Last updated: July 7, 2023
This policy describes how our company handles the personal data
of Äppy users ("you" or "your"). Äppy Technology TÜ is the organization that
receives data from Äppy and controls its processing ("we" or "us").
This policy applies when you use Äppy websites, mobile applications, products,
content, or services (collectively referred to as the "Platform" or "Äppy") or when
you contact us. The policy does not apply to the processing of information about our
candidates, employees, or business partners.
This policy applies in all countries where Äppy operates, except in countries where
local laws regarding all practices described in this policy. In case of any inconsistency
between the provisions of this policy and local law, we commit to comply with the
requirements of local law regarding such inconsistency.
Users who request or receive transportation services through Äppy are referred to as
"Passengers," and individuals who provide such services to Passengers are referred
to as "Drivers."
What data we collect
We collect three categories of your data: data provided by you, data collected
automatically by us, and data we receive from other sources.
We do not collect or process information about your race or ethnic origin, political
views or membership in any political associations, religious or philosophical beliefs,
trade union membership, genetic data, biometric data, or data concerning a person's
Data provided by you
Registration data and passenger information may include your name, phone number,
email address, country, and city. If permitted or required by law, we may collect your
selfie image for identity verification, national identification numbers, and social
media account information for security purposes, as well as emergency contact
numbers. Without providing this information, you will not be able to use Äppy or
certain features. Optionally, you may provide your last name and upload a profile
Driver information may include the driver's full name, profile photo, license data and
status, vehicle information (type, make, model, year, color, registration details,
license plate number, vehicle inspection report, vehicle image), identification
documents, government identification numbers, proof of address, home address,
date of birth, gender, taxpayer identification number, relevant insurance, work
authorization, driving history, payment or banking information, and other
documents required by applicable laws and regulations. In cases where permitted or
required by law, we may also collect information for background checks and criminal
records. The above-mentioned information may be processed by authorized
providers on our behalf. Without providing such information, you will not be able to
register as a Driver.
User-generated content that you want to upload to Äppy, such as comments, ratings,
Information in correspondence you send to us, including chat messages, emails with
any attachments, phone call recordings you make to us, and associated metadata.
Information for participation in promotions. From time to time, we may launch
branding campaigns, referral programs, and other promotional programs. If you
want to participate in such programs and receive bonuses, payments, or other
benefits, we may ask you to provide information such as your name, email address,
user ID, phone number, payment or banking information, home address, social
media account, vehicle type, and image.
Automatically collected data:
Location information. We collect user location data for purposes such as completing
trips, providing user support, ensuring safety, detecting fraud, and complying with
legal requirements. We collect location information (including GPS coordinates and
Wi-Fi data) based on your Äppy application settings and device permissions:
- Passengers: We collect precise location data of your device when the Äppy app is
running in the foreground (app is open and on the screen) and when the app is
running in the background (app is open but not on the screen) from the time of trip
request until its completion. Passengers may use the app without allowing it to
collect precise location data from their mobile devices by directly inputting pickup
and drop-off addresses or coordinates into the app.
- Drivers: We collect precise location data of your device while the Äppy app is in use
in the foreground (app is open and displayed on the screen) and while the app is
running in the background (app is open but not displayed on the screen) in Driver
Mode. We may also collect location data for a limited time after you exit Driver
Mode to track and investigate any incidents that may occur during the trip.
Transaction information. We collect transaction-related information associated with
services provided through Äppy, including the amount charged, payment transaction
details, date and time of service provision, route, and distance traveled.
Usage information. We collect data about your usage of our platform, such as access
dates and times, features or pages viewed, platform failures, and other system
activities. We may also collect and use data for marketing purposes related to third-
party services that you used prior to interacting with Äppy.Device information.
We collect data about the device you use to access Äppy,
including information about the device's name, brand, and model, user agent, IP
address, mobile carrier, network type, time zone settings, language settings,
advertising identifiers, browser type, operating system and version, screen
parameters, battery charge level, and installed applications that may be used for
authentication and fraud prevention. Additionally, we may collect readings from
mobile sensors, such as speed, direction, altitude, acceleration, deceleration, and
other technical data.
User and trip identifiers. We automatically assign a user identifier to you when you
create an Äppy account, as well as a trip identifier for each trip.
State authorities. We may receive information about users from law enforcement
agencies and other government entities if required or permitted by law.
Other users or third parties. Third parties may provide us with information about you,
for example, in connection with referral programs or through user support (such as
information related to an incident or complaint, including audio, video, images,
How we use your data
We use personal information for the following purposes:
1. To provide you with the ability to use Äppy services, including:
- Providing users with the ability to have an Äppy account, request and provide
services through Äppy;
- Checking the rights and abilities of Drivers to provide services through Äppy;
- Preventing and combating unsafe or illegal behavior, fraud, and other violations of
Äppy's rules, suspending and deactivating users engaged in prohibited activities;
- Providing user support, processing user complaints;
- Sending non-promotional messages (such as invoices, receipts, or trip notifications);
- Ensuring the availability, security, and stable operation of our Platform, preventing
and resolving incidents and technical issues.
Legal basis: Performance of our contract with you, the need to comply with our legal
obligations, and our legitimate interest in ensuring the security of Äppy's use.
2. To improve existing and develop new features and products, including:
- Conducting testing, data analysis, research, development, and machine learning;
- Gathering your feedback.
Legal basis: Our legitimate interest in providing you with the best user experience of
Äppy services. If explicit consent is required for certain purposes, we will obtain it
3. For Äppy promotion
- Sending you promotional messages and advertisements, as well as making
- Providing you with personalized content and advertisements both on Äppy and on
- Organizing contests, events, car branding and referral programs, and other
campaigns.Legal basis: Our legitimate interest in promoting Äppy. If explicit consent is required
for certain forms of direct marketing, we will obtain it additionally.
4. For the protection of rights and compliance with legal requirements
- To comply with licensing or permit requirements, as well as any other applicable
laws and regulations;
- To respond to law enforcement requests, government inquiries, court subpoenas,
court orders, lawsuits;
- To protect the rights and interests of the Äppy group, our users, or the public.
Legal basis: The necessity to comply with our legal obligations and our legitimate
We use personal data for automated decision-making related to your use of our
Platform, specifically for:
- Matching Drivers and Passengers based on factors such as availability and proximity;
- Determining user ratings and deactivating users with low ratings;
- Marking or temporarily deactivating users who have been involved in fraud, unsafe,
or harmful activities. In some cases, such activities may lead to deactivation;
- Recommending average costs based on factors such as distance, location, and time.
In cases provided by law, actions (including deactivations) based on such data
processing are only taken after human review and/or providing the opportunity to
contest the decision. To contest a decision made as a result of these processes,
please contact us at firstname.lastname@example.org.
Who we share your data with
Sharing information with other Users. We provide certain information about users
for the purpose of planning and carrying out trips:
- Providing Drivers with information about Passengers, including name and profile
photo (if uploaded), rating, pickup and drop-off locations, trip count, proposed fare,
comments, and contact information. In regions where we require Passengers to
provide a national identification number, we may also inform the Driver whether the
Passenger provided that number (but we will not disclose the actual identification
- Providing Passengers with information about Drivers, including name and profile
photo, vehicle information and photo, pickup and drop-off locations, ratings and
reviews, trip count, age (for certain features), and contact information.
When necessary for providing Passengers with receipts and invoices, we may share
information about the pickup and drop-off locations, total trip duration and distance,
breakdown of the total fare, driver's name, taxpayer identification number, and
other legally required information.
For the purpose of providing services other than transportation services offered
through Äppy, we may share information with other users that is necessary for
providing such services.
Sharing information with service providers. We may disclose your personal
information to the following service providers for business purposes:
- User support and technical support;- Background check verification and identity verification;
- Cloud storage;
- Fraud prevention;
- Advertising, marketing, and analytics;
- Research and development;
- Obtaining services from consultants, lawyers, accountants, auditors, and other
- Transfers to airports.
The following partners process data for their own purposes as independent
controllers, and we do not control such processing:
Providing information within the corporate group. We may transfer your information
to a parent, subsidiary, or affiliated company within our corporate group as part of
our international operations.
Providing information in connection with a business transfer. We may disclose
personal information in the event of a major corporate transaction where personal
information is included as an asset to be transferred.
Providing information for legal reasons. We may disclose your personal information
when necessary to protect rights and comply with legal obligations.
Providing information with your consent. We may disclose your personal information
for other purposes with your consent or as directed by you.
Providing information through anonymization. We may share aggregated or
otherwise anonymized information that no longer identifies individuals.
Cross-border data transfers. In order to support our international operations, we
may transfer your data to members of our corporate group and other organizations
outside of your country of residence, in accordance with the provisions of the
"Procedure for the Distribution of Your Personal Data." The aforementioned is done
for the purpose of performing our contract with you or based on consent, adequacy
decisions for the respective countries, or other transfer mechanisms and appropriate
safeguards as required by applicable law, such as the Standard Contractual Clauses
approved by the European Commission. We undertake to take reasonable measures
to ensure that any foreign recipient processes your data in the same manner as we
Your rights and choices. Access to and updating of your personal data. You can
access, view, and update your information in the settings of your account in the
application or by contacting us at email@example.com. You can also request a copy of
all information about you processed by our company. You may receive your data in a
structured, commonly used, and machine-readable format if such data has been
processed by automated means.Deleting your account and data.
You can delete your account by clicking on the following link:
You may be asked to confirm your account and identity. We may not be able to
delete your account if there are outstanding charges associated with your account
(e.g., an unresolved complaint). We may retain certain information after deleting
your account if there is a legitimate reason to do so.
Location information disclosure. Your device may have controls that determine what
information we collect. For example, you can prevent your device from sharing
location information through device system settings.
Objections and withdrawal of consent. You have the right to object to our processing
of your information if the processing is based on our legitimate interests. You can
also withdraw your consent to processing at any time if the processing is based on
your consent. In particular, you can exercise these rights by:
- Unsubscribing from marketing emails and messages. You can opt out of receiving
promotional emails and messages by using the "Unsubscribe" link or the procedure
specified in the respective emails and messages.
- Declining marketing calls. You can opt out of receiving marketing calls during a call
or by contacting us at firstname.lastname@example.org.
- Managing cookie files. You can delete cookies and change cookie settings in your
web browser settings.
Limitations. You can request the limitation of the use of your data. We may continue
to process your data after such a request in cases where required or permitted by
Right to lodge a complaint with a supervisory authority. According to local legislation,
you may have the right to lodge a complaint with a local supervisory authority.
How we store your data
We store your personal information for as long as your account is registered with our
company. We may retain certain information after the closure of your account on
We will store transaction information (e.g., trip and payment data) for as long as
necessary to fulfill our tax obligations. Generally, in accordance with tax legislation
requirements, we are obligated to retain information for a period of 10 years.
We will store information for the period required by the licensing regulatory
authority (where applicable). The retention period depends on your location and the
type of data.
- We will store correspondence and other documentation for as long as necessary to
comply with legally mandated document retention obligations. Generally, in
accordance with commercial law requirements, we are obligated to retain financial
information for a period of 6 years.
- In the event of a legal claim, dispute, or the threat of such, we will store relevant
information until the claim is satisfied/settled or the statute of limitations expires.
The statute of limitations
will depend on your location, but generally, information
needs to be retained for a period of 3-7 years in such cases.
We will also retain data necessary for fraud prevention, user security, and
compliance with our legal obligations for a period necessary to achieve these
How we protect your data
We implement reasonable and appropriate technical, legal, and organizational
security measures to protect your personal information from unauthorized actions,
including, but not limited to, access, disclosure, alteration, or destruction, which
could result in loss, theft, or unlawful use of your data.
Security processes in our company are designed in compliance with the General Data
Protection Regulation (GDPR). This includes the implementation of measures aimed
at ensuring users' data privacy rights and compliance with data protection practices.
We take all reasonable measures to fulfill our obligations to protect your information.
We regularly review our security measures and consider available new technologies
and methods. While absolute security does not exist on the internet or beyond, we
cannot guarantee the absolute security of your information, particularly against
malicious actions of third parties when the cost of a successful attack significantly
exceeds the value of the accessed data. Nevertheless, we make commercially
reasonable efforts to ensure the security of your information.
Äppy Technolgy TÜ - a general partnership, incorporated and registered under the
laws of the Republic of Estonia with registration code 16713423, legal address Parda
tn 3/5/7, Tallinn 10151, Republic of Estonia.