1.1 Swaraaj Solutions LLP ('Company', 'We', 'Us', 'Our') is the Data Fiduciary under the Digital Personal Data Protection Act, 2023 and the 'body corporate' under the IT Act, 2000, responsible for the collection, processing, and protection of your personal data.
1.2 This Privacy Policy is published in compliance with: (a) Section 43A of the IT Act, 2000; (b) IT (SPDI) Rules, 2011; (c) IT (Intermediary Guidelines) Rules, 2021; (d) DPDP Act, 2023; (e) Consumer Protection Act, 2019.
1.3 This Policy applies to all Users of the Platform — both Riders and Drivers.
Full name and mobile number (mandatory for registration)
Profile photograph (optional)
Unique Rider ID / Trip Linking Code (system-generated — this is the recommended identifier to share with Drivers)
Real-time GPS location (when app is in use for the Nearby Drivers feature)
Trip history linked to Rider ID
Driver ratings and feedback
Emergency contact information (optional)
Device information including FCM push notification token
CALL-RELATED DATA NOTE: When a Rider makes a direct voice call to a Driver using the Driver's phone number displayed in the App, the Rider's own phone number is transmitted to the Driver through standard telephony caller ID. This is NOT data collected by Swaraaj — it is a consequence of standard telephony and is fully disclosed in this Policy and in the Terms (Clause 6A).
Full name, mobile number, and date of birth
Profile photograph
Government ID / Aadhaar / PAN (KYC — classified as Sensitive Personal Data)
Driving licence number and expiry
Vehicle registration number, type, make, model, permit details, insurance certificate
Bank account / UPI details (Wallet operations — classified as Sensitive Personal Data)
Real-time GPS location (when Driver is online)
Call history log within the Platform (incoming Rider calls received — for Driver analytics only)
Wallet transaction history and trip history
Referral network data
Device information including FCM push token
DISPLAY NOTE: Driver's name, photograph, vehicle type, vehicle registration number, rating, and phone number are displayed to Riders in the Rider App solely for the Authorised Purpose (enabling Riders to choose and contact a Driver for a specific ride). By registering on the Platform, Drivers consent to this display for the Authorised Purpose.
IP address and approximate geolocation
Device/browser type, app version, log data
App usage analytics (aggregated/anonymised for Platform improvement)
Cookies on the website (see Cookie Policy)
3.1 The following Driver data constitutes SPDI under IT (SPDI) Rules, 2011: financial information (bank/UPI details); biometric data where applicable; Aadhaar number.
3.2 SPDI is collected only with explicit consent, used only for the purpose collected, not retained longer than necessary, not shared beyond this Policy, and secured per ISO 27001 or equivalent.
3.3 You may withdraw consent at any time by contacting privacy@swaraaj.co.in. Withdrawal may limit Platform functionality.
| PURPOSE | DETAILS |
|---|---|
| Account creation & verification | To register Users and prevent fraudulent accounts. |
| Platform functionality | To display nearby Drivers to Riders; to enable direct calling. |
| Driver Profile Display to Riders | Driver name, photo, vehicle, rating, phone displayed solely to enable Rider's voluntary contact decision for a specific ride (Authorised Purpose). |
| Trip Linking | To associate Riders with trips via Rider ID for safety. |
| Safety and security | To verify Driver credentials; enable ride sharing with emergency contacts; investigate complaints. |
| Third-party Document Genuineness Checks | To verify PAN, Aadhaar, RC, insurance, permit, and conduct court case screening via third-party APIs during Driver KYC — with Driver's explicit consent. See Section 10B. |
| Fleet Manager data sharing | To share Sub-Driver trip and earnings data with the assigned Fleet Manager, based on Sub-Driver's consent given upon vehicle assignment. See Section 10C. |
| Wallet management | To process top-ups, deduct fees, apply referral cashbacks. |
| Push notifications | Via Firebase Cloud Messaging for operational alerts. |
| Analytics | Aggregated/anonymised usage data for Platform improvement. |
| Legal compliance | To comply with Indian laws, court orders, and law enforcement requests. |
| Grievance resolution | To investigate and resolve User complaints including data misuse. |
| Anti-scraping enforcement | To detect, investigate, and take action against unauthorised data collection. |
| Marketing (with consent) | Promotional communications — only with explicit opt-in. |
5.1 We do NOT sell, rent, or trade your personal data to any third party for commercial purposes.
Rider's Trip Linking Code / Rider ID is shared with the chosen Driver for trip validation.
Driver's name, vehicle type, rating, trip count, and phone number are displayed to Riders in the Rider App solely for the Authorised Purpose.
The Platform does not share Rider personal mobile numbers with Drivers — any such sharing occurs through standard telephony caller ID (when Rider initiates a call) or by the Rider's own voluntary act, both of which are beyond the Company's control and are governed by Terms Clauses 6A and 18.
Payment Processing: Razorpay — for Wallet top-ups and payment transactions. Razorpay's Privacy Policy governs their handling of payment data. The Company does not store full payment card details.
Push Notifications: Google Firebase Cloud Messaging (FCM) — for operational notifications. Google's Privacy Policy applies.
Cloud / Hosting Infrastructure: Under appropriate data processing agreements with service providers.
Third-Party Verification APIs — Driver Onboarding: The Company uses the following categories of third-party APIs to verify documents submitted by Drivers during KYC and registration. By registering as a Driver, you consent to your submitted document data being shared with these services for verification purposes:
| API / Verification Type | Data Shared With API | Purpose | What It Confirms |
|---|---|---|---|
| PAN Card Verification API | PAN number, name | Confirm PAN exists and is active in Income Tax database | Document genuineness only — not ownership or identity proof |
| Aadhaar Verification API (UIDAI-compliant) | Aadhaar number (masked/tokenised per UIDAI norms) | Confirm Aadhaar exists in UIDAI database | Document genuineness only — full Aadhaar data is not stored |
| Vehicle RC Verification API (Vahan/RTO) | Vehicle registration number | Confirm RC exists and is valid in Vahan database | Document genuineness and registration status only — NOT vehicle ownership |
| Motor Insurance Verification API | Insurance policy number, vehicle registration number | Confirm insurance policy is valid and current | Policy existence and validity period only |
| Commercial Permit Verification API | Permit number, vehicle registration number | Confirm commercial vehicle permit is valid | Permit existence and validity only |
| Court Case / Criminal Record Screening API | Driver name, date of birth, ID details | Screen for pending or past court cases or criminal records in publicly available judicial databases | Presence of records in screened databases only — NOT an official police clearance certificate |
Important Limitation: All API results are third-party outputs from external databases. The Company does not control the accuracy, currency, or completeness of these databases. Results are used as inputs into onboarding decisions — not as conclusive legal or ownership determinations. See Terms Clause 6D for full disclaimer.
Data Minimisation: Only the minimum necessary data is shared with each Verification API for the specific verification purpose. API response data (the result/status) is stored in the Driver's KYC record. The underlying document data is processed as per the API provider's own data processing terms.
We may disclose personal data to authorities as required by law, court order, or police request. Importantly: where a Rider or Driver's contact data is misused by the other party, and a valid police/court request is received, Swaraaj will provide the offending party's registered Platform details to assist investigation. This is cooperation with law enforcement, not a privacy breach by Swaraaj.
5A.1 WHAT DATA IS SHARED THROUGH DIRECT COMMUNICATION: When a Rider initiates a call to a Driver using the Driver's phone number displayed in the Rider App, the following data exchange occurs:
| Data Item | How Shared / Swaraaj's Role |
|---|---|
| Driver's phone number | Displayed in Rider App by Swaraaj for Authorised Purpose. Rider accesses voluntarily. |
| Rider's phone number | Transmitted by telephony network as caller ID when Rider dials Driver. NOT disclosed by Swaraaj. |
| Rider's Rider ID / Trip Linking Code | Shared by Rider with Driver during conversation. Rider-initiated. Swaraaj's recommended method. |
| Rider's personal mobile number | Shared ONLY if Rider voluntarily chooses to tell Driver. Not disclosed by Swaraaj. Rider's own act. |
| Call content (conversation) | Not recorded, monitored, or accessed by Swaraaj. Private between parties. |
| Call timestamp / duration | Logged in Driver's in-app call history for Driver analytics. Not shared with third parties. |
5A.2 SWARAAJ'S ROLE IN DIRECT COMMUNICATION — STRICTLY LIMITED: Swaraaj's role in Direct Communication is limited to: (a) displaying the Driver's phone number in the Rider App for the Authorised Purpose; (b) logging call timestamps in the Driver's in-app call history for the Driver's own use. Swaraaj does NOT: record calls, monitor conversations, share call content, or have access to what is communicated between Rider and Driver.
5A.3 PHONE NUMBER VISIBILITY — FULL DISCLOSURE: Swaraaj hereby fully and expressly discloses that:
The Platform's design involves Riders directly calling Drivers using real phone numbers.
This means the Rider's phone number will be visible to the Driver through telephony caller ID when the Rider makes the call. This is a known, inherent, and disclosed feature of the Platform — not an accidental data leak.
Swaraaj does not have the technical ability to suppress caller ID through external telephony networks.
Users who do not wish their phone number to be visible may use network-level caller ID suppression features (e.g., dialling *31# or #31# before the number on many Indian networks) before making the call.
5A.4 SWARAAJ IS NOT THE DATA SHARER: In all cases of Direct Communication, Swaraaj is not the entity sharing personal contact data. The Rider's phone number is shared by the telephony network through standard caller ID functionality — not by Swaraaj. The Driver's phone number is displayed for the Authorised Purpose with the Driver's consent. Any claim that Swaraaj 'disclosed' a User's phone number is factually and legally inaccurate.
5B.1 EXPRESS INFORMED CONSENT: By registering on and using the Swaraaj Platform, each User gives their free, specific, informed, and unambiguous consent (as required under the DPDP Act, 2023) to the following:
RIDER'S CONSENT: I understand and consent that when I call a Driver using the phone number displayed in the Swaraaj Rider App, my own mobile number will appear on the Driver's device through standard caller ID. I understand this is an inherent feature of telephone technology and not a disclosure by Swaraaj. I consent to this as a condition of using the Platform's direct-call feature.
DRIVER'S CONSENT: I understand and consent that my mobile number will be displayed to Riders in the Swaraaj Rider App so that Riders can contact me for the purpose of arranging rides. I consent to this display for the Authorised Purpose. I understand that Riders must not use my number for any purpose beyond the Authorised Purpose, and that violation is their personal liability.
5B.2 SCOPE OF CONSENT — CLEARLY DEFINED: The consents given above are: (a) specifically scoped to the Authorised Purpose; (b) proportionate to the Platform's legitimate function; (c) subject to the obligation on the other party to use contact details only for the Authorised Purpose; (d) revocable — a Driver may request removal of their phone number from the Platform by deactivating their account.
5B.3 NO SWARAAJ LIABILITY ARISING FROM CONSENTED DISCLOSURE: Since phone number visibility in Direct Communication is a fully disclosed and consented feature of the Platform, no User may bring any claim against Swaraaj on the basis of:
Their phone number being seen by the other party during a call they initiated or received.
Any event arising from the other party's knowledge of their phone number — as the correct remedy is against that party personally.
5C.1 RIDER ID IS THE RECOMMENDED IDENTIFIER: The Swaraaj Platform provides every Rider with a unique Rider ID / Trip Linking Code specifically so that Riders can identify themselves to Drivers without sharing their personal mobile number. Using the Rider ID is the Platform's recommended, privacy-protective practice.
5C.2 VOLUNTARY DISCLOSURE IS RIDER'S OWN ACT: Some Riders may, at their own discretion, choose to share their personal mobile number with a Driver in addition to or instead of their Rider ID. The Company expressly notes that:
This is entirely the Rider's own voluntary choice — it is NOT required, requested, or encouraged by Swaraaj.
Swaraaj specifically recommends using the Rider ID instead of a personal mobile number.
A Rider who voluntarily shares their personal mobile number accepts full and sole responsibility for any consequences of that disclosure.
Swaraaj is entirely absolved of any responsibility for events arising from a Rider's voluntary personal mobile number disclosure to a Driver.
5C.3 IN-APP GUIDANCE: Swaraaj will display in-app guidance to Riders recommending use of the Rider ID / Trip Linking Code as the preferred and privacy-safe identification method. This guidance serves as further notice to Riders of the privacy implications of sharing personal contact information.
5C.4 DRIVER'S OBLIGATION ON RECEIPT OF VOLUNTARY DISCLOSURE: Even if a Rider voluntarily shares their personal mobile number, the Driver is bound by Terms Clause 18.3 — the Driver must not save, store, or use the Rider's number beyond the specific current ride. Violation is the Driver's personal liability.
6.1 We retain personal data only as long as necessary for the purpose or as required by law.
| DATA TYPE | RETENTION PERIOD |
|---|---|
| Active account data | Duration of activity + 3 years after last login. |
| Transaction / Wallet records | 8 years (accounting and tax law compliance). |
| KYC documents (Drivers) | Duration of registration + 5 years. |
| Verification API results (PAN, RC, Insurance, Permit) | Duration of registration + 5 years from last check/renewal. |
| Court case screening results | Duration of registration + 3 years from last check. Result status only — not detailed case records. |
| Fleet Manager — Sub-Driver trip data | Accessible to Fleet Manager for duration of vehicle assignment. Archived (Fleet Manager access removed) on unassignment. Retained in Company systems per standard trip history retention (3 years). |
| Trip history | 3 years. |
| In-app call logs (timestamps only) | 90 days, then anonymised/deleted. |
| Dispute/complaint records | 5 years from resolution. |
| Scraping investigation records | 7 years from detection (for potential litigation purposes). |
| Deleted account data | Anonymised/deleted within 90 days, except where legally required. |
7.1 Under the DPDP Act, 2023 and IT Rules, you have the following rights:
Right to Access: Obtain a summary of personal data held by us.
Right to Correction: Correct inaccurate personal data.
Right to Erasure: Request deletion where data is no longer necessary, subject to legal retention requirements.
Right to Grievance Redressal: Have grievances addressed within legally prescribed timelines.
Right to Nominate: Nominate someone to exercise rights on your behalf.
Right to Withdraw Consent: Withdraw consent for non-essential processing.
RIGHT TO REPORT CONTACT DATA MISUSE (NEW): If your phone number or contact information obtained through the Platform is misused by another User, you have the right to: (a) file a complaint with Swaraaj at safety@swaraaj.co.in; (b) request Swaraaj to assist law enforcement by providing the offending User's registered details upon a valid police/court request; (c) pursue the offending User directly under the DPDP Act, IPC, and IT Act.
RIGHT TO REPORT SCRAPING (NEW): If you believe your personal data (particularly Driver Profile Data) has been scraped or collected from the Platform without authorisation, you have the right to report this to Swaraaj at privacy@swaraaj.co.in, and Swaraaj will investigate and take appropriate action.
7.2 Submit rights requests to:privacy@swaraaj.co.in. Identity verification required. Response within 30 days.
8.1 We implement reasonable security practices under Section 43A IT Act and SPDI Rules, including encryption in transit and at rest, access controls, regular audits, and employee training.
8.2 ANTI-SCRAPING TECHNICAL MEASURES: The Company implements technical security measures specifically to protect against unauthorised data collection from the Platform, including rate limiting, bot detection, behavioural analytics, and access controls on the Rider App. These are implemented to protect Driver personal data displayed on the Platform.
8.3 No electronic transmission or storage is 100% secure. The Company cannot guarantee absolute security.
8.4 DATA BREACH NOTIFICATION: In the event of a personal data breach likely to cause high risk, the Company will notify affected Users and the Data Protection Board of India within legally prescribed timelines.
9.1 Driver location is collected when the Driver is online (positive Wallet balance and logged in) to display the Driver's position to nearby Riders.
9.2 Rider location is accessed when the Rider uses the 'Nearby Drivers' feature.
9.3 Location data is NOT continuously tracked in the background. You may revoke location permissions through device settings, which will disable core features.
9.4 Precise location data is not shared with third parties beyond Platform operations.
10.1 The website swaraaj.co.in uses essential, analytics, and preference cookies. You may control cookies through your browser. The mobile apps do not use browser cookies.
10A.1 DRIVER DATA IS PERSONAL DATA OF DATA PRINCIPALS: Driver Profile Data displayed on the Rider App — including Driver name, photograph, vehicle number, and phone number — constitutes the personal data of real individuals (the Drivers). Any person who systematically collects this data without the Drivers' consent is acting in violation of the DPDP Act, 2023, which requires a valid lawful basis for collecting any personal data.
10A.2 SWARAAJ'S ROLE IN PROTECTING DRIVER DATA FROM SCRAPING: The Company:
Implements technical measures to detect and prevent automated or systematic data collection from the Platform.
Maintains the right to investigate and terminate accounts engaged in scraping activity.
Will pursue civil and criminal remedies against parties who scrape Driver personal data from the Platform.
Will assist Drivers in exercising their rights under the DPDP Act against parties who scraped their personal data.
10A.3 SWARAAJ'S DISCLAIMER REGARDING SCRAPED DATA: Notwithstanding the Company's technical and legal anti-scraping measures:
If a User or third party, in violation of these Terms and applicable law, successfully scrapes or collects Driver personal data from the Platform, any harm arising from such unlawful collection is the sole liability of the scraper — not of Swaraaj.
Swaraaj's liability for any misuse of Driver personal data collected through unauthorised scraping is expressly disclaimed. Swaraaj is the victim of such scraping, not the perpetrator.
Drivers who believe their data has been scraped should: report to privacy@swaraaj.co.in; file a complaint with the Data Protection Board of India (once operational); file a police complaint under IT Act S.43/S.66 against the scraper.
10A.4 LEGITIMATE USE OF DRIVER DATA ON THE PLATFORM: Driver data displayed on the Platform is available only for the Authorised Purpose — enabling Riders to make an informed choice about which Driver to contact for a specific ride. Any access to or use of this data beyond this purpose is unlawful and Swaraaj will take all available legal action.
As a technology platform that connects Riders with Drivers, the Company has a legitimate safety interest in verifying that Drivers who appear on the Platform have valid documentation. To facilitate this, the Company collects document details from Drivers during KYC and shares them with third-party Verification APIs for Document Genuineness Checks (as defined in Terms Clause 6D.2).
The legal basis for this processing under the DPDP Act, 2023 is: (a) the Driver's explicit consent given during registration; and (b) legitimate interest in maintaining Platform safety and regulatory compliance.
Court case and criminal record data constitutes sensitive personal information. The Company processes this data subject to the following specific safeguards:
| Verification Type | What Is Stored | What Is NOT Stored | Retention |
|---|---|---|---|
| PAN Verification | PAN number, verification status (verified/failed), date checked | Full IT database record | Duration of registration + 5 years |
| Aadhaar Verification | Verification status only (verified/failed). Aadhaar number stored in masked/tokenised form per UIDAI norms | Full Aadhaar data or biometrics | Duration of registration + 5 years |
| RC Verification | Vehicle registration number, RC verification status, RC validity date | Full Vahan database record | Duration of registration + 5 years |
| Insurance Verification | Policy number, verification status, expiry date | Full policy details | Duration of registration + 5 years (updated on renewal) |
| Permit Verification | Permit number, verification status, expiry date | Full permit details | Duration of registration + 5 years |
| Court Case Screening | Screening result status (clear/flagged/referred), date screened | Detailed case records or case numbers | Duration of registration + 3 years from last check |
Under the DPDP Act, 2023, Drivers have the following specific rights in connection with Verification API data:
Each Verification API provider operates under their own privacy policy and data processing terms. The Company selects API providers who are compliant with applicable Indian data protection laws and has appropriate data processing agreements in place with them. Drivers may request the names of specific API providers used by contacting privacy@swaraaj.co.in.
A Fleet Manager who has assigned a vehicle to a Sub-Driver through the Platform can access the following data about that Sub-Driver, limited to trips on the assigned vehicle:
Fleet Managers cannot access: the Sub-Driver's personal contact details (phone number beyond what is in the assigned Driver profile), the Sub-Driver's KYC documents, the Sub-Driver's interactions with Riders beyond trip records, or any data relating to trips on vehicles not assigned to the Fleet Manager.
Sub-Driver Consent: By accepting a vehicle assignment from a Fleet Manager, the Sub-Driver freely and specifically consents to Fleet Manager access as described in Section 10C.1. This consent is a condition of participating in the Fleet Manager feature.
Withdrawal of Consent: A Sub-Driver may withdraw consent at any time by requesting removal of the vehicle assignment from the Fleet Manager's account. Upon removal, the Fleet Manager's access to future data on that vehicle ceases. Historical data already accessed by the Fleet Manager prior to unassignment remains with the Fleet Manager — the Company cannot retroactively erase data already viewed.
Dispute Regarding Data Misuse: If a Sub-Driver believes a Fleet Manager has misused their trip data in violation of Terms Clause 6F.5, they may report this to privacy@swaraaj.co.in. The Company will investigate and may terminate the Fleet Manager's access to the Platform. However, any remedy for commercial harm arising from data misuse lies against the Fleet Manager personally — not against the Company.
Fleet Managers who access Sub-Driver data are themselves Data Fiduciaries in respect of that data under the DPDP Act, 2023, to the extent they control its use. Fleet Managers are responsible for: (a) using Sub-Driver data only for fleet management purposes; (b) not sharing Sub-Driver trip or earnings data with unauthorised third parties; (c) maintaining appropriate security for any Sub-Driver data they extract or store outside the Platform; (d) complying with all applicable data protection laws in respect of Sub-Driver data they access.
In the Fleet Manager context, the Company acts as a technology intermediary facilitating authorised data sharing between a Fleet Manager and Sub-Driver, based on the Sub-Driver's consent. The Company does not sell, monetise, or share Fleet Manager or Sub-Driver data with any third party beyond the service providers listed in Section 5.3. The Company's liability for Fleet Manager data access is expressly disclaimed under Terms Clause 6F.6.
11.1 The Platform is not for individuals under 18. Contact privacy@swaraaj.co.in if you believe a minor has registered.
12.1 The Platform may link to third-party services. Swaraaj is not responsible for their privacy practices.
13.1 Data is primarily stored in India. Where processed outside India (e.g., Firebase), transfer occurs subject to adequate protection or standard contractual clauses per the DPDP Act, 2023.
14.1 The Company has appointed a Privacy Grievance Officer per IT Act 2000, IT Rules 2011 & 2021, and DPDP Act, 2023:
Privacy Grievance Officer — Swaraaj Solutions LLP
Address: Pune, Maharashtra, India — 411001
General Privacy: privacy@swaraaj.co.in
Safety / Contact Misuse: safety@swaraaj.co.in
Grievance: grievance@swaraaj.co.in
Website: www.swaraaj.co.in
Response: Acknowledgement within 48 hours; Resolution within 30 days per IT Rules, 2021.
15.1 This Policy may be updated to reflect legal changes or Platform updates. Material changes notified 15 days in advance. Continued use constitutes acceptance.
CONSENT AND ACKNOWLEDGMENT
By using the Swaraaj Platform, you freely and specifically consent to: (1) the display of Driver Profile Data to Riders for the Authorised Purpose; (2) the inherent phone number visibility through caller ID in direct voice calls as fully disclosed in Sections 5A and 5B; (3) the Rider ID being the recommended identification method; (4) the Company's anti-scraping measures and legal enforcement rights under Section 10A; (5) if you are a Driver — the Document Genuineness Checks performed through third-party Verification APIs as disclosed in Section 5.3 and Section 10B, including court case screening; (6) if you are a Fleet Manager — that Sub-Driver trip data accessed by you is subject to the obligations in Section 10C.3; (7) if you are a Sub-Driver accepting a vehicle assignment — that your trip and earnings data for the assigned vehicle will be accessible to the Fleet Manager as disclosed in Section 10C. You acknowledge having read this Privacy Policy in its entirety.
Swaraaj Solutions LLP | Pune, Maharashtra | www.swaraaj.co.in | privacy@swaraaj.co.in
