Privacy Policy
Last updated: 28 June 2026
1. Who we are
Upstart Forge Limited, trading as FairTaxi (registered business name RBN 786959), a private company limited by shares incorporated in Ireland on 28 May 2026 (company number 817002), registered office at 22 Drumnigh Wood, Portmarnock, Co Dublin, D13 P652, VAT number IE 4744030VH, holder of National Transport Authority (NTA) dispatch operator licence DH12674 (“FairTaxi”, “we”, “us”, “our”). Contact: complaints@fairtaxi.ie (general/complaints), privacy@fairtaxi.ie (privacy enquiries), support@fairtaxi.ie (support), +353 89 965 3357.
We operate a ride‑hailing platform connecting Riders and independent Drivers. We are the data controller for the personal data described in this policy.
We are not required to appoint, and have not appointed, a statutory data protection officer under Article 37 GDPR. For any privacy enquiry or to exercise your rights, contact our privacy contact at privacy@fairtaxi.ie.
2. What data we collect
We collect personal data from Riders and Drivers as follows.
2.1 Rider data
- Identity and contact: mobile phone number (verified by OTP), first name (optional), email address (optional, for receipts).
- Payment data: we do not store full card numbers. We access the last 4 digits and card brand via Stripe for display in the App.
- Ride data: pickup and destination addresses, route, trip times, fare amount, payment method.
- Location: while using the App for a ride or when location services are active, we collect precise GPS location.
- Dispute materials: photos and messages you submit through the dispute feature.
- Diagnostic logs: if you choose “Send diagnostic logs to support”, we receive logs that may contain technical device information.
- Safety data: if you use the emergency button or share trip, we process the associated signals and contact information.
2.2 Driver data
In addition to the above categories (where applicable to Drivers), we also collect:
- Full name, email address, mobile phone number (verified by OTP).
- SPSV driver’s licence number, and copies of:
- PSV driver licence document,
- Vehicle PSV licence,
- Motor insurance certificate,
- NCT certificate,
- Garda Vetting clearance evidence.
- Subscription payment details: we process subscription payments via Stripe; we do not store full card numbers.
3. How we use your data, and our lawful bases
We process personal data only where we have a lawful basis under GDPR:
| Purpose | Lawful basis |
|---|---|
| Providing the platform (matching Riders and Drivers, enabling ride booking, facilitating ride payments via Stripe Connect direct charges) | Performance of a contract (Rider Terms / Driver Terms) |
| Verifying Driver documents and monitoring expiry | Legal obligation (NTA regulations, Taxi Regulation Act 2013) and legitimate interest in ensuring platform safety |
| Collecting Driver subscription fees | Performance of a contract |
| Safety features (emergency button, trip sharing) | Legitimate interest in protecting users and providing safety tools |
| Customer support and dispute resolution | Legitimate interest in platform integrity and user satisfaction |
| Sending service-related messages (booking confirmations, receipts, account notices) | Performance of a contract |
| Analytics and app improvement (Firebase Analytics) | Consent (where required) for analytics; legitimate interest for crash reporting |
| Marketing communications | Consent (where required); you may opt out at any time |
| Compliance with legal obligations (tax, law enforcement requests) | Legal obligation |
| Defending legal claims | Legitimate interest in protecting our rights |
Where we rely on legitimate interests, the interests we actually rely on are: maintaining platform safety and integrity, preventing and detecting fraud and abuse, establishing, exercising or defending legal claims, and improving our service. We balance these interests against your rights and only rely on them where they are not overridden by those rights.
4. Whether you must provide data
Providing your identity, phone number and (where you pay by card) payment data is a contractual requirement: it is necessary to create an account and use the service, and without it we cannot provide the platform to you. For Drivers, providing licensing and vehicle documents is both a contractual requirement and a statutory or regulatory requirement under NTA rules and the Taxi Regulation Act 2013; if you do not provide them we cannot verify your eligibility or grant dispatch access.
5. How long we keep data
- Ride history: stored for as long as your account remains active. Upon account closure, ride history is anonymised or deleted after 7 years from the last ride (to satisfy potential legal claims and audit requirements).
- Driver documents: kept during the period the Driver is active, and for 7 years after the last trip for compliance with record‑keeping obligations.
- Diagnostic logs: retained for a maximum of 90 days.
- Audit logs (system events): 7 years.
- Payment metadata (last 4 digits): for 7 years after the associated transaction, in line with financial record‑keeping requirements.
- Location data: stored as part of ride history (same retention as ride history). Background location signals may be processed in real time but not retained as a separate permanent log beyond the ride record.
- Dispute photos: kept for the duration of the dispute and then for 2 years after resolution to address any subsequent complaint.
6. Who we share your data with
We use carefully selected third‑party processors, all contractually bound to process data only on our instructions:
- Stripe - payment processing. Ride fare payments are processed as direct charges on the Driver’s Stripe Connect account (the Driver is the merchant of record). Driver subscription payments are processed on FairTaxi’s Stripe account (FairTaxi is the merchant of record). Stripe acts as a data processor for our purposes; for ride transactions they also act as a controller for their own compliance. Data is stored in the EU and, where Stripe transfers data outside the EEA, they rely on Standard Contractual Clauses (SCCs).
- Twilio - SMS for OTP verification and safety notifications. Twilio processes SMS data and may transfer it to the United States; transfers are covered by the EU Standard Contractual Clauses (SCCs).
- Firebase / Google - authentication, analytics, crash reporting, push notifications. Data is processed in the EU and under Google’s SCCs where applicable.
- Cloudflare - DNS, CDN, and cookieless web analytics for our marketing website. Cloudflare processes minimal data (e.g. IP addresses) for security and performance; their analytics do not use cookies or collect personal data.
- Amazon Web Services (AWS) - hosting. All personal data is stored in Amazon Web Services (AWS), eu-west-1 (Ireland).
We may also share data when required by law or to enforce our Terms, including with the NTA, An Garda Síochána, or other regulators.
Safety incident notification currently uses a generic webhook to our safety team; a dedicated incident-paging processor (PagerDuty) is planned but not yet active. We will update this policy before activating it.
When a Driver uses the App’s in-App “Navigate” feature, the pickup or destination of the current ride is passed to the third-party navigation app the Driver chooses (for example Google Maps or Waze, or the app the device selects). Those apps are independent controllers, not our processors: their handling of that location is governed by their own privacy policies, and we pass them only the coordinates needed to route the trip, never Rider identity.
7. International transfers
We do not routinely transfer personal data outside the European Economic Area (EEA). Where processors transfer data internationally (e.g. Twilio, Stripe), we ensure adequate safeguards are in place, typically the EU Standard Contractual Clauses, and we carry out transfer impact assessments as required. Please contact our privacy contact at privacy@fairtaxi.ie for more information.
8. Automated decision-making and profiling
We do not make solely-automated decisions that produce legal effects concerning you, or similarly significantly affect you, without human review. Ride-matching and our fraud and mock-location detection are automated signals, but any adverse outcome (for example reversing a fee or suspending an account) involves human review under our dispute process before it takes effect. We do not profile you for marketing purposes.
9. Security of your data
We apply technical and organisational measures appropriate to the risk, including encryption of data in transit and at rest, access controls on a least-privilege basis, and hosting in AWS eu-west-1 (Ireland). If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission, and affected users where required, in line with our legal obligations.
10. Children
The service is not directed at, and is not intended for, anyone under 18. We do not knowingly collect personal data from children. Riders must be at least 18, consistent with our Rider Terms. If we become aware that we have collected a child’s data, we will delete it.
11. Your rights
Under the GDPR and the Irish Data Protection Act 2018, you have the following rights:
- Access - obtain a copy of your personal data.
- Rectification - have inaccurate data corrected.
- Erasure - request deletion of your data, subject to legal retention requirements.
- Restriction - limit processing in certain circumstances.
- Portability - receive your data in a structured, machine‑readable format.
- Objection - object to processing based on legitimate interests.
- Withdraw consent - where processing is based on consent, you can withdraw it at any time.
- Complaint - lodge a complaint with the Data Protection Commission (www.dataprotection.ie).
How to exercise your rights
To exercise any of these rights, email our privacy contact at privacy@fairtaxi.ie. We will respond within one month. We may need to verify your identity before acting on a request. If you are not satisfied with how we handle your data, you may lodge a complaint with the Data Protection Commission:
- Email: info@dataprotection.ie
- Phone: +353 0761 104 800
- Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28
- Website: dataprotection.ie
12. Cookies and similar technologies
Our marketing website uses cookieless Cloudflare Web Analytics, which does not track individual visitors. Details are in our Cookie Policy.
13. Changes to this policy
We may update this Privacy Policy. Material changes will be notified via the App or email.