Privacy Policy
Last updated: May 2026
1. Introduction & Scope
This Privacy Policy (“Policy”) sets out in detail how Zetro, a company incorporated under the laws of India, along with its affiliates, subsidiaries, and authorized partners (collectively referred to as the “Company”, “we”, “our”, or “us”), collects, receives, accesses, stores, processes, uses, transfers, and protects personal data in connection with its technology-driven platform (“Platform”).
The Platform enables on-demand services including, but not limited to, transportation, logistics, courier delivery, and other digitally facilitated services between independent third-party service providers and end users.
This Policy applies to all individuals and entities interacting with the Platform, including:
- Customers: Individuals or entities who request, book, or receive services through the Platform
- Captains: Independent third-party service providers who offer transportation, delivery, or related services via the Platform
- Users: Any person who accesses, browses, registers on, or otherwise interacts with the Platform, including visitors without an active account
This Policy governs the processing of personal data across all modes of interaction with the Platform, including but not limited to mobile applications, websites, APIs, customer support channels, and any other digital or offline touchpoints operated by or on behalf of the Company.
By accessing, registering on, or using the Platform, you:
- Confirm that you have read, understood, and agreed to this Policy
- Consent to the collection and processing of your personal data in accordance with this Policy
- Represent that you have the legal capacity and authority to agree to this Policy
If you do not agree with any part of this Policy, you must immediately discontinue use of the Platform.
This Policy forms an integral part of the Platform’s Terms and Conditions and should be read in conjunction with them.
The Company reserves the right to update, modify, or revise this Policy at any time to reflect changes in legal requirements, business practices, or technological developments. Any such updates will be effective upon publication on the Platform, unless otherwise required by applicable law.
In the event of any conflict between this Policy and applicable laws, the provisions of such laws shall prevail to the extent of the inconsistency.
2. Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings assigned to them below. These definitions are intended to ensure clarity, consistency, and legal interpretation across the Platform and related documents:
- Platform: “Platform” refers to all digital and technological interfaces owned, operated, or made available by the Company, including but not limited to mobile applications, websites, web applications, APIs, backend systems, and any associated services, features, or functionalities through which users may access or avail services.
- User: “User” means any individual or entity that accesses, browses, registers on, or otherwise interacts with the Platform in any capacity, including without limitation Customers, Captains, and visitors.
- Customer: “Customer” refers to a User who requests, books, receives, or intends to receive services through the Platform, including transportation, logistics, delivery, or any other services facilitated by the Platform.
- Captain: “Captain” or “Service Provider” refers to an independent third-party individual or entity that provides transportation, delivery, logistics, or related services through the Platform. Captains are not employees, agents, or representatives of the Company unless explicitly stated otherwise.
- Personal Data: “Personal Data” means any information that relates to an identified or identifiable natural person, either directly or indirectly, including but not limited to name, contact details, identification information, location data, financial data, or any other information that can reasonably be used to identify an individual.
- Sensitive Personal Data: “Sensitive Personal Data” includes such categories of data as may be defined under applicable laws, including financial information, government-issued identification numbers, biometric data, or any other information requiring enhanced protection under law.
- Processing: “Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, sharing, transfer, restriction, or deletion.
- Services: “Services” refers to all services facilitated, enabled, or made available through the Platform, including but not limited to ride-hailing, transportation, logistics, courier delivery, and any related or ancillary offerings.
- Device: “Device” means any electronic device used to access the Platform, including smartphones, tablets, computers, or any other internet-enabled device.
- Third Party: “Third Party” means any individual or entity other than the User or the Company, including service providers, partners, vendors, payment gateways, analytics providers, or regulatory authorities.
- Applicable Law: “Applicable Law” refers to all laws, regulations, rules, guidelines, and governmental orders that are applicable to the Company, the Platform, or the processing of Personal Data, including but not limited to laws in India and any other jurisdiction where the Platform operates.
- Consent: “Consent” means any freely given, specific, informed, and unambiguous indication of a User’s agreement to the processing of their Personal Data, whether through explicit action or as permitted under applicable law.
Interpretation Clause: Unless the context otherwise requires:
- Words in singular shall include plural and vice versa.
- Headings are for convenience only and shall not affect interpretation.
- References to “including” shall be construed as “including without limitation”.
3. Data Ownership & Platform Role
1. Ownership of Personal Data:
The Company acknowledges and affirms that all Personal Data provided, uploaded, or generated by Users in connection with the use of the Platform remains the property of the respective User to whom such data relates.
The Company does not claim ownership over any Personal Data. However, by using the Platform, Users grant the Company a limited, non-exclusive, worldwide, royalty-free, and revocable license to collect, use, process, store, and transfer such Personal Data strictly for the purposes outlined in this Privacy Policy and in accordance with applicable laws.
2. Role of the Company:
Depending on the nature of the activity, the Company may act as:
- A Data Controller, where it determines the purpose and means of processing Personal Data (for example, account management, fraud prevention, analytics, and platform operations); and/or
- A Data Processor, where it processes Personal Data on behalf of Users or third parties for the purpose of facilitating services through the Platform.
The Company ensures that all processing activities are conducted in compliance with applicable data protection laws and industry standards.
4. Limited Purpose Use of Data:
The Company shall process Personal Data only for:
- Enabling and facilitating services on the Platform
- Ensuring safety, security, and fraud prevention
- Complying with legal and regulatory obligations
- Improving and optimizing the Platform
The Company shall not use Personal Data for purposes that are materially different, unrelated, or incompatible with the purposes described in this Policy without obtaining additional consent where required.
5. No Sale of Personal Data:
The Company does not sell, rent, or trade Personal Data of Users to third parties for monetary consideration.
Any sharing of data with third parties shall be limited to:
- Service delivery requirements
- Operational support
- Legal obligations
- Business continuity (e.g., mergers or acquisitions)
6. User Responsibility for Data Accuracy:
- Users are responsible for ensuring that the Personal Data provided by them is accurate, complete, and up to date.
- The Company shall not be held liable for any consequences arising from inaccurate, outdated, or misleading information provided by Users.
7. Platform as an Intermediary:
- The Platform acts as a technology intermediary that enables connections between Customers and independent Captains.
- The Company does not:
- Own or operate transportation or logistics services
- Employ Captains (unless explicitly stated)
- Control the conduct of Users beyond platform-level enforcement
- Accordingly, the Company’s role is limited to facilitating interactions and processing data necessary for such facilitation.
8. Data Minimization & Access Control:
- The Company follows a data minimization principle, collecting only such data as is necessary for defined purposes.
- Access to Personal Data is restricted to:
- Authorized personnel
- Verified service providers
- Systems with legitimate operational requirements
- All access is governed by internal controls and security protocols.
9. Accountability & Compliance Commitment:
The Company is committed to maintaining transparency, accountability, and compliance in all data processing activities and shall take reasonable steps to ensure that Personal Data is handled securely and in accordance with this Policy and applicable laws.
4. Categories of Data Collected
The Company collects and processes Personal Data in a structured and purpose-driven manner to ensure efficient service delivery, safety, compliance, and continuous improvement of the Platform.
The categories of data collected include, but are not limited to, the following:
1. Identity & Contact Data:
- This includes information that directly identifies a User, such as:
- Full name
- Mobile phone number
- Email address
- Profile photograph (if uploaded)
- Account credentials and preferences
- This data is essential for account creation, authentication, communication, and user identification on the Platform.
2. Financial & Payment Data:
- This includes information necessary to process payments and financial transactions:
- Payment method details (e.g., card type, UPI, wallet reference)
- Transaction IDs and payment confirmations
- Billing-related information
- The Company does not store complete financial credentials. Payment processing is securely handled through authorized third-party payment gateways compliant with applicable regulations.
3. Location Data:
- We collect location-based information including:
- Real-time GPS location
- Pickup and drop-off locations
- Route, distance, and travel patterns
- Location data may be collected when:
- The application is actively in use
- A service is ongoing
- For a limited duration after service completion for safety and fraud prevention purposes
- Users may manage location permissions through their device settings; however, disabling location access may limit Platform functionality.
4. Technical & Device Data:
- We automatically collect technical information such as:
- IP address
- Device ID and identifiers
- Device type, model, and operating system
- App version and usage logs
- Network and browser information
- This data is used for security monitoring, fraud detection, system optimization, and performance analytics.
5. Transaction Data:
- We collect service-related data including:
- Ride/order history
- Fare details and pricing breakdown
- Date, time, and duration of services
- Service preferences and usage patterns
- This information is necessary for billing, record-keeping, dispute resolution, and service optimization.
6. Communication Data:
- We process interaction data including:
- In-app chat messages
- Call logs (with number masking where applicable)
- Customer support interactions
- Feedback, ratings, and complaints
- Some communications may be recorded or stored for quality assurance, dispute resolution, and safety purposes.
7. Captain-Specific Data:
- Additional data collected from Captains includes:
- Government-issued identification
- Driving license details
- Vehicle registration details
- Insurance documents
- Background verification records
- Bank account or payout details
- This data is required for onboarding, verification, and compliance.
8. Data from Third-Party Sources:
- We may receive data from:
- Payment partners
- Identity verification providers
- Analytics and marketing partners
- Law enforcement or regulatory authorities
- Such data is processed in accordance with this Policy and applicable laws.
9. User-Generated Content:
- Users may voluntarily provide data through:
- Profile updates
- Reviews and feedback
- Uploaded images or documents
- Support tickets
- This content is used to improve user experience and platform integrity.
10. Data Minimization Commitment:
- Necessary for defined purposes
- Relevant to the services provided
- Proportionate to operational and legal requirements
5. Purpose Limitation
The Company collects, processes, and uses Personal Data solely for specific, explicit, and lawful purposes directly related to the operation, delivery, security, and continuous improvement of its Platform and services, including but not limited to service facilitation, user verification, transaction processing, safety and fraud prevention, customer support, analytics, and regulatory compliance.
Such processing shall be carried out strictly in accordance with applicable laws, including the Information Technology Act, 2000, the SPDI Rules, and applicable provisions of the Digital Personal Data Protection Act, 2023, as well as globally recognized data protection principles where relevant.
The Company shall not process Personal Data for any purpose that is incompatible with the original purpose of collection unless permitted by law or based on a valid legal ground, including user consent, contractual necessity, legitimate interests, or legal obligations.
Where data is used for secondary purposes such as analytics, product development, artificial intelligence, or marketing, such use shall be proportionate, privacy-conscious, and subject to appropriate safeguards and user controls, including opt-out mechanisms where required.
The Company further ensures that all data processing activities are limited to what is necessary, relevant, and proportionate, and are conducted with appropriate technical and organizational safeguards to protect user rights while enabling scalable, compliant, and efficient business operations, including future expansion, investment activities, and cross-border service delivery.
6. Legal Basis for Processing
The Company processes Personal Data only where a valid and lawful basis exists, ensuring full compliance with applicable laws including the Information Technology Act, 2000, the SPDI Rules, and the Digital Personal Data Protection Act, 2023, along with internationally recognized data protection principles where relevant.
Such processing is undertaken on one or more of the following grounds:
- Contractual necessity, where processing is required to create, manage, and fulfill obligations arising from the use of the Platform.
- Legal obligation, where processing is necessary to comply with applicable laws, regulatory requirements, taxation, audit, or law enforcement requests.
- Legitimate interests, where processing is essential for business operations including fraud prevention, platform security, risk management, analytics, and service improvement, provided such interests do not override user rights.
- Consent, where explicitly obtained from Users for specific purposes such as marketing, location tracking, or sensitive data processing, with the right to withdraw at any time.
The Company ensures that all processing activities are fair, proportionate, and purpose-driven, supported by appropriate safeguards, transparency mechanisms, and user controls.
7. Data Sharing & Disclosure
The Company may share, transfer, or disclose Personal Data only to the extent necessary for legitimate business purposes, service delivery, and legal compliance, and strictly in accordance with applicable laws.
- Between Users (Customers and Captains) to facilitate service execution, including limited identity, contact, and trip-related information.
- With trusted third-party service providers such as payment gateways, cloud providers, analytics tools, and verification vendors under strict confidentiality obligations.
- With affiliates, subsidiaries, and investors for operational or administrative purposes under strict safeguards.
- With government authorities or regulators where required by law or to protect rights, safety, and security.
The Company may also disclose data in connection with mergers, acquisitions, restructuring, or asset transfers, subject to confidentiality and data protection safeguards.
Under no circumstances does the Company sell Personal Data in an unauthorized manner. All sharing follows strict data minimization and security standards.
8. Location Data & Tracking Transparency
The Company collects and processes location data, including approximate and precise GPS information, solely for legitimate operational purposes such as service matching, navigation, route optimization, trip tracking, safety monitoring, fraud prevention, and dispute resolution.
Location data may be collected in real-time during active services and, where permitted, in the background to enhance reliability and safety.
Users retain full control over location permissions through device settings; however, disabling location access may limit Platform functionality.
The Company ensures strict data minimization, purpose limitation, and security safeguards. Location data is retained only as long as necessary and is never used for unauthorized tracking.
Robust technical and organizational measures are implemented to prevent misuse, unauthorized access, or unlawful surveillance, ensuring compliance, privacy, and trust.
9. Cookies & Tracking Technologies
The Company uses cookies, SDKs, pixels, and similar tracking technologies on its Platform to enable essential functionalities, enhance user experience, analyze performance, and support security and fraud prevention.
These technologies may collect information such as device identifiers, browser type, IP address, usage patterns, and interaction data to facilitate authentication, remember user preferences, measure service effectiveness, and improve product performance.
Where permitted by applicable law, such data may also be used for analytics, personalization, and limited marketing purposes, subject to appropriate user controls and consent mechanisms where required.
Users are provided with options to manage or disable cookies through device or browser settings; however, certain essential cookies may be required for core Platform functionality.
Third-party service providers may also use similar technologies on behalf of the Company under strict contractual obligations relating to confidentiality, data protection, and lawful processing.
10. Data Retention Policy
The Company retains Personal Data only for as long as is necessary, proportionate, and legally permissible to fulfill the purposes for which it was collected, including service delivery, contractual obligations, safety and fraud prevention, dispute resolution, and business operations.
Retention periods are determined based on the nature of the data, purpose of processing, and applicable legal requirements.
Core account and transaction data may be retained for the duration of the User’s relationship with the Platform and for a defined period thereafter for legal or audit purposes.
Where Personal Data is no longer required, the Company ensures secure deletion, anonymization, or irreversible de-identification.
The Company may retain certain data where required for legal compliance, fraud prevention, dispute resolution, or protection of Platform integrity.
11. User Rights
The Company is committed to ensuring transparency, fairness, and accountability in its data processing practices and provides Users with certain rights in relation to their Personal Data.
Users may have the right to access, review, and obtain a copy of their Personal Data, request correction of inaccurate data, request deletion, withdraw consent, and opt out of non-essential communications.
Users may also request restriction or objection to certain types of processing where permitted by law.
The Company may decline or limit requests where processing is required for legal compliance, fraud prevention, enforcement of rights, or public interest.
Requests are handled through secure, verifiable, and auditable processes while maintaining platform integrity and compliance.
12. Data Security Measures
The Company implements robust technical and organizational security measures to protect Personal Data against unauthorized access, misuse, loss, alteration, or disclosure.
Security measures include encryption (in transit and at rest), secure cloud infrastructure, firewalls, access control systems, multi-factor authentication, and continuous monitoring.
The Company follows secure development practices, regular vulnerability assessments, penetration testing, and periodic security audits.
Access to Personal Data is restricted to authorized personnel and service providers under strict confidentiality obligations.
In case of a data breach, the Company will take prompt action including investigation, mitigation, and notification as required by law.
12. Automated Decision-Making
The Company uses automated systems, algorithms, and AI technologies to enable efficient Platform operations including ride matching, pricing, route optimization, fraud detection, and analytics.
These systems operate based on predefined logic and evolving data models using inputs such as location, demand, and usage patterns.
The Company ensures fairness, transparency, and safeguards, including human oversight where decisions may significantly impact Users.
Users may request clarification or review of certain automated outcomes where applicable.
13. Cross-Border Data Transfers
The Company may transfer Personal Data across jurisdictions, including outside India, to support global operations, analytics, and infrastructure.
Such transfers are conducted with appropriate safeguards including contractual protections, confidentiality obligations, and security controls.
By using the Platform, Users acknowledge and consent to such transfers where required.
The Company ensures compliance with applicable laws and global data protection standards.
14. Third-Party Services Disclaimer
The Platform may include third-party services such as payment gateways, mapping tools, analytics providers, and verification vendors.
The Company does not control and is not responsible for the privacy practices or operations of such third parties.
Interactions with third-party services are governed by their respective policies and terms.
The Company undertakes reasonable due diligence but disclaims liability for third-party actions except where required by law.
15. Children’s Privacy
The Platform is intended only for individuals legally competent to enter into binding contracts and does not knowingly collect data from minors.
Where required, collection of minor data shall be subject to parental or guardian consent.
If unauthorized minor data is identified, the Company will take steps to delete or restrict such data.
The Company discourages use of the Platform by minors and may request age verification where necessary governance and usr safety.
16. Incident Reporting & Safety Data
The Company may collect, process, and retain Personal Data in connection with incidents, safety concerns, complaints, disputes, accidents, or emergency situations arising from the use of the Platform.
Such data may include communication records, location data, trip details, identity information, photographs, audio/video recordings, and supporting evidence submitted by Users, Captains, or third parties.
This data is processed for purposes including incident investigation, dispute resolution, customer support, insurance facilitation, coordination with emergency services, and enforcement actions such as suspension or termination of accounts.
The Company may share relevant safety data with law enforcement authorities, regulators, insurance providers, or authorized entities where required by law or necessary to protect safety, rights, or property.
Strict access controls, confidentiality obligations, and secure handling procedures are maintained for such sensitive data, which is retained only for as long as necessary for investigation, compliance, or legal defense.
17. Data Breach & Security Incident Policy
The Company maintains a structured framework for identifying, managing, and responding to data breaches, security incidents, unauthorized access, or system vulnerabilities affecting Personal Data.
In the event of a confirmed or suspected breach, the Company will initiate response protocols including containment, impact assessment, root-cause analysis, mitigation, and system remediation.
Where required by law, affected Users and relevant authorities will be notified within prescribed timelines, including details of the incident and corrective actions taken.
The Company may engage cybersecurity experts, forensic investigators, and legal advisors to assist in incident handling and resolution.
All incidents are documented and reviewed to improve security systems, strengthen safeguards, and reduce future risks.
The Company implements continuous monitoring, audit mechanisms, and industry-standard controls to detect threats early and maintain platform security and operational integrity.
18. Policy Updates
The Company reserves the right to amend, modify, or update this Privacy Policy at its sole discretion from time to time to reflect changes in legal, regulatory, operational, technical, or business requirements.
Any material updates affecting how Personal Data is collected, used, or shared will be communicated to Users through in-app notifications, email, or prominent notices on the Platform.
Continued use of the Platform after such updates shall constitute acceptance of the revised Privacy Policy, as permitted under applicable law.
Where required, the Company will obtain fresh consent for material changes impacting previously collected data or processing activities.
Users are encouraged to review this Policy periodically to stay informed about how their data is handled.
19. Contact & Grievance Officer
The Company is committed to addressing concerns, complaints, or grievances relating to the processing of Personal Data in a transparent and timely manner.
Users may contact the designated Grievance Officer for issues related to privacy, data usage, rights requests, or security concerns.
The Grievance Officer is responsible for ensuring compliance with applicable laws and resolving data-related disputes and queries.
Complaints may be submitted via official email, contact form, or registered office address provided by the Company.
All grievances are handled through structured, auditable processes with proper escalation and resolution mechanisms.
20. Compliance Statement
The Company operates in full compliance with applicable data protection, privacy, and cybersecurity laws, including the Information Technology Act, 2000, SPDI Rules, and the Digital Personal Data Protection Act, 2023.
A privacy-by-design and security-by-default approach is adopted to ensure data protection principles such as transparency, purpose limitation, and data minimization are embedded into all systems.
Data processing activities are governed by legal bases, contractual safeguards, and internal governance mechanisms to ensure accountability and compliance.
Industry-standard technical and organizational measures are implemented to protect Personal Data from unauthorized access, misuse, or loss.
This compliance framework is continuously updated to align with evolving laws and best practices, ensuring operational integrity and user trust.