Privacy Policy
At GeeGee, your privacy is our responsibility and priority. This Privacy Policy explains how we collect, use, protect, and manage your personal information. We are committed to transparency and compliance with Canadian privacy law (PIPEDA), the EU's GDPR, and other global standards. Whether you're a rider, driver, or visitor, this policy outlines your rights and our obligations. If you have any questions, please contact us via our privacy email.
Last Updated: February 13, 2026
Back to Home1. Overview & Introduction
GeeGee ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy ("Policy") explains what personal information we collect, how we use it, how we protect it, and your rights regarding your data. This applies to all interactions with GeeGee, including via our mobile applications (iOS/Android), website, and related services.
We recognize that privacy is a fundamental right, especially in Canada where PIPEDA (Personal Information Protection and Electronic Documents Act) sets strict standards for handling personal information in the private sector. We also comply with the General Data Protection Regulation (GDPR) for users in the EU and equivalent laws in other jurisdictions.
Our approach is guided by principles of transparency, fairness, and accountability. We collect only necessary information, use it for legitimate purposes, ensure its security, and give you control over your data. If this Policy conflicts with our Terms of Service or other agreements, the more privacy-protective provision shall apply.
This Policy is subject to change. We will notify you of material updates via email, in-app notifications, or website postings at least 30 days before changes take effect for GDPR-relevant updates. Your continued use after changes indicates acceptance. Please review this Policy regularly.
2. Information We Collect
Account Information: When you create a GeeGee account, we collect your full legal name, email address, phone number, date of birth (for age verification), and profile photo. For drivers, we also collect government-issued ID (scanned for verification), driver's license number, vehicle registration, insurance details, banking information for payouts, and emergency contact information.
Location Data: Real-time GPS location is collected during rides to match drivers/riders, calculate fares, and track progress. For pre-orders booked in advance, pickup and drop-off locations are stored. Location history may be retained for a limited period for safety/dispute resolution. You can adjust location permissions in your device settings.
Payment Information: Payment methods (credit/debit cards, digital wallets) are processed by third-party processors like Stripe or Moneris; we do not directly store full card details. We do store transaction history including amounts, dates, and descriptions.
Communications: We collect messages between you and drivers/riders, support communications, feedback, and reviews. These are used to improve service, resolve disputes, and detect fraud.
Usage Data: We collect information about how you use the Service: pages visited, features used (e.g., pre-order, pet-friendly search), search queries, ride duration, fare breakdowns, and interaction with promotional content. This helps us improve user experience and personalize features.
Device & Technical Data: We collect your device type, OS version, app version, IP address, browser type, and crash/error logs. This enables app functionality and troubleshooting.
Biometric Data (where applicable): If you use facial recognition for login verification or driver identity checks, we collect and process biometric data. This is processed with enhanced security and only with explicit consent.
Data from Third Parties: Background check providers, insurance companies, and government agencies may share information to verify driver eligibility. We also receive data from your device (contacts, calendar) if you grant permissions, used for referrals or ride scheduling.
Aggregated & Anonymized Data: We create aggregated reports (monthly open data) on ride patterns, demand maps, and accessibility usage, shared publicly without personally identifying information. This information is used for research, city planning, and transparency.
3. How We Use Your Information
Service Delivery: To process ride requests, match drivers and riders, calculate fares, collect payments, handle refunds/disputes, and provide customer support. Location data is essential for this purpose.
Safety & Security: To verify user identities, conduct background checks, detect fraud (e.g., GPS spoofing, fake accounts), prevent unauthorized access, and investigate safety incidents. We may use AI/analytics to identify suspicious patterns.
Communication: To send transactional messages (booking confirmations, receipts, support replies), promotional content (with your consent), service updates, and legal notices. You can opt out of promotional emails anytime.
Improvement & Analytics: To understand user behavior, identify trends, improve features (e.g., pre-order discounts, vulnerable rider protections), and optimize the Service. We use data analytics and machine learning for these purposes.
Personalization: To customize your experience (e.g., suggesting group rides, recommending drivers, pre-filling preferences). You can control some personalization via settings.
Legal & Regulatory: To comply with laws, respond to legal requests, prevent fraud, and protect rights. We may disclose data to authorities when required by law or for public safety.
Marketing & Partnerships: With your consent, we may share aggregate/anonymized data with partners (e.g., city planners for transit analysis) or use your interaction data for targeted advertising. You can opt out of marketing communications anytime.
Open Data Initiative: Anonymized, aggregated ride data is published monthly to promote transparency and support research/planning. No individual information is included.
4. Data Retention & Deletion
Active Accounts: We retain account information while your account is active. This includes profile data, contact information, and transaction history accessible within the app.
After Account Deletion: Upon your request, account data is deleted within 30 days, except where retention is required by law (e.g., tax records, fraud prevention). Deleted data may be retained in anonymized or aggregated form for analytics.
Transaction Records: For audit, tax, and dispute resolution, we retain transaction history for 7 years as required by Canadian tax law (CRA). Location data associated with completed rides is retained for 6 months, then anonymized.
Communications & Support Tickets: Messages, support conversations, and feedback are retained for 3 years for training, dispute resolution, and legal purposes. You can request deletion of personal communications upon account deletion.
Device & Technical Data: Logs and crash reports are retained for 90 days. IP addresses are retained for 12 months for security.
Biometric Data: If collected, processed biometric data (e.g., facial vectors from identity checks) are deleted within 30 days after verification unless you consent otherwise. Raw biometric images are not stored.
Cookies & Tracking: Session cookies expire at logout; persistent cookies remain for 1 year unless cleared. You can clear cookies via browser settings.
Right to Deletion (GDPR/PIPEDA): You have the right to request deletion of your data subject to legal or contractual obligations. This is your "right to be forgotten" under GDPR. We will comply within 30 days where feasible.
Data Subject to Legal Holds: If data is subject to litigation, regulatory investigation, or other legal holds, it may be retained until resolved. We will notify you of such holds where permitted by law.
6. Security & Data Protection
Technical Measures: We use industry-standard encryption (TLS 1.3 for transit, AES-256 at rest), secure servers, access controls, firewalls, and regular vulnerability scans. Payment data is tokenized.
Administrative Measures: Employee training on privacy, need-to-know access, non-disclosure agreements. We conduct annual audits and DPIAs for high-risk processing.
Breach Response: In case of a breach, we notify affected users within 48-72 hours (per GDPR/PIPEDA), provide mitigation steps, and report to authorities.
Security Features: Two-factor authentication (2FA), biometric login options, automatic session timeouts, fraud detection AI.
Physical Security: Data centers have 24/7 monitoring, access control, surveillance, and environmental controls.
Limitations: While we implement robust security, no system is 100% secure. You are responsible for protecting your password and account. Report suspicious activity immediately.
Third-Party Security: Service providers are contractually required to maintain equivalent security standards. We audit compliance periodically.
8. Your Privacy Rights & Choices
Right to Access: You have the right to request details of the personal data we hold about you. We will provide this information in a clear, portable format (e.g., CSV, PDF) within 30 days of your request.
Right to Correction: You can update account information (name, email, phone) via your profile settings anytime. Contact us if you need help correcting other data.
Right to Deletion: You can request deletion of your account and associated data. We will delete it within 30 days, except where retention is legally required. Some data (e.g., tax records) may be retained per law.
Right to Data Portability: You can request your data in a structured, portable format (e.g., JSON, CSV) to transfer to another service. We will provide this within 30 days.
Right to Restrict Processing: You can ask us to limit how we use your data (e.g., no marketing emails, no analytics). We will accommodate this unless there are legal/contractual reasons not to.
Right to Object: You can object to processing for marketing, profiling, or other non-essential purposes. We will stop processing for those purposes within 30 days.
Right to Withdraw Consent: If you provided consent for specific uses (e.g., biometric data processing, marketing emails), you can withdraw it anytime via account settings or by contacting us.
Marketing Preferences: Opt out of promotional emails via the unsubscribe link in emails or your account settings. This may take up to 5 business days.
Cookie Controls: Manage cookies via browser settings or our cookie preference center in the footer of our website.
Location Controls: On mobile, you can adjust location permissions in device settings (iOS: Settings > Privacy > Location; Android: Settings > Apps > Permissions > Location).
How to Exercise Rights: Submit requests via our Privacy Officer contact info (Section 14) or your account settings. We may need to verify your identity before processing.
9. GDPR & PIPEDA Compliance
PIPEDA (Personal Information Protection and Electronic Documents Act): As a Canadian company, GeeGee is subject to PIPEDA for handling personal information. We comply with PIPEDA's 10 principles: accountability, identifying purposes, consent, limiting collection/use/disclosure/retention, accuracy, safeguards, openness, user access, challenging compliance, and complaint procedures. Our Privacy Officer oversees PIPEDA compliance (contact info below).
GDPR (General Data Protection Regulation): If you are an EU resident, your data is protected under GDPR. We have a Data Protection Officer (DPO) and an EU representative. GDPR rights detailed in Section 8 apply to you. We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing and have Data Processing Agreements (DPAs) with all sub-processors. Legal basis for processing includes: performance of contract (service delivery), legal obligation (tax, safety), legitimate interests (fraud prevention, analytics), and consent (marketing, biometrics).
Standard Contractual Clauses (SCCs): For international data transfers from the EU, we use standard contractual clauses approved by the European Commission. This ensures adequate safeguards despite differences in law.
Privacy Shield Alternative: We participate in privacy frameworks ensuring EU-compliant processing. Check our documentation for current commitments.
PIPEDA Breach Notification: If a breach affects your privacy, we notify you as soon as possible (within 30 days) with details of the breach, types of info affected, suspected timing, and steps to take. We also report to the Privacy Commissioner.
GDPR Breach Notification: For EU residents, we notify within 72 hours of discovering a breach (48 hours in some cases) to the relevant supervisory authority (DPA) and within 30 days to affected individuals.
Right to Lodge a Complaint: Under GDPR, you can file complaints with your local supervisory authority (e.g., CNIL in France, EDPB) if you believe we've breached your rights. Contact our DPO first if you'd like us to address your concern.
10. International Data Transfers
Where We Process Data: GeeGee primarily processes data in Canada (primary servers in Toronto, ON). Cloud storage via AWS may distribute data across US and other regions. Some third-party vendors (e.g., analytics) may process data internationally.
Protection for International Transfers: We ensure transferred data maintains Canadian and GDPR-equivalent protections using: (1) Standard Contractual Clauses for EU-to-US transfers, (2) Data Processing Agreements with all vendors, (3) Adequacy decisions where available, and (4) Additional safeguards (encryption, access controls).
US Data Transfers: If data is transferred to the US, be aware US law permits some government access (e.g., FISA requests). We minimize this risk through encryption, data minimization, and vendor selection.
Your Consent: By using GeeGee, you consent to processing in Canada and potentially other jurisdictions. If you do not consent, discontinue service use.
11. Children's Privacy
Age Requirement: GeeGee is not intended for children under 18. We do not knowingly collect data from minors unless they have parental consent. Users under 18 must have a parent or guardian agree to the Terms and this Policy.
Parental Control: Parents can review, update, or delete their child's data by contacting us with proof of guardianship.
If We Discover a Minor's Data: We will delete it promptly and notify the parent/guardian.
Canada's Laws: Canada does not have strict COPPA-equivalent laws, but PIPEDA applies. We are more protective of minors' data, restricting marketing, analytics, and sharing without explicit parental consent.
12. Third-Party Links & Services
External Links: Our website/app may contain links to third-party sites (e.g., partners, payment gateways). We are not responsible for their privacy practices. Always review their privacy policies before providing data.
Third-Party Services Integrated: We use services like Google Maps (for routing), Stripe (for payments), and analytics platforms. These have separate privacy policies; their collection and use are governed by their terms, not ours.
Your Responsibility: Ensure you understand third-party privacy practices before interacting with embedded services or external links.
13. Changes to This Policy
Updates: We may update this Policy to reflect changes in privacy laws, our practices, or new features. Material changes will be communicated at least 30 days before taking effect via email, in-app notification, and website posting.
Your Acceptance: Continued use after changes indicates acceptance. If you disagree with updates, discontinue service.
Version History: Previous versions of this Policy are available upon request. We maintain a changelog for reference.
14. Contact & Data Protection
For questions, requests, or concerns about our privacy practices, contact us:
EU Data Protection Officer (DPO): For GDPR-related matters, dpo@geegee.ca or through our website footer.
EU Representative: We have an EU representative for GDPR compliance. Contact details available on our website.
Response Time: We aim to respond to requests within 14-30 days for general inquiries and within 30 days for formal rights requests (access, deletion, portability).
Complaint Process: If you're unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., Office of the Privacy Commissioner of Canada for PIPEDA concerns).
Thank you for trusting GeeGee with your data. We are committed to protecting your privacy and maintaining the highest standards of data protection.