Cookie Policy

Effective Date: June 2025
Last Updated: June 2025

Welcome to Luxy™ — operated by Luxy Technologies, Inc., a Delaware corporation (”Luxy™”, ”we”, ”our”, or ”us”). This Privacy & Cookie Policy explains how we collect, use, store, share, and protect personal information through our services, including our website, mobile apps, platforms, and tools (collectively, the “Services”).

We take privacy seriously and are committed to complying with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and all other applicable data protection laws.

1. Who This Policy Applies To

This Policy applies to all individuals who interact with our Services, including:

• Clients who use Luxy™ to book rides or request transportation
• Drivers and partner transportation providers who provide services through our platform
• Corporate administrators managing rides for their organization
• Website visitors, support contacts, and other platform users

If you use Luxy™ in multiple roles (e.g., a Client and a Driver), this Policy applies to all relevant activities.

2. Data We Collect

We collect personal data directly, automatically, and through third-party integrations:

• Information You Provide
  • Account creation: name, email, phone number, password
  • Bookings: pickup/drop-off addresses, payment method, special instructions
  • Driver onboarding: driver’s license, insurance, background check data
  • Support requests: customer messages, emails, and chat transcripts
  • Corporate accounts: employee contact info, billing data
  • SMS/MMS programs: opt-in phone number and message preferences
• Information We Collect Automatically
  • Device info: IP address, OS, model, browser, language
  • Location data: GPS and IP-based geolocation (when permitted)
  • Usage data: app navigation, clickstream, time on page, bookings abandoned
  • SMS/call logs: time, date, caller ID, not message content
• Information from Other Sources
  • Third-party logins (e.g., Google, Facebook)
  • Corporate employer platforms
  • Marketing tools and analytics vendors
  • Public sources or transportation compliance databases

3. How and Why We Use Personal Data

We use your data to operate, enhance, and protect our Services, including:

• Fulfilling transportation requests and connecting you with Drivers
• Processing payments securely
• Authenticating users and maintaining platform integrity
• Sending trip notifications, ETAs, receipts, and service messages
• Improving our Services through analytics, heatmaps, and user behavior
• Sending promotions, loyalty rewards, and discounts (with consent)
• Enabling social sharing (split fares, shared rides, ETA tracking)
• Complying with legal, financial, and transportation regulations

Example: If you begin booking a ride but don’t complete it, we may send you a reminder via email or SMS, using cookies to identify the abandoned trip.

4. Legal Grounds for Processing

We process your data under the following legal bases (per GDPR Art. 6):

Processing Activity	Legal Basis
Booking rides, creating accounts	Contractual necessity (Art. 6(1)(b))
Verifying drivers, complying with transport law	Legal obligation (Art. 6(1)(c))
Analytics and performance optimization	Legitimate interest (Art. 6(1)(f))
Marketing via email/SMS	Consent (Art. 6(1)(a))
Managing safety, fraud, platform integrity	Legitimate interest (Art. 6(1)(f))

You can withdraw consent at any time by emailing support@luxyride.com.

5. Cookies & Tracking Technologies

We use cookies and similar technologies (e.g., SDKs, pixels, tags) to:

• Enable platform security and logins (essential)
• Measure website performance (analytics)
• Deliver relevant ads (marketing/retargeting)

Cookie Category	Purpose
Essential	Ensures site security, user login, and ride booking
Analytics	Tracks usage patterns, heatmaps, and engagement (e.g., Google Analytics)
Marketing	Displays personalized ads across channels (e.g., Facebook, Google Ads)

You can adjust cookie preferences in your browser at any time.

6. Platforms That May Use Cookies

We partner with reputable platforms that may set cookies or process user data:

• Amazon Web Services (AWS) — secure data hosting and cloud storage
• Google Suite — Gmail, Docs, Calendar, and Firebase (tracking, analytics)
• Google Analytics / Ads / Tag Manager / Fonts
• Microsoft Bing Ads / Clarity
• LinkedIn Marketing Solutions
• SEMrush / Ahrefs — SEO and site tracking
• Klaviyo, Emotive.io — email/SMS automation
• Braintree (PayPal) — payment processing
• Hotjar — heatmap and user behavior tracking
• Slack, HubSpot, Mailgun — internal collaboration and messaging

This list is not exhaustive and may evolve. All third parties are bound by data protection contracts and operate under applicable law.

7. How We Share Data

We do not sell your personal data. We may share it with:

• Drivers, to fulfill your ride requests
• Corporate admins, if you ride under a business account
• Third-party processors, such as payment gateways, SMS delivery, analytics platforms
• Legal or regulatory authorities, if required by law or subpoena
• Other users, if you initiate shared rides, referrals, or split payments
• New entities, in case of merger, acquisition, or asset sale (with notice)

Data shared is always minimized, encrypted where applicable, and subject to strict contractual controls.

8. International Data Transfers

Some of our infrastructure and vendors are based in the United States and other countries that may not have equivalent privacy laws to your home jurisdiction.

To safeguard transfers:

• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• We implement encryption, pseudonymization, and access controls
• We vet all partners to ensure compliance with data protection best practices

9. Data Retention

We retain personal data only for as long as it’s necessary for legitimate business or legal purposes:

Data Type	Retention Period
User accounts	Until manually deleted by the user
Trip history	Minimum 7 years (for financial/audit)
Driver compliance docs	As required by transport law
Marketing data	Until opt-out or 24 months of inactivity
Logs/analytics	Up to 24 months, then anonymized

Inactive accounts may be retained for platform safety unless deletion is requested.

10. Your Rights Under GDPR

If you are in the EEA or UK, you have the right to:

• Access your data
• Rectify inaccurate or incomplete data
• Request deletion (right to be forgotten)
• Restrict processing in certain cases
• Object to data use (e.g., for marketing)
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with your local supervisory authority

Contact us at support@luxyride.com to exercise these rights.

11. Children’s Privacy

We do not knowingly collect data from individuals under the age of 18. Children may not use Luxy™ services alone. If we learn that a minor has submitted personal data without parental consent, we will delete it promptly.

12. Security Measures

We implement industry-standard security practices to protect your data:

• Encrypted data storage (AES-256) via AWS
• Secure HTTPS encryption (TLS) for all transmissions
• Multi-factor authentication for admin access
• Access control and audit logging
• Regular security assessments and penetration testing

Despite our safeguards, no system is 100% immune — we continuously monitor and improve.

13. Your Choices

• Modify your account data in your profile settings
• Unsubscribe from marketing emails at any time
• Withdraw consent by emailing support@luxyride.com
• Control cookies via browser settings
• Request deletion of your personal data through a formal request

14. Changes to This Policy

We may revise this policy from time to time. If significant changes are made, we will notify you by:

• Posting updates on our website or app
• Sending emails or push notifications

Continued use of the Services constitutes agreement to the new terms.

15. Contact Us

Luxy Technologies, Inc.
30 Controls Drive, Shelton, CT 06484📧support@luxyride.com