Privacy Policy

Last updated: 2025-12-12

1. Who we are

This Privacy & Cookie Policy explains how MovL (“we”, “us” or “our”) collects, uses, discloses and protects personal data when you visit our websites, create an account or book transportation services in the District of Columbia, Maryland, Virginia and other territories where we operate.

We act as a data controller for customer and prospect data. For some processing activities (for example, payment processing by Stripe or mapping services by Google) we rely on third‑party processors acting on our behalf.

2. Scope of this policy

This policy applies to:

  • Visitors to our websites and booking pages;
  • Registered users, passengers and business contacts;
  • Recipients of our marketing communications;
  • Support contacts who open tickets or requests.

It does not cover processing performed by third‑party websites or apps that may link to or integrate with our services.

3. Data we collect

We collect and process the following categories of personal data:

  • Identity and contact data – name, email address, phone number, language preference, company, billing details.
  • Booking and itinerary data – pickup and drop‑off addresses, dates and times, flight numbers, passenger counts, luggage details, vehicle type, route distance and duration, notes to driver.
  • Account and authentication data – login email, hashed passwords, security logs, role and permissions.
  • Payment data – partial card details, tokenised identifiers, PaymentIntent IDs, billing postal code and fraud signals. Full card numbers are processed and stored by Stripe; we do not store them on our servers.
  • Driver and fleet data – driver name, masked phone, license and vehicle identifiers where required for operations.
  • Support and communications data – messages, support tickets, internal notes, ratings and satisfaction scores.
  • Technical and usage data – IP address, device and browser information, cookies, usage logs, approximate location, pages viewed, referral information and campaign identifiers.

4. How and why we use your data

We use personal data for the following purposes and, where applicable, on the following legal bases:

  • To provide our services – to create and manage bookings, assign drivers and vehicles, send confirmations, updates and receipts, operate user dashboards and respond to support requests (performance of a contract).
  • To process payments – to initiate, verify and reconcile deposits, fees and balances via Stripe, and to handle refunds, chargebacks and disputes (performance of a contract and legitimate interests; compliance with legal obligations).
  • To ensure safety, security and fraud prevention – to monitor suspicious activity, protect accounts, enforce our terms and maintain the integrity of our platform (legitimate interests and, where relevant, legal obligation).
  • To improve our services – to analyse usage, service quality, vehicle utilisation, route performance and support trends (legitimate interests, using analytics cookies only where consent is given in applicable jurisdictions).
  • To send marketing communications – to send offers, product updates and content where you have opted in or where permitted by law (consent or legitimate interests, with the ability to opt out at any time).
  • To comply with law – to meet tax, accounting, regulatory and transport‑sector requirements and to respond to lawful requests from competent authorities (legal obligation).

5. Cookies and similar technologies

We use cookies and similar technologies (such as local storage, pixels and tags) to operate and secure our services, remember your preferences and measure performance. Our cookie categories include:

  • Strictly necessary cookies – required to operate the website, maintain secure sessions, remember language and protect against fraud. These cookies are always active and do not require consent.
  • Functional cookies – help us remember your preferences (such as locale, recent bookings or saved form values) and improve your experience.
  • Analytics cookies – help us understand how visitors use our site (for example, through Google Analytics) so that we can improve performance and usability.
  • Advertising / marketing cookies – help measure campaigns and, where applicable, show you relevant content and offers.
  • Third‑party cookies – may be set by providers such as Stripe (payments), Google Maps (maps and places) and, where enabled, analytics vendors.

By default we only set strictly necessary cookies. In regions where laws such as the EU General Data Protection Regulation (GDPR), the UK GDPR or the ePrivacy Directive apply, we only activate analytics and marketing cookies after you give consent via the cookie banner. You can accept all cookies or reject non‑essential cookies at any time by using the controls in the banner or by clearing your cookie preferences and re‑visiting the site.

In certain US jurisdictions (including California under the CCPA/CPRA), some cookies and tracking technologies may be treated as a “sale” or “sharing” of personal information for cross‑context behavioural advertising. Where required, we honour your choices and do not use analytics or marketing cookies unless you have opted in.

6. Data sharing

We only share personal data where necessary and with appropriate safeguards, including:

  • Service providers – such as Stripe (payments), hosting providers, email and SMS providers, analytics and security vendors who process data on our behalf under written agreements.
  • Transportation partners and drivers – limited booking details necessary to fulfil your ride, such as passenger name, pickup details and contact information.
  • Affiliates and business partners – where you or your organisation use our services under a partnership or corporate agreement.
  • Authorities and regulators – where required by applicable law, court order or to protect our rights, safety or property, or that of our users or the public.
  • Corporate transactions – in connection with a merger, acquisition or sale of assets, subject to appropriate confidentiality and data protection safeguards.
  • With your consent – where you authorise us to share information in other ways.

7. International transfers

Our infrastructure and some service providers may be located outside your country of residence. Where we transfer personal data from the European Economic Area (EEA), the UK or Switzerland to countries without an adequacy decision, we rely on appropriate safeguards such as European Commission‑approved Standard Contractual Clauses and additional technical and organisational measures.

8. Data retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy and to comply with our legal, accounting and reporting obligations. In general:

  • Booking records and invoices are kept for the period required by tax and commercial laws (often 5–10 years);
  • Support tickets and operational logs are retained for a period that allows us to investigate incidents and improve services;
  • Marketing preferences are stored until you revoke your consent or object to further communications;
  • Analytics data is retained in aggregate or pseudonymised form where possible.

9. Your rights

Your privacy rights depend on your location and applicable law, but may include:

  • Access – to obtain a copy of the personal data we hold about you.
  • Correction – to request that inaccurate or incomplete data be corrected.
  • Deletion – to request deletion of your personal data where there is no overriding reason to keep it.
  • Restriction – to request that we limit how we use your data in certain circumstances.
  • Portability – to receive personal data you provided in a structured, commonly used and machine‑readable format, and to transmit it to another controller where technically feasible.
  • Objection – to object to processing based on legitimate interests, including direct marketing.
  • Withdrawal of consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Residents of certain US states (such as California, Virginia, Colorado, Connecticut or Utah) may have additional rights, including the right to opt out of certain targeted advertising or “sale”/“sharing” of personal information, subject to statutory exceptions.

To exercise your rights, please contact us using the contact details below. We may need to verify your identity before responding. You may also be entitled to authorise an agent to act on your behalf in some jurisdictions.

10. Children

Our services are not directed to children under 16 years of age, and we do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us so that we can delete it where appropriate.

11. Changes to this policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you through the website or by email.

12. Contact us

If you have questions about this policy, our use of your personal data or your privacy rights, you can contact us using the details on our website or by emailing [email protected].

Depending on your location, you may also have the right to lodge a complaint with your local data protection authority. We would, however, appreciate the chance to address your concerns before you approach a regulator, so please contact us first.

13. Legal notice

This template is provided for informational purposes to help illustrate a privacy and cookie policy aligned with common requirements under EU (GDPR, ePrivacy) and US state privacy laws (including CCPA/CPRA). It does not constitute legal advice. Your organisation is responsible for reviewing, customising and, where appropriate, localising this text with qualified counsel to ensure compliance with all laws and industry‑specific obligations that apply to your use of MovL.