Privacy Policy
Last updated:
This Privacy Policy explains how Chute by AtoZ ("Chute", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use the Chute mobile application ("App") and related services ("Services"). It applies to all users — riders, drivers, and visitors to our website.
By using the App or Services, you agree to the practices described in this policy. If you do not agree, do not use our Services.
1. Who we are (Data Controller)
Chute by AtoZ
Email: support@chutebyatoz.com
Website: https://chute.167.99.102.64.sslip.io
We are the data controller responsible for your personal information collected through the Chute App and website.
2. Data we collect and how
We collect the following categories of personal data:
| Category | Specific data points | How collected | Who provides it |
|---|---|---|---|
| Identity & contact | Full name, email address, phone number, profile photo | Account registration & profile setup | Riders & Drivers |
| Precise location | Real-time GPS coordinates, pickup/drop-off addresses, trip route | Device geolocation, Google Maps SDK, in-app input | Riders & Drivers |
| Payment information | Card type, last 4 digits, transaction amounts and dates | Stripe payment processor | Riders |
| Identity documents (KYC) | Driver's license, national ID, vehicle registration, vehicle photo | Document upload via image picker in App | Drivers only |
| Messages | In-app chat messages between rider and driver during a trip | Firebase Realtime Database | Riders & Drivers |
| Device identifiers | Push notification token, device OS & version, Firebase UID | Firebase Messaging & Authentication | Riders & Drivers |
| Usage & diagnostics | Crash reports, error logs, app version, device info, IP address | Firebase Crashlytics, Sentry | All users (automatic) |
| Trip data | Trip requests, route taken, duration, fare, ratings, cancellations | App activity | Riders & Drivers |
We do not collect your full card number (handled exclusively by Stripe). We do not collect data from your contacts, microphone, or camera except when you explicitly upload a document or photo.
3. How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Create and manage your account | Identity & contact, device identifiers | Contract performance |
| Match riders with nearby drivers | Precise location, trip data | Contract performance |
| Process payments & issue receipts | Payment information, trip data | Contract performance |
| Verify driver identity (KYC) | Identity documents | Legal obligation & legitimate interest |
| Enable in-trip communication | Messages | Contract performance |
| Send push notifications | Device identifiers, trip data | Contract performance |
| Ensure app stability & debug errors | Usage & diagnostics | Legitimate interest |
| Prevent fraud and ensure safety | All categories | Legitimate interest & legal obligation |
| Comply with legal obligations | Billing records, identity data | Legal obligation |
| Improve our Services (anonymised) | Aggregated usage & trip data | Legitimate interest |
We do not sell your personal data to third parties. We do not use your data for behavioural advertising or cross-app tracking.
4. Third parties and SDKs
The following third-party service providers process data on our behalf or independently as data controllers. Each provides the same level of data protection as required by applicable law.
| SDK / Service | Provider | Data processed | Privacy policy |
|---|---|---|---|
| Firebase Authentication | Google LLC | Phone number, email, Firebase UID | Google Privacy Policy |
| Firebase Cloud Messaging | Google LLC | Push token, device identifiers | Google Privacy Policy |
| Firebase Crashlytics | Google LLC | Crash logs, device info, app version | Google Privacy Policy |
| Firebase Realtime Database | Google LLC | In-app chat messages, real-time location during trip | Google Privacy Policy |
| Google Maps / Directions API | Google LLC | Location coordinates, route data | Google Privacy Policy |
| Stripe | Stripe, Inc. | Payment card data, transaction records | Stripe Privacy Policy |
| Sentry | Functional Software, Inc. | Error logs, device info, IP address (partial) | Sentry Privacy Policy |
International data transfers
Google, Stripe, and Sentry are US-based companies. Data transferred to the US is protected through Standard Contractual Clauses (SCCs) or equivalent mechanisms as required by applicable data protection law.
If we add new third-party SDKs or services in the future (e.g. analytics, advertising), this policy will be updated before any new data collection begins.
5. Data retention
| Data category | Retention period | Basis |
|---|---|---|
| Account & profile data | Until account deletion + 30 days | Contract / user request |
| Precise location (live trip) | Duration of trip only | Operational necessity |
| Trip history (route summary) | Until account deletion | Service provision |
| In-app messages | 90 days after trip completion | Safety & dispute resolution |
| Payment & billing records | 7 years | Legal / tax obligation |
| KYC documents | Duration of driver account + 2 years | Regulatory compliance |
| Crash & error logs | 90 days | Legitimate interest (debugging) |
| Fraud / safety logs | 2 years | Legitimate interest (security) |
| Anonymised analytics | Indefinitely (no PII) | Legitimate interest (improvement) |
6. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure (right to be forgotten): Request deletion of your data (subject to legal retention obligations).
- Restriction: Ask us to restrict processing of your data in certain circumstances.
- Portability: Receive your data in a structured, commonly-used format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at support@chutebyatoz.com. We will respond within 30 days. We may need to verify your identity before processing your request.
7. Account and data deletion
You can permanently delete your account and associated data at any time through two methods:
- In the Chute app: Profile → Settings → Delete account → Confirm with your password.
- Via web request: Submit a request on our Account Deletion page.
Deletion is processed within 30 days. Some data may be retained as required by law (see Section 5). A confirmation email will be sent once the deletion is complete.
8. Data security
We implement industry-standard technical and organisational measures to protect your data:
- All data in transit is encrypted using TLS 1.2 or higher (HTTPS).
- Payment card data is processed exclusively by Stripe (PCI-DSS compliant) — we never store full card numbers.
- Access to production databases is restricted to authorised personnel only, using role-based access control.
- Crash and diagnostic data is pseudonymised where possible before transmission to Sentry and Crashlytics.
- KYC documents are stored in access-controlled cloud storage with server-side encryption.
Despite our efforts, no system is 100% secure. In the event of a data breach affecting your rights, we will notify you and the relevant authorities as required by law.
9. Children's privacy
Chute is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a child under 18 has provided us with personal information, please contact us at support@chutebyatoz.com and we will promptly delete such data.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, regulatory, or operational reasons. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an in-app notification or email to registered users.
Continued use of the Services after an update constitutes your acceptance of the revised policy. We encourage you to review this page periodically.
11. Contact us
For any privacy-related questions, to exercise your rights, or to report a concern, please contact us:
- Email: support@chutebyatoz.com
- Support page: https://chute.167.99.102.64.sslip.io/support
We aim to respond to all privacy requests within 30 days.