Privacy Policy
This Privacy Policy explains how Ride In Sync ("we", "us", or "our") collects, uses, and protects information when you use our mobile application and website (collectively, the "Service").
1. Information We Collect
We collect only the data necessary to provide the core ride-sharing features:
- Account information — your email address and display name, collected when you register. Passwords are stored as a bcrypt hash and are never stored in plain text.
- Location data — real-time GPS coordinates while a ride session is active. Location is streamed to other participants in your session only and is never stored on our servers after transmission.
- Push notification token — a Firebase Cloud Messaging (FCM) device token used to deliver ride invites, break signals, and ride-end alerts to your device.
- Authentication tokens — JWT access and refresh tokens stored in encrypted secure storage on your device to keep you signed in between sessions.
- Camera (QR scanning) — camera access is used exclusively to scan a ride session QR code. No image or video is stored or transmitted; scanning happens entirely on-device.
- Ride session data — session codes and participant lists, retained only while a session is active and cleaned up after the ride ends.
2. Device Permissions
- Location (fine & coarse) — precise GPS coordinates shared with your ride group in real time during an active session.
- Background location — continues sharing your position when the app is in the background so your group is never left without your location mid-ride.
- Camera — used only to scan QR codes to join a ride session. No images are captured, stored, or transmitted.
- Notifications — for ride invitations, break requests, and ride-end alerts via Firebase Cloud Messaging.
- Internet — required for authentication, real-time location sharing via WebSocket, and push notifications.
3. How We Use Your Information
- To authenticate your account and maintain secure sessions.
- To provide real-time location sharing within your ride group during an active session.
- To send push notifications for ride coordination (invites, breaks, ride end).
- To support email verification and password reset flows.
We do not use your data for advertising, analytics, or profiling, and we do not sell your data to any third party.
4. Third-Party Services
- Firebase Cloud Messaging (Google) — used to deliver push notifications. Your device token is sent to FCM to route notifications. See the Firebase Privacy Policy.
- OpenStreetMap — map tiles displayed in-app are fetched from OpenStreetMap tile servers. No personally identifiable data is sent. See the OSM Privacy Policy.
No analytics, advertising, or other tracking SDKs are included in this app.
5. Data Sharing
Your data is shared only in these limited circumstances:
- Within your ride session — your display name and real-time GPS coordinates are visible to other participants in the same session you have joined or created.
- Legal requirements — if required by law, court order, or to protect the rights and safety of users.
We never sell, rent, or share your data with advertisers or marketing companies.
6. Data Retention
- Account data (email, display name) — retained while your account is active. Deleting your account removes all associated data.
- GPS location — never persisted. Coordinates are streamed in real time and discarded immediately.
- Ride session data — retained only while the session is active and cleaned up after the ride ends.
- FCM tokens — updated on login and removed when you log out or delete your account.
7. Security
We take the security of your data seriously. Passwords are hashed using bcrypt. Authentication uses short-lived JWT access tokens paired with refresh tokens, stored in device-level encrypted secure storage. All network communication uses HTTPS and encrypted WebSocket (WSS). QR code scanning happens entirely on-device — no camera frames are ever transmitted.
8. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal data, please contact us and we will delete it promptly.
9. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data, or to withdraw consent for specific data processing (e.g. revoking location or camera permission via device settings). Contact us at teamrideinsync@gmail.com to exercise these rights.
10. Changes to This Policy
We may update this policy from time to time. We will update the "Last updated" date above and, where appropriate, notify users via the app or email. Continued use of the Service after changes constitutes acceptance.
11. Contact
Questions about this policy? Reach us at teamrideinsync@gmail.com.