1. Introduction and scope
This Privacy Policy ("Policy") describes how Liftngo ("Liftngo", "we", "us", "our") and its affiliates collect, use, store, disclose, and protect personal data when you access or use our websites, mobile applications, APIs, dashboards, customer support channels, and related services (collectively, the "Platform").
This Policy applies to visitors, registered users, business customers, driver partners, and others who interact with the Platform. It should be read together with our Terms of Service, cookie notices, and any product-specific disclosures shown at booking or checkout.
By using the Platform, you acknowledge this Policy. If you do not agree, please discontinue use and contact us to close your account where applicable.
2. Data fiduciary and contact
2.1 Who is responsible
For personal data processed in connection with the Platform, the data fiduciary (controller) is the Liftngo group entity identified on your tax invoices, contract, or in-product disclosure, or otherwise the primary operating company stated on our Contact page.
If you are unsure which entity processes your data for a specific transaction, contact us using the details below and we will confirm.
2.2 Grievance Officer, privacy contact, and customer support
Our Grievance Officer & Nodal Contact (Customer Support, Data Protection) is Saqulain. For privacy requests, exercise of rights under applicable Indian personal-data law, formal grievances about our processing of your personal data, and good-faith escalations of customer-support matters with a legal or compliance angle, contact Saqulain at privacy@liftngo.com. Include your registered phone or email with the Platform, relevant booking or order IDs where applicable, approximate dates, and a clear description of your request or complaint.
Day-to-day operational support (trip status, refunds, driver issues) may also be reached through the phone number and team inbox on our Contact page when published; those channels may coordinate with Saqulain where a grievance requires formal handling.
We may request reasonable verification before fulfilling rights requests or disclosing account information to prevent unauthorized access.
3. Categories of personal data we collect
The categories below depend on how you use the Platform. Not every category applies to every user.
3.1 Identity and account data
Name, phone number, email address, business name, role, profile photo (if uploaded), credentials, authentication tokens, and internal user identifiers.
For business accounts: GSTIN, PAN or equivalent tax identifiers where required for invoicing, billing addresses, purchase order references, and authorized signatory details.
3.2 Booking, delivery, and logistics data
Pickup and drop addresses, geocoordinates, contact persons at premises, instructions, goods descriptions, weight/volume declarations, time windows, proof-of-delivery artefacts (signatures, OTP confirmations, photos), trip IDs, and chat or call metadata between you and Partners facilitated through the Platform.
3.3 Payment and financial data
Transaction amounts, product type (trip, pack, lease, subscription, etc.), payment method type, payment status, Razorpay or other gateway transaction references, masked card or UPI identifiers where surfaced by the processor, and chargeback or reconciliation metadata.
We generally do not store full card numbers; payment partners tokenize or process card data in line with PCI-DSS expectations for their role.
3.4 Lease, subscription, and high-value program data
Vehicle class, lease term, consent snapshots and declarations you affirm at checkout, consultant notes from sales conversations (if captured in CRM), and documents you upload for eligibility or fleet onboarding.
3.5 Device, log, and diagnostic data
IP address, device type, operating system, app version, browser type, coarse or precise location (when you grant permission or when needed to operate maps), crash logs, performance telemetry, security logs, and timestamps of API calls.
3.6 Communications and support
Emails, in-app tickets, SMS or WhatsApp content where you message official Liftngo lines, call recordings where legally recorded and disclosed, and training or quality monitoring consistent with policy.
3.7 Data you give us about others
If you provide personal data of employees, consignees, or contacts, you represent that you have a lawful basis to do so and, where required, have informed them of Liftngo's role.
4. How we collect personal data
Directly from you when you register, complete forms, book, pay, chat with support, or upload documents.
Automatically through cookies, SDKs, and server logs when you use digital properties.
From Partners and subprocessors involved in fulfilment (e.g. status updates, GPS pings during an active Trip).
From fraud-prevention, identity, or credit partners where permitted and proportionate.
From public sources or corporate registries in limited cases (e.g. verifying business name against GSTIN).
5. Purposes and legal bases for processing
We process personal data where permitted under applicable Indian law, including the DPDP Act and the Information Technology Act, 2000 and rules thereunder, as well as sector-specific obligations. Depending on context, processing may be based on your consent, performance of a contract, compliance with legal obligations, protection of your or others' vital interests, or legitimate interests that are not overridden by your rights.
5.1 Operating the Platform
Creating accounts, authenticating users, displaying pricing, matching Trips with Partners, routing, ETA notifications, issuing invoices and receipts, and customer support.
5.2 Payments, risk, and compliance
Processing Fees, detecting fraud and abuse, meeting tax and audit obligations, responding to lawful requests from government authorities, and enforcing our Terms.
5.3 Safety and integrity
Investigating incidents, enforcing bans on prohibited cargo, protecting users and Partners, and securing systems against intrusion or denial-of-service attacks.
5.4 Improvement and analytics
Understanding feature usage in aggregated or de-identified form, debugging, product development, and training models only where compatible with this Policy and applicable law (we do not sell your personal data).
5.5 Marketing
Sending promotional communications where permitted—often based on consent or soft opt-in for similar products—with opt-out in each channel where required.
7. Cross-border processing
Primary processing occurs in India. Subprocessors (e.g. cloud regions, global communications APIs) may use facilities outside India where contractually required compatibility with Indian cross-border transfer rules is maintained, including standard contractual clauses, adequacy decisions, or other permitted mechanisms under the DPDP Act and rules as they come into force.
We assess vendor locations and security commitments during onboarding and periodically thereafter.
8. Retention
8.1 General approach
We retain personal data only as long as necessary for the purposes above, including statutory, tax, and dispute-resolution timelines.
Trip and billing records may be kept for multi-year periods consistent with GST, contract, and litigation limitation rules.
8.2 Deletion and minimization
Where retention is no longer required, we delete or de-identify data subject to backups and archival systems that age out over reasonable cycles.
9. Security of personal data
9.1 Safeguards
We implement reasonable technical and organizational measures appropriate to the sensitivity and volume of data—we aim in good faith to align with commonly referenced practices including access control (least privilege), encryption in transit for standard web and app channels, segregation of production environments, logging and monitoring, vulnerability management, vendor security reviews, and personnel confidentiality obligations.
9.2 Your responsibilities
Use strong passwords (or SSO where offered), protect OTPs, log out of shared devices, keep app versions updated, and report suspected compromise to us immediately.
9.3 Incidents
No system is risk-free. If a breach materially affects your personal data and the law requires notification, we will take steps to notify regulators and affected users as prescribed.
10. Your rights and choices
10.1 Access, correction, and updates
You may access and update certain profile fields in-app; for broader requests, contact Saqulain at privacy@liftngo.com.
10.2 Withdrawal of consent
Where processing is consent-based, you may withdraw consent by using in-product controls or contacting us. Withdrawal does not affect lawfulness of prior processing; some services may cease if processing is essential to deliver them.
10.3 Erasure and restriction
You may request deletion or restriction where applicable law allows. We may retain minimal records where statute, tax law, or unresolved disputes require.
10.4 Grievance redressal (India)
If you have concerns about how we process personal data, contact our Grievance Officer, Saqulain, at privacy@liftngo.com with sufficient detail (account phone/email, approximate dates, description of issue).
We will engage in good faith to resolve complaints within timelines compatible with the DPDP Act and rules as applicable. You may also have rights to escalate to the Data Protection Board of India (or successor body) once operational under law.
10.5 Nomination
Where the DPDP Act provides for nomination by a user in case of death or incapacity, we will publish or honor procedures consistent with notified rules.
12. SMS, WhatsApp, email, and push
Operational messages (booking status, OTPs, security alerts, invoice availability) are sent as needed to perform our contract with you and keep accounts safe.
Marketing or promotional messages are sent where permitted and with controls to opt out except where transactional messages must continue.
WhatsApp or SMS use follows channel policies, your registration consent where required, and applicable telemarketing norms (including India-specific TRAI frameworks where they apply to commercial communications).
13. Children
The Platform is not directed to children under eighteen (18). We do not knowingly collect personal data from minors for contract formation. If you believe we have collected a minor's data improperly, contact us for prompt review and deletion subject to law.
14. Automated processing
We may use rules-based systems or analytics for fraud scoring, surge or dynamic pricing surfaces, partner matching, and safety interventions.
We do not make solely automated decisions with legal or similarly significant effects without human review where such review is required by applicable law.
15. Fair processing notice
Liftngo processes personal data fairly and for specified purposes. Where consent is the basis, we seek clear, informed, opt-in consent where required and allow withdrawal as described above.
You may request information about significant processors acting on our behalf through Saqulain at privacy@liftngo.com, subject to commercial confidentiality and security.
16. Changes to this Policy
We may update this Policy to reflect legal, technical, or business changes. Material updates will be communicated by reasonable means—email to your registered address, in-app notice, or prominent website posting. Continued use after the effective date may constitute acceptance where law permits; where fresh consent is required, we will obtain it.
The "Last updated" date at the top of this page will change when we publish revisions.
17. Contact
Grievance Officer & Nodal Contact (Customer Support, Data Protection): Saqulain. Data protection and personal-data grievance inquiries: privacy@liftngo.com.
Legal notices may also reference addresses on our Contact page or corporate filings.