Privacy Policy
Last updated: May 24, 2026
1. Introduction
Wayzos is a community ride-sharing platform that connects people travelling along similar routes so they can share rides and split travel costs. We built Wayzos for professionals and students who want a smarter, more social way to commute — not a taxi service.
This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what choices you have. We collect only what we need to run the platform and nothing more.
By creating an account or using the Service, you confirm that you have read this Policy and agree to the practices described in it.
2. Who We Are
| Service | Wayzos |
| Contact | team@wayzos.com |
| Service area | Worldwide |
For privacy questions, requests, or complaints, email us at team@wayzos.com. We respond within 30 days.
3. Information We Collect
We collect only what is necessary to operate the Service and keep the community safe.
3.1 Account and Profile Information
Provided by you when you sign up or update your profile:
- Email address — your login identifier, used to send OTP codes for authentication. Not shown to other users.
- First and last name — shown to matched co-riders so they can recognise you.
- Gender — used to power female-only matching (see §6).
- Profile photo (optional) — visible to potential matches.
- Phone number (optional) — stored privately, not shown to other users.
3.2 Social Profile for Account Review
Instead of collecting government-issued ID, we ask you to provide a link to a public social media or professional profile (for example LinkedIn). Our team reviews this manually to confirm you are a real person before approving your account.
We do not scrape or store your full social media profile. We only review it for identity confirmation and record that the review was completed. The URL you provide is stored on your account.
3.3 Vehicle Information (Drivers Only)
If you post as a driver, you can register a vehicle to give co-riders useful context about the ride:
- Make, model, colour, and vehicle type (car or bike)
- Seat count
- License plate number
- Vehicle photos (optional)
This information is shown to confirmed matches so they know what to look for. Wayzos does not verify vehicle registration, roadworthiness, or insurance. Vehicle details are provided by you and shared as a convenience only.
3.4 Trip and Location Information
When you post or are matched on a trip, we collect:
- Origin and destination (as coordinates and human-readable addresses)
- Departure time window and trip date
- Route polyline for driver posts (computed by our routing provider)
- Match details: overlap score, pickup ETA estimate, and match state
We do not continuously track your live location. We only know the origin and destination you share when you post a trip.
3.5 Chat Content
Messages between matched users are stored so both parties can re-read the conversation. Chat is only available between approved, matched users.
- Messages are stored in plain text and are not logged separately.
- Chat messages are permanently deleted 90 days after they are sent.
- If a misconduct report is filed, we may retain relevant messages for the duration of the investigation.
3.6 Ratings, Reports, and Blocks
- Star ratings and written feedback you submit after a completed trip
- Reports you file about other users, including attached screenshots
- Blocks you place on other users
3.7 Device and Technical Information
- Device platform (Android or iOS), app version, and push notification token
- IP address (collected by our server infrastructure for security purposes)
- Crash and error data via Sentry, with personal identifiers scrubbed where possible
3.8 What We Do Not Collect
- Government-issued identity documents (no national ID, passport, or equivalent)
- Continuous background GPS location
- Your contacts, calendar, microphone, or call history
- Payment card or financial information — the Service has no in-app payments
4. How We Use Your Information
- Run the matching engine — find drivers and riders on compatible routes and time windows.
- Review and approve accounts — confirm via social profile that you are a real person.
- Enforce female-only matching — ensure server-side queries respect gender filters.
- Authenticate you — issue and rotate session tokens; send OTP codes by email.
- Communicate with you — push notifications for matches, reminders, and OTP emails.
- Keep the platform safe — process reports and blocks; suspend users who break the rules.
- Improve the Service — fix bugs, monitor for abuse, and measure aggregate usage.
We do not sell your data and we run no third-party advertising.
5. How and With Whom We Share Your Information
5.1 With Other Users
- Before a match is confirmed: your first name, gender, profile photo, approval status, average rating, and trip details.
- After a match is confirmed: the above, plus vehicle details (for driver posts) and pickup ETA. Communication happens through in-app chat — we do not reveal phone numbers.
5.2 With Service Providers
We share data with the following providers solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cloudflare / R2 | CDN and media storage | IP addresses; uploaded photos |
| Mapbox (or equivalent) | Route polyline computation | Origin and destination coordinates |
| Firebase (Google) | Push notifications | Device token, notification content |
| Postmark | OTP emails | Email address, OTP code |
| Sentry | Error reporting | Error stack traces (sensitive fields scrubbed) |
| Hetzner Online | Server and database hosting | All data processed by the Service |
5.3 For Safety and Legal Purposes
We may disclose information when we believe it is necessary to prevent serious harm, cooperate with a law enforcement investigation, or comply with a valid legal demand. Where permitted, we will notify you before disclosing.
5.4 Business Transfers
If Wayzos is sold or merged, your information may transfer to the successor entity. We will notify you in advance and the successor will be bound by this Policy.
5.5 We Do Not Sell Your Information
We do not sell, rent, or share your personal information with data brokers, advertisers, or any third party for marketing purposes.
6. Female-Only Mode
Female-only mode is a core safety feature of Wayzos. When enabled:
- Your posts are hidden from users whose verified gender is male — enforced in server-side database queries, not just in the app.
- Your feed can be filtered to show only female drivers and riders.
Gender is set at sign-up and confirmed during account review. If you believe female-only mode has not worked correctly for you, report it immediately to team@wayzos.com. We treat this as a critical incident.
7. Security
- All traffic is encrypted in transit using TLS (HTTPS). The mobile app uses certificate pinning.
- Profile photos and vehicle images are stored in object storage with access controls.
- We deliberately do not log sensitive data such as access tokens or chat message bodies.
- Administrative actions are restricted to authorised staff and recorded in an append-only audit log.
- Sessions use short-lived access tokens (15 minutes) and rotating refresh tokens (60 days).
- Sensitive endpoints are rate-limited to slow abuse.
- The database is backed up nightly to encrypted off-site storage, retained for 30 days.
No security measure can guarantee absolute protection. Keep your email account secure and never share your OTP with anyone — Wayzos staff will never ask for it.
8. Data Retention
| Category | Retention |
|---|---|
| Account profile (name, gender, photo) | While your account is active; up to 12 months after deletion for dispute resolution. |
| Social profile URL used for review | While your account is active; deleted with your account. |
| Posts and trip data | Active posts kept while account is active. Posts anonymised 90 days after account deletion. |
| Chat messages | 90 days, then permanently deleted. |
| Ratings and reports | While account exists; anonymised after deletion. |
| Server logs | 30 days at the edge proxy; longer in Sentry for unresolved errors only. |
| Backups | 30 days, then overwritten. |
Account deletion requests are processed within 30 days. Some data may persist in backups for up to 30 additional days.
9. Your Rights
- Access — request a copy of information we hold about you.
- Correction — fix inaccurate information (most fields are editable directly in the app).
- Deletion — close your account and request deletion, subject to the rules in §8.
- Withdrawal of consent — withdraw consent for processing; this may limit your access to certain features.
- Portability — receive your account data in a machine-readable format.
To exercise any of these rights, email team@wayzos.com from your registered email address.
10. International Data Transfers
Wayzos is a global service. Your information may be stored and processed outside your country, including in Germany (Hetzner servers), the United States (Sentry, Postmark, Google), and on Cloudflare's global network. We select providers that offer commercially reasonable data-protection safeguards.
11. Children
The Service is intended for users aged 18 or older. We do not knowingly collect information from anyone under 18. If we discover we have done so, we will delete it promptly.
12. Changes to This Policy
We may update this Policy from time to time. For material changes, we will give reasonable notice in-app before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance.
13. Contact
Questions or privacy requests: team@wayzos.com