Privacy Policy

1. Introduction

This Privacy Policy explains how Triply Technologies Pvt. Ltd. ("Triply") collects, uses, discloses, and protects your personal data when you use the Triply app, website, and related services (collectively, the "Platform"). We are committed to compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

2. Data Fiduciary

Under the DPDP Act, Triply is the Data Fiduciary responsible for determining the purpose and means of processing your personal data. Our contact details are at the end of this policy.

3. What We Collect

Information you provide

• Identity data: Full name, date of birth, gender, profile photo
• Contact data: Phone number, email address
• Verification data: Aadhaar-based OTP verification (we do not store the Aadhaar number), or details from an alternate government photo ID (passport, driving licence, PAN)
• Driver-specific data: Driving licence number, vehicle RC, insurance certificate, PUC certificate
• Payment data: UPI ID or linked bank account details (processed by our payment partner, not stored by Triply in full)
• Ride data: Pickup and drop locations, trip dates and times, ratings, reviews, messages exchanged in-app
• Emergency contacts: Names and phone numbers you add for safety features

Information collected automatically

• Device data: Device model, OS, app version, unique device identifier
• Location data: GPS location during active trips and when the app is in use (for matching, routing, and safety)
• Usage data: Screens viewed, actions taken, features used
• Technical data: IP address, mobile network, crash logs

4. How We Use Your Data

• To create and manage your Triply account
• To match Drivers and Passengers and facilitate trips
• To process payments and payouts
• To verify identities and prevent fraud
• To enable safety features (SOS, live tracking, emergency contacts)
• To provide customer support
• To send service notifications (via SMS, email, or push)
• To improve the Platform based on anonymised usage analytics
• To comply with legal obligations, court orders, and lawful requests from authorities

5. Legal Basis for Processing

Under the DPDP Act, we process your personal data based on:

• Your consent, freely given when you create your account and use specific features;
• Performance of a contract, where processing is necessary to provide the Platform;
• Legal obligation, where we are required by law to process data;
• Legitimate purposes such as fraud prevention and safety.

6. Sharing Your Data

We share your data only as follows:

• With other users: Your name, profile photo, ratings, and verified status are visible to Drivers and Passengers you match with;
• With service providers: Payment processors, SMS gateways, cloud hosting (on a need-to-know basis, under contractual safeguards);
• With authorities: When required by valid legal process (court orders, lawful police requests);
• In emergencies: Trip and location data may be shared with emergency services to protect life or safety;
• In corporate transactions: In the event of a merger or acquisition, data may transfer to the successor entity, subject to the same protections.

We do not sell your personal data to advertisers or third parties.

7. Retention

We retain personal data only as long as necessary for the purposes stated above, or as required by law. Typical retention periods:

Data type	Retention period
Account data	While account is active + 90 days after deletion
Trip records	7 years (for tax and regulatory compliance)
Identity verification	Duration of account + 5 years
Support conversations	3 years
Anonymised analytics	Indefinitely

8. Your Rights (Under the DPDP Act)

You have the right to:

• Access a summary of personal data we hold about you;
• Correct inaccurate or incomplete data;
• Erase your data (subject to legal retention requirements);
• Withdraw consent at any time (withdrawal does not affect past processing);
• Grievance redressal through our Grievance Officer (see Grievance page);
• Nominate another person to exercise your rights in the event of your death or incapacity.

To exercise these rights, email privacy@triply.in or use the Data Request option in your app settings.

9. Security

We implement reasonable security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), access controls, regular security audits, and employee training. However, no system is 100% secure — you acknowledge this inherent risk in using any online service.

10. Cookies

Our website uses cookies to remember preferences and measure performance. You can control cookies through your browser settings. The Triply app uses device identifiers for similar purposes.

11. International Transfers

Your data is primarily stored on servers located in India. In limited cases (such as email or payment processing), data may be processed outside India by our service providers. In such cases, we ensure equivalent protection through contractual safeguards as required by the DPDP Act.

12. Children

Triply is not intended for persons under 18. We do not knowingly collect personal data from minors. If we discover that we have collected data from a minor, we will delete it.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via the app or email at least 30 days before taking effect.

14. Contact & Grievance

For privacy questions: privacy@triply.in
For grievances under the DPDP Act or IT Rules, 2021, please see our Grievance Officer page.

You may also file a complaint with the Data Protection Board of India, established under the DPDP Act, if you believe your rights have been violated.

Triply Technologies Pvt. Ltd.
CIN: [to be inserted]
Registered office: [to be inserted]