Privacy Policy
Last updated: December 30, 2025
For details about your rights and responsibilities when using our platform, see our Terms of Service.
At THE LOBBY, we value your trust and are committed to transparency about how we collect, use, and protect your personal data. This policy explains our data practices when you use our platform to find rides in Shillong and across Meghalaya.
1. Information We Collect
We collect information necessary to provide our services and ensure platform safety. This includes:
- Account Data: Name, phone number, email address, and profile information provided during registration.
- Driver Verification Data: Vehicle details, driving license copies, government ID, insurance information, and vehicle registration documents (for verification purposes only).
- Usage Data: Search history (e.g., "Shillong to Dawki"), trip routes, pickup and drop-off locations, and app interaction patterns to improve our services.
- Communication Data: Messages, call logs, and support tickets exchanged through our platform.
- Device Information: Device type, operating system, IP address, and unique device identifiers for security and service optimization.
- Payment Information: Transaction history and payment method details (processed by third-party payment providers).
2. How We Use Your Data
Your data is used strictly for operational and safety purposes:
- To verify driver identities and maintain platform safety and integrity.
- To enable direct communication between riders and drivers through our app.
- To process payments and resolve payment disputes.
- To prevent fraud, abuse, and violations of our community guidelines.
- To improve our route suggestions and service recommendations.
- To respond to your inquiries and provide customer support.
- To comply with legal obligations and regulatory requirements.
- To conduct safety investigations and address reported incidents.
3. Data Security and Protection
We implement industry-standard security measures to protect your personal data:
- End-to-end encryption for sensitive communications and data transmission.
- Secure servers with regular security audits and penetration testing.
- Access controls limiting data access to authorized personnel only.
- Multi-factor authentication (MFA) options for account protection.
Disclaimer: While no service is 100% secure, we continuously monitor and improve our security infrastructure. We cannot guarantee complete protection against all potential threats.
4. Data Sharing and Third Parties
We may share your data with third-party service providers who assist in our operations:
- Payment Processors: To process transactions securely.
- Identity Verification Providers: To verify driver credentials and documents.
- Mapping Services: To provide route optimization and location services.
- Customer Support Platforms: To manage inquiries and support tickets.
All third-party providers are contractually obligated to maintain data confidentiality and use your information solely for the purposes we specify. We do not control their systems and are not liable for their practices beyond our contractual obligations.
5. Data Retention
We retain your personal data for as long as necessary to:
- Provide our services and maintain your account.
- Comply with legal and regulatory obligations.
- Resolve disputes and enforce our agreements.
- Investigate and prevent fraud or safety incidents.
After you delete your account, we may retain certain data in anonymized or aggregated form as required by law. Driver verification documents may be retained for a period mandated by transportation regulations in Meghalaya.
6. Your Data Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Correction: Correct inaccurate or incomplete information.
- Right to Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
- Right to Opt-Out: Opt out of certain data processing activities, such as marketing communications.
- Right to Data Portability: Request your data in a portable format.
To exercise any of these rights, contact our Data Protection Officer at the address provided in the Contact section below.
7. Cookies and Tracking
Our platform may use cookies and similar tracking technologies to:
- Maintain your session and remember your preferences.
- Analyze platform usage and performance.
- Detect and prevent fraudulent activity.
You can control cookie settings through your browser. However, disabling cookies may affect the functionality of certain features. Third-party analytics providers may also collect usage data subject to their privacy policies.
8. Breach Notification
If we discover a security breach that may affect your personal data, we will follow our incident response procedures and notify affected users and regulators as required by applicable law. Where legally required, we will provide notice without unreasonable delay. Notifications will include information about the breach, the data affected, and steps you should take to protect yourself.
9. International Data Transfers
Your data is primarily stored and processed within India. If we transfer data internationally for service provision or backup purposes, we implement appropriate safeguards such as standard contractual clauses or your explicit consent to ensure adequate protection.
10. Children's Privacy
THE LOBBY is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will delete it promptly. Parents or guardians who believe their child has provided personal data should contact us immediately.
11. Recordings and Monitoring
To ensure safety, prevent fraud, and maintain service quality, we may:
- Record calls and messages between riders and drivers (where legally permitted).
- Monitor trip data, including routes and duration.
- Log access to accounts and platform activities.
By using THE LOBBY, you consent to such monitoring and recording as permitted by applicable laws in your jurisdiction.
12. Data Protection Officer and Privacy Inquiries
For questions about this privacy policy, data practices, or to exercise your data rights, contact our Data Protection Officer:
Email: thelobby500@gmail.com
Mailing Address: Data Protection Officer, THE LOBBY, Shillong, Meghalaya, India
Response Time: We aim to respond to all inquiries within 30 days.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be posted with an updated "Last updated" date. Where required by law, we will provide advance notice. Your continued use of THE LOBBY after any changes constitutes your acceptance of the updated policy.
14. Legal Basis for Processing (GDPR Compliance)
For users subject to GDPR or similar regulations, we process your personal data based on:
- Contractual Necessity: To provide our services and fulfill our agreement with you.
- Legal Obligation: To comply with laws and regulatory requirements.
- Legitimate Interests: To prevent fraud, ensure security, and improve our platform.
- Consent: Where you have explicitly consented to specific processing activities.
15. Governing Law
This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. For matters related to data protection in Meghalaya, applicable state regulations will also apply.
Related Documents
For information about your rights and responsibilities when using our platform, please review our:
Learn about user responsibilities, service limitations, and dispute resolution procedures.