for marketing emails & non-essential cookies), and Legal obligation (e.g., tax records).
5. Sharing & Sub-Processors
We share data only with vetted sub-processors that support our service. The current list (subject to update; we'll give 30 days' notice of additions to Operators):
- Amazon Web Services — hosting (us-west-2, eu-west-1)
- Stripe — payment processing
- Twilio — SMS & voice notifications
- SendGrid — transactional email
- Datadog — observability & logs
- Zendesk — customer support
- Google Maps Platform & Mapbox — mapping & routing
We do not sell personal data.
6. Retention
Account data is retained for the life of your account and 12 months after termination, except where law requires longer retention (e.g., tax records). Audit logs are retained for 365 days. On request from a controller, we delete or return Operator data within 30 days of termination.
7. Your Rights
Depending on your jurisdiction, you may have rights to: access, rectify, erase, restrict, or port your personal data; object to processing; withdraw consent; lodge a complaint with a supervisory authority. To exercise rights, email privacy@taxidex.com. We respond within 30 days.
8. Cookies & Tracking
We use strictly necessary cookies for authentication and session continuity. Non-essential analytics cookies (e.g., page-view aggregation) load only with your consent. You can withdraw consent at any time via the cookie banner.
9. Security
TLS 1.3 in transit, AES-256-GCM at rest, SOC 2-aligned controls, annual third-party penetration testing, 15-minute incident response SLA. See the Security Center for full details.
10. International Transfers
Data may be transferred to the United States and the European Union. For EU-to-US transfers we rely on Standard Contractual Clauses (2021/914) and supplementary technical measures.
11. Children's Privacy
TaxiDex is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, email privacy@taxidex.com and we will delete it.
12. Changes to this Policy
We'll update this page when our practices change. Material changes are emailed to account admins at least 30 days before they take effect.
13. Contact
Email: privacy@taxidex.com
Phone: +1-562-504-5860
Postal: TaxiDex, c/o Privacy Office, Los Angeles, California, USA.
