Privacy Policy

Last updated: 1 February 2026

1. Data Controller

Dartt Ltd ("we", "us", "our") is the data controller for personal data processed through the Dartt platform. We are registered with the UK Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following categories of personal data:

• Identity data: Name, phone number, email address, profile photo
• Location data: GPS coordinates during rides, pickup and drop-off addresses
• Payment data: Payment card details (processed by Stripe), transaction history
• Communication data: In-app chat messages, support tickets, dispute records
• Usage data: App interactions, ride history, ratings, preferences
• Device data: IP address, browser type, operating system, device identifiers
• Driver-specific data: Driving licence, vehicle details, insurance documents, background check results

3. Legal Basis for Processing

We process your data under the following legal bases:

• Contract: To provide the ride marketplace service you have requested
• Legitimate interests: To improve our services, prevent fraud, and ensure platform safety
• Legal obligation: To comply with tax, transport licensing, and law enforcement requirements
• Consent: For marketing communications and non-essential cookies (you may withdraw consent at any time)

4. How We Use Your Data

• Matching passengers with drivers and facilitating rides
• Processing payments, refunds, and driver payouts
• Verifying driver licences, insurance, and conducting background checks
• Providing real-time ride tracking and ETAs
• Operating safety features (SOS alerts, trip sharing, emergency contacts)
• Handling support tickets, disputes, and complaints
• Generating ride receipts, earnings reports, and tax summaries
• Detecting and preventing fraud
• Analysing platform usage to improve our services
• Sending service notifications (ride updates, payment confirmations)

5. Data Sharing

We share your data with:

• Other users: Your name and rating are shared with the other party during rides
• Payment processors: Stripe processes payment data under their own privacy policy
• SMS/email providers: Twilio and SendGrid deliver notifications on our behalf
• Monitoring services: Sentry receives anonymised error reports for service reliability
• Law enforcement: When required by law, court order, or to protect safety

We do not sell your personal data to third parties.

6. Data Retention

We retain your data for the following periods:

• Account data: For the duration of your account, plus 30 days after deletion
• Ride history: 3 years (for dispute resolution and regulatory compliance)
• GPS/location tracks: 90 days after ride completion
• Chat messages: 1 year after the ride
• Payment records: 7 years (HMRC requirement)
• Driver documents: Duration of account plus 1 year
• Support tickets: 2 years after resolution
• Fraud detection logs: 5 years

Our automated data retention system purges data beyond these periods. You may request earlier deletion where it does not conflict with legal obligations.

7. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data (Settings > Export My Data)
• Rectification: Correct inaccurate data via your profile
• Erasure: Delete your account and data (Settings > Delete Account)
• Restriction: Request we limit processing of your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw consent: For consent-based processing, at any time

To exercise these rights, use the in-app tools or contact privacy@dartt.uk. We will respond within 30 days.

8. Cookies & Tracking

We use essential cookies for authentication and session management. Analytics cookies are only used with your consent. You can manage your cookie preferences through the cookie consent banner or in Settings.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), secure password hashing (bcrypt), access controls, and regular security reviews. Payment data is handled by Stripe, a PCI DSS Level 1 certified processor.

10. International Transfers

Your data is primarily processed within the UK and EEA. Where data is transferred outside this area (e.g. to service providers), we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

11. Children's Privacy

The Service is not intended for persons under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via in-app notification or email. The "last updated" date at the top indicates when the policy was last revised.

13. Contact & Complaints

For privacy inquiries, contact our Data Protection Officer at privacy@dartt.uk. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.