Privacy Policy

1. Introduction

Vertikal Ltd. (“we,” “us,” “our,” or the “Company”) operates the ShuttleNow Driver mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the App.

ShuttleNow Driver is a GPS-enabled shuttle driver application that tracks driver location only during active shifts. We are committed to protecting your privacy and being transparent about our data practices.

By using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, do not use the App.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account or use the App, we collect:

• Account Information: Full name, email address, phone number, driver ID
• Employment Information: Assigned vehicle, shift schedule, driver license number (if required by your employer)
• Authentication Credentials: Login credentials used to access the App

2.2 Location Data (GPS)

• Precise GPS Location: We collect your precise geographic location (latitude and longitude coordinates) only during active shifts — from the moment you clock in until you clock out.
• Location Frequency: During an active shift, the App collects location data at regular intervals (approximately every 5–15 seconds) to track your route and position.
• No Off-Shift Tracking: We do not collect, track, or monitor your location when you are off-shift, when the App is in the background outside of a shift, or when the App is closed. Location tracking starts exclusively when you begin a shift and stops immediately when you end a shift. There is zero location tracking outside of active shifts.

2.3 Device and Technical Data

• Device Information: Device model, operating system version, unique device identifiers
• App Usage Data: App version, crash logs, feature usage patterns
• Network Information: IP address, connection type (WiFi, cellular)

2.4 Data Stored Locally on Your Device

The App stores certain data locally on your device to enable offline functionality and improve performance:

• Authentication Tokens: We use JSON Web Tokens (JWT) stored securely on your device (iOS Keychain or Android Keystore) to keep you authenticated. These tokens do not contain your location data or sensitive personal information. Tokens expire after 30 days of inactivity.
• Driver Profile Cache: Your driver profile (name, assigned vehicle, shift schedule) is cached locally using SharedPreferences (Android) or UserDefaults (iOS) so the App loads quickly and functions when connectivity is limited.
• Offline GPS Buffer: When your device loses internet connectivity during an active shift, location data points are temporarily stored in an encrypted local SQLite database on your device. Once connectivity is restored, this buffered data is automatically transmitted to our servers and then deleted from local storage.

3. How We Use Your Information

We use the information we collect for the following purposes:

We do not use your location data for:

• Surveillance or monitoring outside of work shifts
• Advertising, marketing, or profiling
• Sale to third parties
• Any purpose unrelated to shuttle operations and driver management

4. How We Share Your Information

4.1 Service Providers

We share your information with the following categories of third-party service providers who assist us in operating the App:

4.2 Your Employer / Shuttle Operator

If you use the App as part of your employment or contract with a shuttle operator, your employer or contracting organization may have access to:

• Your shift clock-in and clock-out times
• Your GPS location and route data during active shifts
• Your shift completion records

4.3 Legal and Safety Disclosures

We may disclose your information if required to do so by law or in good faith belief that such action is necessary to:

• Comply with a legal obligation, court order, or subpoena
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the App
• Protect the personal safety of drivers, passengers, or the public
• Protect against legal liability

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice in the App before your information becomes subject to a different privacy policy.

4.5 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information — including your location data — to any third party for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising purposes.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

After the applicable retention period expires, we permanently delete or de-identify your data so that it can no longer be associated with you.

6. Your Privacy Rights

6.1 Rights for All Users

Regardless of where you are located, you have the right to:

• Access your personal information that we hold
• Correct inaccurate personal information
• Delete your account and associated personal data
• Withdraw consent for location tracking at any time by ending your shift or revoking location permissions in your device settings

6.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions (e.g., legal compliance, completing transactions, security).
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide an opt-out mechanism.
• Right to Limit Use of Sensitive Personal Information: Precise geolocation is classified as sensitive personal information under CPRA. You may request that we limit its use to purposes necessary to provide the App's core functionality.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

6.3 European Economic Area, United Kingdom, and Switzerland Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, the following additional provisions apply:

• Legal Basis for Processing: We process your location data on the basis of legitimate interest (providing shuttle tracking and dispatching services) and performance of a contract (your agreement with the shuttle operator).
• Right to Access: Obtain confirmation of whether we process your personal data and request a copy.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your personal data under certain circumstances.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interest.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

Data Transfers: If we transfer your personal data outside the EEA/UK, we will implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

6.4 Other US State Privacy Rights

Residents of Connecticut, Colorado, Virginia, Utah, Oregon, Texas, Montana, and other states with comprehensive privacy laws may have similar rights to access, delete, correct, and opt-out. Contact us at [email protected] to exercise any applicable rights.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information:

• Encryption in Transit: All data transmitted between the App and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Encryption at Rest: GPS location data and personal information stored on our servers are encrypted at rest.
• Secure Local Storage: JWT tokens are stored in the iOS Keychain or Android Keystore, which provide hardware-backed encryption. The offline GPS SQLite buffer is encrypted on-device.
• Access Controls: Location data access is restricted to authorized personnel on a need-to-know basis. Access is logged and auditable.
• Authentication: We use token-based authentication (JWT) with automatic expiration. Multi-factor authentication is available for administrative accounts.
• Regular Security Assessments: We conduct periodic security reviews and vulnerability assessments of our systems.

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

The ShuttleNow Driver App is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 13 years of age. Since drivers must hold a valid driver's license and be of legal driving age, the App is inherently restricted to adults.

If we learn that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete such information. If you believe we have collected information from a child under 13, please contact us immediately at [email protected].

9. Location Permission and Device Settings

9.1 Permission Types

The App requests the following location permissions:

• iOS: “When In Use” location permission. The App accesses your location only while the App is open and you are on an active shift. We may request “Always” permission to enable background location updates during active shifts when the App is minimized — this is used solely for active shift tracking and never for off-shift monitoring.
• Android: “While Using the App” (foreground) location permission, and “Allow All the Time” (background) permission for active shift tracking when the App is minimized. A persistent notification is displayed whenever background location tracking is active.

9.2 Revoking Permissions

You can revoke location permissions at any time through your device settings:

• iOS: Settings > Privacy & Security > Location Services > ShuttleNow Driver
• Android: Settings > Apps > ShuttleNow Driver > Permissions > Location

Note: Revoking location permissions will prevent the App from recording your route during active shifts, which may affect your ability to complete shifts and comply with your employer's requirements.

9.3 Visual Indicators

The App provides clear visual indicators when location tracking is active, including an in-app status indicator and (on Android) a persistent notification. When your shift ends, the indicator is removed, confirming that tracking has stopped.

10. Third-Party Links and Services

The App may contain links to third-party websites or services (such as map providers). We are not responsible for the privacy practices of third-party services. We encourage you to read the privacy policies of any third-party services you interact with.

• OpenStreetMap: Map tiles are loaded from OpenStreetMap servers. OpenStreetMap's privacy policy governs their processing of any data. We do not transmit your personal information to OpenStreetMap — only standard map tile requests are made.
• Stripe: If billing features are used, Stripe processes payment data in accordance with Stripe's privacy policy. We do not store full payment card details.

11. Do Not Track Signals

Some web browsers transmit “Do Not Track” (DNT) signals. Since there is no industry-standard interpretation for mobile apps, we do not currently respond to DNT signals. However, we do not engage in online tracking of users across third-party websites or services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

1. Update the “Last Updated” date at the top of this policy
2. Notify you via push notification or in-app notice at least 7 days before the changes take effect
3. For material changes affecting location tracking or data sharing practices, we will request your renewed acknowledgment

Your continued use of the App after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you should stop using the App and request deletion of your account.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For privacy-specific inquiries, please use the subject line “Privacy Inquiry” or “Privacy Rights Request.”

We will acknowledge your inquiry within 5 business days and provide a substantive response within the timeframes required by applicable law.

14. California-Specific Disclosures

The following table summarizes the categories of personal information we have collected in the preceding 12 months, as required by the CCPA:

Financial Incentives: We do not offer financial incentives or price differences in exchange for the collection, retention, or sale of personal information.