Privacy Policy
Last updated: February 18, 2026
Velorent Private Limited ("Velorent", "Company", "we", "us", or "our") is committed to protecting the privacy and personal data of individuals who access or use our website, mobile applications, and related services (collectively, the "Platform").
This Privacy Policy explains how we collect, use, process, store, disclose, and protect personal data of users, including Hosts, Guests, customers, and visitors.
By accessing or using the Platform, you consent to the processing of your personal data in accordance with this Privacy Policy.
Our services are intended only for users located within India. All personal data is processed in compliance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and other applicable regulations.
Registered Office: Sangani Vrajbhoomi, B-110, near Ayodhya Apartment, Vatva, Ahmedabad, Gujarat - 382445, India.
Under the Digital Personal Data Protection Act, 2023, Velorent acts as a Data Fiduciary in respect of personal data collected through the Platform.
We collect and process personal data:
- With your consent.
- For performance of contractual obligations.
- To comply with legal requirements.
- For legitimate business purposes that do not override your rights.
- We follow principles of lawful processing, data minimisation, purpose limitation, and security safeguards.
We collect personal data necessary to operate a safe and compliant vehicle-sharing ecosystem.
A. Information You Provide Directly
This includes:
- Identity and Contact Details: Full name, email address, mobile number, date of birth, address, profile photograph.
- KYC and Government Identification: Driving License, Aadhaar or other government-issued ID, PAN (where required), address proof documents.
- Vehicle Information (Hosts): Registration Certificate (RC), insurance policy, PUC certificate, permits and licenses.
- Financial Information: Bank account details, UPI ID, transaction history, GST details (where applicable).
- Payment card information is processed only through RBI-compliant, PCI-DSS certified payment partners.
B. Information Collected Automatically
When you use the Platform, we may collect:
- Device type and operating system.
- IP address.
- Browser details.
- Login timestamps.
- Session duration.
- App crash logs.
- Usage analytics.
- Referral source.
- We may use cookies, SDKs, and similar technologies to enable platform functionality and analytics.
- You may disable cookies through your browser settings, though certain features may not function properly.
C. Location and Telematics Data
To enable safe vehicle-sharing services, we may collect location-related data during active bookings.
1. Device-Based Location (With Permission): Depending on your settings, limited access captures location at trip start and end, while continuous access captures real-time location during active trip only. Location tracking automatically stops after trip completion.
2. Vehicle-Installed GPS (Host Consent-Based): Certain vehicles may contain telematics devices installed with Host consent.
Such devices may collect during active bookings:
- Real-time vehicle location.
- Route history.
- Driving behaviour indicators (e.g., harsh braking).
- Ignition status.
- Tampering alerts.
- Tracking is active only during confirmed bookings.
- Location data may be retained for up to six (6) months for dispute resolution, insurance, compliance, or legal requirements.
D. Information from Third Parties
We may verify or supplement your information using:
- Government transport databases (e.g., vehicle registration records).
- GST or business registries.
- Traffic violation databases.
- Licensed KYC verification providers.
- Insurance partners.
- All such verification occurs in compliance with applicable laws and, where required, with your consent.
We process personal data for the following purposes:
A. Account and Booking Management
- User onboarding and KYC.
- Booking confirmations and trip execution.
- Payment processing and settlement.
- Customer support and dispute resolution.
B. Safety and Risk Monitoring
- Trip monitoring and fraud detection.
- Preventing misuse or unauthorized access.
- Vehicle recovery and emergency assistance.
C. Legal and Regulatory Compliance
- Compliance with DPDP Act, Motor Vehicles Act, and other laws.
- Insurance claims and accident reporting.
- Law enforcement requests.
D. Communication and Marketing
- Service notifications.
- Booking alerts.
- Policy updates.
- Promotional communications (you may opt out).
- Transactional communications cannot be disabled.
We may use automated systems to detect:
- Fraudulent transactions.
- Suspicious booking behaviour.
- Security risks.
- Such systems assist human review and do not independently make legally binding decisions without oversight.
We do not sell personal data.
We may share personal data only where necessary:
A. With Service Providers
- Payment processors.
- Cloud hosting providers.
- Analytics providers.
- KYC partners.
- Insurance partners.
- All service providers are contractually bound to confidentiality and security obligations.
B. Between Hosts and Guests
Limited data may be shared to facilitate bookings, such as:
- Name.
- Profile photo.
- Booking details.
- Contact number (where necessary).
- Vehicle information.
- Location data may be shared only where necessary for safety, delays, or disputes.
C. Legal Disclosures
We may disclose data:
- To comply with court orders.
- To law enforcement authorities.
- To regulators.
- To prevent fraud or crime.
D. Corporate Transactions
- In case of merger, acquisition, or restructuring, personal data may be transferred to successor entities subject to equivalent protections.
We retain personal data only as long as necessary.
| Category | Retention Period |
|---|---|
| Trip Data | Up to 6 months |
| KYC Records | Active account + 90 days (minimum) |
| Financial Records | Up to 8 years (tax compliance) |
| Support Communications | Up to 3 years |
| Media Submissions | Up to 6 months |
- Data may be retained longer where legally required.
- After retention expiry, data is securely deleted or anonymised.
We implement reasonable security safeguards including:
- HTTPS and TLS encryption.
- Role-based access control.
- Secure cloud hosting.
- Internal audits and monitoring.
- Firewall and intrusion detection systems.
- However, no system is completely secure. Users are responsible for maintaining confidentiality of login credentials.
In the event of a personal data breach, Velorent will:
- Assess the scope and impact.
- Take remedial security measures.
- Notify affected users and/or authorities where required under applicable law.
You have the right to:
- Access your personal data.
- Request correction of inaccurate data.
- Withdraw consent (where applicable).
- Request deletion (subject to legal retention requirements).
- Nominate a representative in case of incapacity.
- File a grievance.
- You may exercise these rights through the Platform or by contacting our Grievance Officer.
- Withdrawal of certain consents (e.g., location tracking) may impact service functionality.
You may delete your account through: Profile -> Settings -> Delete Account.
Upon deletion:
- Personal data will be deleted within reasonable time.
- Certain data may be retained for legal or compliance purposes.
- User-generated content such as reviews may remain visible.
- Our services are intended only for individuals aged 18 years and above.
- We do not knowingly collect personal data of minors.
- While our services are intended for Indian users, some cloud infrastructure or service providers may operate in multiple jurisdictions.
- All such processing complies with applicable Indian data protection laws.
We may update this Privacy Policy from time to time.
Material changes will be notified via:
- In-app notifications.
- Email.
- Platform announcements.
- Continued use of the Platform constitutes acceptance of the updated Policy.
- Email: support@velorent.in.
- Response Time: Within 7 business days.