Privacy Policy

Last updated: November 16, 2025

XTaxi24 ("we", "us", or "our") is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, password
• Payment Information: Credit/debit card information (managed securely via Stripe - we do not store full card details)
• Profile Information: Profile photo (optional), saved addresses
• Driver Information: License details, vehicle information, insurance documents, background check results
• Booking Information: Pickup/destination addresses, distance from service area (to determine payment requirements), call-out distances for remote pickups

2.2 Information Automatically Collected

• Location Data:
  • Precise GPS location when using the app
  • Background location for drivers when online (to match with passengers)
  • Pickup and dropoff locations
  • Route information during trips
• Usage Data: App interactions, ride history, timestamps, device information
• API Usage Data: Number of address searches (Places Autocomplete), fare calculation requests, and booking conversion patterns (for fraud detection and preventing competitor scraping)
• Device Information: Device type, operating system, unique device identifiers, IP address

2.3 Information from Third Parties

• Google Maps API: Route calculations, address validation, map display
• Payment Processors: Transaction confirmations from Stripe
• Background Check Providers: For driver verification (UK only)

3. How We Use Your Information

3.1 Service Provision (Legal Basis: Contract Performance)

• Matching passengers with drivers
• Processing ride bookings and payments
• Real-time GPS tracking during trips
• Sending ride notifications and updates
• Calculating fares and processing refunds
• Determining payment method requirements based on pickup location distance from service area
• Analyzing ride profitability to ensure drivers receive fair compensation

3.2 Safety & Security (Legal Basis: Legitimate Interests)

• Verifying driver identities and credentials
• Monitoring for fraudulent activity
• Recording ride history for dispute resolution
• Ensuring passenger and driver safety
• Detecting and preventing API abuse and service misuse
• Identifying patterns of excessive searches/calculations without bookings
• Protecting against competitors scraping pricing data
• Maintaining service quality and controlling operational costs

3.3 Legal Compliance (Legal Basis: Legal Obligation)

• Retaining records for 7 years (UK tax law)
• Responding to law enforcement requests
• Complying with transport regulations

3.4 Marketing (Legal Basis: Consent)

• Sending promotional offers (you can opt out anytime)
• Personalizing app experience
• Analyzing user behavior to improve services

4. Location Data - Important Information

For Passengers:

• We only collect location when you open the app
• Location sharing stops when you close the app
• Pickup/dropoff addresses are saved for 7 years (tax compliance)

For Drivers:

• Background location is required when you're "online" and available for rides
• This allows us to match you with nearby passengers
• Location tracking stops when you go "offline"
• You control when location sharing is active via the online/offline toggle

4.1 Call-Out Service & Payment Requirements

Distance-Based Payment Requirements:

We analyze the distance between your pickup location and our main service area (Haywards Heath, Burgess Hill, Cuckfield, Lindfield) to determine payment method requirements:

• Local Pickups (within base area): Cash and card payments accepted
• Remote Pickups (more than 5 miles from base): Card payment required to protect drivers from no-shows on long-distance call-outs
• This analysis is performed automatically when you book a ride
• The app will clearly indicate if card payment is required before you confirm your booking
• Distance calculations use Google Maps API and are stored with your ride record

Data Processing: We calculate and store call-out distance information to:

• Determine appropriate payment method requirements
• Provide fare transparency (explaining why certain fares include call-out costs)
• Ensure fair compensation for drivers traveling long distances to remote pickups
• Prevent service disruption from cancelled remote bookings

5. How We Share Your Information

5.1 With Other Users

• Passengers see: Driver name, photo, vehicle details, real-time location during trip
• Drivers see: Passenger name, photo (optional), pickup/dropoff locations

5.2 With Service Providers

• Google Cloud Platform / Firebase: App hosting and database (data stored in Europe)
• Stripe: Payment processing (PCI DSS compliant)
• Google Maps API: Route calculations and mapping

5.3 With Legal Authorities

• When required by law (court orders, subpoenas)
• To protect rights and safety
• In emergency situations

5.4 Business Transfers

If XTaxi24 is acquired or merged, your data may be transferred to the new entity (you will be notified).

6. Data Retention

• Ride Records: 7 years (HMRC requirement)
• User Accounts: 6 years after last activity
• Chat Messages: 90 days
• Location History: 7 years (for ride records)
• Marketing Data: Until you withdraw consent

7. Your Rights Under UK GDPR

• Right to Access: Request a copy of your data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete your data (exceptions apply for legal obligations)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a common format
• Right to Object: Stop processing for marketing or legitimate interests
• Right to Withdraw Consent: Stop consent-based processing anytime

To exercise your rights, email: privacy@xtaxi24.com

We will respond within 30 days.

8. API Usage Monitoring and Fraud Prevention

To prevent abuse and maintain service quality, we monitor API usage patterns in our mobile apps.

8.1 What We Track

• Address Searches: Number of times you use Places Autocomplete to search for locations
• Fare Calculations: Number of fare estimates requested without booking
• Booking Conversion: Ratio of searches/calculations to actual ride bookings
• Usage Patterns: Time spent in app, screen views, app opens
• API Costs: Resources consumed per user account

8.2 Why We Track This

• Prevent Abuse: Users creating accounts to repeatedly calculate fares without ever booking
• Detect Competitors: Identify competitors scraping our pricing algorithms and service coverage
• Control Costs: Google Maps API charges per request - excessive usage impacts operational costs
• Maintain Service Quality: Ensure API resources are available for genuine customers
• Fair Use: Reasonable searching is normal; excessive patterns (100+ calculations with 0 bookings) indicate abuse

8.3 Automated Fraud Detection

Our AI-powered system analyzes usage every 6 hours. Suspicious accounts may be flagged, rate-limited, or suspended.

8.4 Normal vs. Suspicious Usage

Normal: Calculating 5-10 fares before booking, comparing prices, checking fares for future planning

Suspicious: 100+ calculations with 0 bookings, systematic area mapping, automated API calls, multiple accounts with similar patterns

8.5 Your Rights

• Normal customers will never be affected - browse and calculate freely
• If flagged incorrectly, appeal to privacy@xtaxi24.com
• API usage logs retained for 90 days

9. Cookies and Tracking

This website uses:

• Essential Cookies: Required for site functionality (no consent needed)
• Analytics Cookies: Google Analytics (requires consent) - we use this to understand how visitors use our site

See our Cookie Policy for details.

10. Security Measures

• End-to-end encryption for payment data
• SSL/TLS encryption for all data transmission
• Firebase Security Rules to prevent unauthorized access
• Regular security audits
• Staff background checks and data access controls

11. Children's Privacy

XTaxi24 is not intended for users under 18. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.

12. International Data Transfers

Your data is stored on Firebase servers in Europe (europe-west1). If data is transferred outside the UK/EEA, we use:

• EU Standard Contractual Clauses
• Adequacy decisions (where applicable)
• Other lawful transfer mechanisms

13. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via:

• Email notification
• In-app notification
• Updated "Last modified" date at the top

14. Contact & Complaints

Data Protection Officer: privacy@xtaxi24.com

General Inquiries: privacy@xtaxi24.com

If you're not satisfied with our response, you have the right to lodge a complaint with: