🌿 TOMO

1. About TOMO

TOMO is a carpooling and community app for Indian cities. It is a private vehicle cost-sharing platform — not a taxi or cab service. Vehicle owners share fuel costs with co-passengers on journeys they are already making.

TOMO is operated by Apptastic (sole proprietorship, Hyderabad, India). Contact us at support@tomoride.com.

2. Information We Collect

• Account info: Name, mobile number (OTP verified), email address (optional), profile photo (optional).
• Vehicle info: Vehicle type, registration number, fuel type — provided voluntarily when offering rides.
• Location data: GPS coordinates during active rides only. We do not track your location in the background when you are not on a ride.
• Work email domain: If you choose the "Verified commuter" badge, we store only your email domain (e.g. company.com) — never your full work email address.
• Usage data: App interactions, ride history, and crash reports (via Firebase Crashlytics) to improve the service.
• Trusted contacts: Names and phone numbers you add voluntarily for SOS safety alerts.

3. How We Use Your Information

• Match you with compatible ride partners on your route.
• Display your name and vehicle info to potential co-passengers.
• Send SOS safety alerts to your trusted contacts during emergencies.
• Show a "Verified commuter" badge to build trust in the community.
• Improve app performance and fix bugs.
• Send ride notifications and activity updates via push notifications.

We do not sell your data to third parties. We do not use your data for advertising.

4. Location Data

TOMO collects GPS location only during active rides when you explicitly share your location. Location data is used to show your position to your co-passenger for safety and coordination.

Live location is deleted from our servers within 15 minutes after a ride ends. We do not maintain a permanent location history.

Location sharing requires your explicit in-app consent before each ride (or an "Always share" preference you can change at any time in Settings → Safety).

5. Data Sharing

We share limited information with:

• Your co-passenger / ride partner: Name, profile photo, vehicle details, and live location (with consent) during an active ride.
• Your trusted contacts: Approximate location during an SOS alert you trigger.
• Firebase (Google): Authentication, crash reporting, push notifications. Firebase's privacy policy applies.
• MSG91: Phone OTP delivery and emergency SMS alerts. MSG91's privacy policy applies.
• Mapbox: Location search and map display. Mapbox's privacy policy applies.

We do not share your data with government authorities except when required by law.

6. Fuel Contribution — Not a Commercial Fare

Amounts exchanged on TOMO are fuel cost contributions, not commercial fares. All amounts are capped at the actual fuel cost formula permitted under the Motor Vehicles Act, 1988. TOMO does not process payments — all cost-sharing is agreed between users directly.

7. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Live location: Deleted within 15 minutes after ride ends (Redis TTL).
• Work email domain: Deleted when you remove the Verified badge or delete your account.
• Ride history: Retained for 12 months for dispute resolution, then anonymised.
• OTP codes: Deleted within 10 minutes (Redis TTL), single-use.

8. Your Rights (DPDP Act 2023)

Under India's Digital Personal Data Protection Act 2023, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Erase your personal data (right to be forgotten).
• Withdraw consent for data processing at any time.
• Nominate a person to exercise your rights in case of death or incapacity.

To exercise any right, email support@tomoride.com from your registered email address. We will respond within 30 days.

To delete your account and all associated data: Settings → Delete Account in the app, or email us.

9. Children's Privacy

TOMO is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at support@tomoride.com and we will delete the account.

10. Security

We use industry-standard security measures including HTTPS/TLS encryption in transit, Firebase Authentication for secure login, and token-based API authentication. OTPs are single-use and expire in 10 minutes. Live location data is stored in encrypted Redis with short TTLs.

No system is 100% secure. If you discover a security issue, please report it responsibly to support@tomoride.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via in-app notification or email. The date at the top of this page reflects the latest update.

Continued use of TOMO after changes constitutes acceptance of the updated policy.

12. Contact Us

For any privacy questions, data requests, or concerns:

• Email: support@tomoride.com
• App: Settings → Report a Problem

We aim to respond to all privacy requests within 30 days.