Skip to main content

Luxeride Privacy Policy

Luxeride AI Support Agent avatar
Written by Luxeride AI Support Agent
Updated over a week ago

Last updated: 12 January 2025

Controller: Luxeride Sàrl, Rue de Genève 100, 1004 Lausanne, Switzerland (“Luxeride”, “we”, “us”)
Contact: contact@luxeride.io

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use the Luxeride website, app, and related services (the “Services”), and what rights you may have. Luxeride is a Swiss company operating internationally. The Services are not offered to users located in the United States or Canada.

1) Key roles: Luxeride, Customers, and End Users

Luxeride is a SaaS platform used by businesses (“Customers”) to manage vehicles, bookings, payments, ID verification, and e-signatures. Those businesses may use Luxeride to collect or manage data about their own clients (for example renters/drivers), referred to in this policy as “End Users”.

Depending on the context, Luxeride acts as:

A. Controller (Luxeride decides “why/how”)

We act as a controller for personal data we process to:

  • create and manage Luxeride user accounts and workspaces,

  • provide support and communicate with you,

  • manage subscriptions and billing for Customer accounts,

  • secure the Services, prevent fraud/abuse, and maintain logs,

  • comply with legal obligations.

B. Processor (Customer decides “why/how”)

When a Customer uses Luxeride to collect or manage End User data, the Customer is typically the controller of that End User data and Luxeride acts as a processor, processing that data on the Customer’s behalf and under its instructions.

C. Booking pages and direct End User interactions

End Users may interact directly with Luxeride-powered booking pages. In those cases:

  • The Customer remains responsible for the rental offering and customer relationship and is generally the primary controller for End User booking/contract data.

  • Luxeride may process certain data as controller for platform security, abuse prevention, and technical operation (e.g., logs, fraud signals).

If you are an End User and want to exercise rights about a booking, you should generally contact the relevant Customer first (see Section 10).

2) Personal data we collect

We collect personal data depending on your role and how you use the Services.

A. Customer workspace and user account data

  • Identity and contact: first/last name, email, phone (if provided), profile picture

  • Account data: password (hashed), login/session tokens, role/permissions, account type

  • Business/workspace data: company name, address, business phone/email, settings (currency, opening hours, booking rules, payment methods)

  • Operational data: vehicles, pricing packages, pickup locations, internal notes, and configuration content stored in the workspace

B. End User data (typically provided/controlled by Customers)

Depending on the Customer setup, this may include:

  • End User identity/contact: name, email, phone, address, date of birth (if collected)

  • Booking details: dates, vehicle, pricing package, options, mileage, deposit, totals, cancellation status, references, approvals

  • Payment-related identifiers: Stripe payment method IDs, payment intent IDs, “has been charged” status (we do not store full card numbers)

  • Contracts: compiled PDFs, signed PDFs, contract status and metadata

C. Identity verification data (Veriff)

If enabled by a Customer, ID verification may involve:

  • government ID images and extracted data,

  • selfie/liveness checks,

  • verification results, status, reference IDs, timestamps.

Important: ID verification processing is performed by Veriff under its own security and compliance processes. Luxeride and the Customer typically receive the verification result/status and related metadata, and may store limited verification references.

D. E-signature data

If enabled by a Customer, we may process:

  • signatory identity/contact details (as provided),

  • signature and audit trail metadata,

  • contract documents and signed versions.

E. Subscription and billing (Customer accounts)

  • billing email, subscription plan, status, renewal/expiry dates

  • Stripe customer/subscription identifiers

  • credit balances and credit purchase records (where applicable)

F. Support communications (Intercom) and email (Loops)

  • messages you send to support, chat transcripts, and attachments

  • email delivery metadata (delivery events, unsubscribes, bounce information)

G. Technical data

  • IP address, approximate location (country/city), device/browser info

  • usage logs, security logs, audit trails (actions taken in a workspace)

  • error logs and performance data

H. Google services

  • Google login: basic profile info needed to authenticate (e.g., Google account identifier, name, email), depending on what you authorize

  • Google Maps API: may process location-related inputs (e.g., pickup location search)

3) Sources of personal data

We collect data:

  • from you (account creation, workspace configuration, support messages),

  • from Customers (when they upload/manage End User data),

  • from End Users (when they enter booking details on Luxeride-powered booking pages),

  • from connected services (Stripe, Veriff, Skribble, Google).

4) Why we process personal data

We process personal data to:

  1. Provide the Services
    create accounts, run booking flows, generate contracts, enable payments, verification, and e-signatures.

  2. Operate and secure the platform
    authentication, role-based access control, monitoring, fraud/abuse prevention, audit logs.

  3. Manage subscriptions and billing
    invoicing, subscription lifecycle, credit usage and purchases.

  4. Provide support and communications
    respond to requests, service emails, operational notifications.

  5. Comply with legal obligations
    accounting, dispute handling, enforcement, and lawful requests by authorities

5) Legal bases (where applicable)

Depending on your jurisdiction and the nature of the processing, we rely on one or more of the following grounds:

  • Contract necessity (to provide the Services you request),

  • Legitimate interests (security, fraud prevention, service improvement, business operations),

  • Consent (where required, e.g., certain communications or non-essential cookies),

  • Legal obligation (accounting, compliance, lawful requests).

For End User data where Luxeride acts as processor, the Customer determines the legal basis and provides notices to its End Users.

6) Sharing and disclosure of personal data

We may share personal data with:

A. Sub-processors and service providers

We use third parties to operate the Services. These providers process data under contractual obligations and only as needed:

  • Stripe (payments, subscription billing)

  • Veriff (identity verification)

  • Skribble (e-signatures)

  • Intercom (support and help center communications)

  • Loops (email sending)

  • Cloudflare (security, performance, CDN)

  • Google (Google login; Google Maps API)

B. Customer workspace members

Data within a workspace may be accessible to authorized users (admin/owner/staff/viewer) based on roles and permissions set by the Customer.

C. Legal disclosures

We may disclose data if required by law, regulation, or legal process, or to protect rights, safety, and security.

D. Business transfers

If Luxeride is involved in a merger, acquisition, financing, reorganization, or asset sale, personal data may be transferred as part of that transaction with appropriate safeguards.

7) International data transfers and hosting

Luxeride is based in Switzerland, but the Services are hosted on infrastructure that may process and store data outside Switzerland, including in the United States (for example, due to cloud hosting and certain sub-processors).

Where required, we implement appropriate safeguards for cross-border transfers (such as contractual protections and recognized transfer mechanisms).

8) Data retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law. Current product approach: when a Luxeride account/workspace is terminated, associated data is deleted without undue delay, subject to limited exceptions:

  • legal/accounting obligations,

  • dispute resolution/enforcement needs,

  • security logs retained for a limited period,

  • backups that may persist temporarily until overwritten.

If you need an export before deletion, contact us at contact@luxeride.io.

9) Security

We use technical and organizational measures designed to protect personal data (access controls, role-based permissions, encrypted connections, and operational security practices). No system is perfectly secure, and you are responsible for safeguarding your credentials and using appropriate security hygiene.

10) Your rights and how to exercise them

Depending on applicable law, you may have rights such as:

  • access, correction, deletion,

  • objection or restriction,

  • portability (where applicable),

  • withdrawing consent (where processing is based on consent).

A. Customer users

Contact us at contact@luxeride.io. We may request verification to protect against unauthorized requests.

B. End Users of a Customer

If your data was submitted in connection with a booking offered by a Customer, that Customer is generally the primary controller. You should contact the Customer first.
If needed, we will support the Customer in fulfilling its obligations.

Complaints

If you believe your rights have been violated, you may have the right to lodge a complaint with the competent authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

11) Cookies

We do not currently run analytics or advertising trackers.The Services may still use essential cookies or similar technologies required for login, security, and core functionality. If we add analytics or marketing cookies in the future, we will update this Privacy Policy and, where required, provide appropriate controls and obtain consent.

12) Children

The Services are not intended for children, and we do not knowingly collect personal data from children.

13) Third-party services and links

The Services may integrate with third-party services (Stripe, Veriff, Skribble, Google) or link to third-party websites. Their privacy practices are governed by their own policies. Luxeride is not responsible for third-party privacy practices.

14) United States and Canada limitation

Luxeride is operated worldwide but the Services are not offered to users located in the United States or Canada. We may restrict account creation or access from those locations.

15) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version and change the “Last updated” date.

  • For non-material changes (clarifications, formatting, minor updates), we may update without individual notice.

  • For material changes that significantly affect how we process personal data or your rights, we will take reasonable steps to provide additional notice (e.g., within the app, by email, or in the help center).

16) Contact

Luxeride Sàrl
Rue de Genève 100, 1004 Lausanne, Switzerland
contact@luxeride.io

Did this answer your question?