Privacy Policy

1.1 Personal Information: - Name, phone number, email address - Driver license number and type - Vehicle registration details - Address and location information - Profile pictures and document photos 1.2 Automatic Information: - Device information (model, OS version) - IP address and device ID - App usage patterns and interactions - Crash reports and error logs - Analytics data 1.3 Location Data: - GPS coordinates with user permission - Location history for emergency services - Map data for dealers and services - Trip routes and destinations 1.4 Payment Information: - Transaction records - Payment method details (tokenized, not stored in full) - Invoice and receipt history - Refund records 1.5 Communication Data: - Support messages and emails - Feedback and suggestions - Chat histories with support team - Complaint records

2.1 Service Delivery: - Verifying your identity and account - Processing transactions and payments - Providing support and resolving issues - Managing cab verification and compliance - Dispatching emergency services 2.2 Personalization: - Customizing content and recommendations - Showing nearby dealers and services - Displaying relevant fuel prices - Remembering your preferences 2.3 Safety & Security: - Detecting fraudulent activities - Preventing abuse and violations - Protecting against hacking attempts - Maintaining platform security 2.4 Communication: - Sending service updates and notifications - Notifying about document expirations - Sharing promotional offers (with consent) - Responding to inquiries 2.5 Analytics & Improvement: - Analyzing platform usage patterns - Improving features and services - Conducting research and surveys - Creating aggregate statistics

3.1 Encryption Standards: - End-to-end encryption for sensitive data - AES-256 encryption for data at rest - TLS/SSL for data in transit - Secure key management practices 3.2 Access Controls: - Role-based access to user data - Two-factor authentication available - Regular access audits - Employee data handling policies 3.3 Infrastructure Security: - Secure cloud servers with firewalls - Regular security audits and patches - DDoS protection mechanisms - Intrusion detection systems 3.4 Compliance: - GDPR compliant data handling - IT Act 2000 compliance - Regular security certifications - Third-party security assessments

4.1 Service Partners: - Insurance companies for policy information - FASTag providers for recharge services - Payment gateways for secure transactions - SMS and email providers for notifications - Map and location services - Analytics platforms 4.2 Data Sharing: - We only share necessary data with partners - Partners sign data protection agreements - No selling of personal data - Sharing only with user consent for specific services 4.3 External Links: - Third-party websites have separate privacy policies - We are not responsible for external sites - Review third-party privacy policies before sharing data 4.4 Government Requests: - We comply with legal and government directives - Data shared only with proper legal documentation - User notification when possible

5.1 GPS Permissions: - Requesting location access during account setup - GPS used only for app services - Location can be disabled anytime in settings - Precise location not stored permanently 5.2 Emergency Services: - GPS data used for emergency dispatch - Location shared with nearby helpers - Real-time tracking during emergencies - Data deleted after emergency resolution 5.3 Fuel Prices: - Location used to show relevant fuel prices - Approximate location only (not precise) - General area tracked for analytics 5.4 Privacy Controls: - Users can disable location anytime - App functions limited without location - Location history not accessible by other users

6.1 Cookies: - Session cookies for user authentication - Preference cookies for settings - Analytics cookies for usage tracking - Marketing cookies (only with consent) 6.2 Web Tracking: - Cookies used on DUFC website - Third-party analytics (Google Analytics) - Retargeting pixels for advertising - Pixel tags for performance tracking 6.3 Opt-Out Options: - Users can disable cookies in browser settings - "Do Not Track" signals respected - Unsubscribe from marketing emails anytime - Disable advertising personalization 6.4 Mobile App Tracking: - App usage analytics - Crash reporting services - Performance monitoring

7.1 Right to Access: - Request copy of your personal data anytime - Data provided in machine-readable format - Free access request once per year - Additional requests may have nominal fees 7.2 Right to Correction: - Update incorrect personal information - Modify document details - Correct address and contact information - Self-service updates in app 7.3 Right to Deletion: - Request deletion of your account - Personal data deleted within 30 days - Transaction records retained for legal compliance - Irreversible deletion of sensitive information 7.4 Right to Restrict: - Opt-out of marketing communications - Disable location tracking - Restrict data processing for specific purposes - Disable cookies and tracking 7.5 Data Portability: - Export your data in standard format - Transfer data to another service - Available on request within 30 days

8.1 Active Account Data: - Personal information retained while account active - Documents stored for 2 years after expiry - Payment records kept for 7 years (tax compliance) - Support tickets retained for 1 year 8.2 After Account Deletion: - Personal data deleted within 30 days - Transaction history kept per legal requirements - Aggregated analytics data retained - Communication archives deleted 8.3 Legal Holds: - Data retained if under legal investigation - Government orders followed for data retention - Compliance with tax and regulatory requirements 8.4 Backup Data: - Deleted data removed from active systems - Backup copies destroyed within 90 days - No recovery of deleted personal data

9.1 Age Requirement: - DUFC is for users 18 years and older - No intentional collection from minors - Parents/guardians responsible for minor access 9.2 Parental Controls: - Restricted access for accounts under 18 - Guardian consent required - Limited features available - Enhanced privacy protections 9.3 Minor Data Handling: - Stricter data protection for minors - No marketing to minors - Limited data sharing - Enhanced security measures

10.1 GDPR Compliance (EU Users): - Your data processed per GDPR requirements - Lawful basis for processing established - Data Protection Officer available - Your rights as per GDPR protected 10.2 Data Transfers: - Data may be transferred to India for processing - Standard contractual clauses in place - Adequate safeguards maintained - International transfer agreements signed 10.3 Regional Laws: - Compliance with applicable local laws - Right to be forgotten (where applicable) - Data subject rights respected - Local data protection regulations followed

11.1 Data Breach Response: - Immediate investigation of breaches - Containment of unauthorized access - Assessment of breach impact and data affected 11.2 User Notification: - Notified within 72 hours of breach discovery - Notification via email and in-app message - Details of breach and steps we took - Recommendations for user protection 11.3 Regulatory Notification: - Authorities notified per legal requirements - Public disclosure if required by law - Cooperation with investigations 11.4 Prevention Measures: - Regular security audits and penetration testing - Continuous monitoring for threats - Security training for employees - Incident response plan in place

12.1 Changes to Privacy Policy: - DUFC may update this policy anytime - Material changes notified via email - Notification sent 30 days before changes - User consent required for material changes 12.2 Notification Method: - Email notification to registered address - In-app notification banner - Website announcement - Prominent display of changes 12.3 Effective Date: - Changes effective after notification period - Continued use implies acceptance - Users can review previous versions - Archive of old policies maintained

For privacy concerns or requests: Email: privacy@dufc.in Phone: 1800-XXX-XXXX Address: New Delhi, India Response Timeline: 7 business days Escalation: If unsatisfied with response, escalate to: - Data Protection Officer - Grievance Officer - Legal team GDPR Representative (EU): - Formal request handling per GDPR - Supervisory authority complaints - Data protection rights enforcement

14.1 External Websites: - DUFC contains links to third-party sites - We are not responsible for external privacy policies - Review third-party privacy policies before use - Data shared with third parties separately 14.2 Social Media: - Sharing DUFC content on social media - Third-party privacy policies apply - We don't control social media data - Separate privacy agreements with each platform

15.1 Sensitive Information: - Biometric data (if used) encrypted and secured - Health information (if shared) highly protected - Financial data tokenized and secured - Government IDs stored securely 15.2 Processing Restrictions: - Sensitive data processed only for core services - No third-party sharing without explicit consent - Enhanced security for sensitive information - Special consent required for collection