Your data, plainly explained.

The short version

• We collect the minimum data needed to operate the platform.
• We never sell your personal data to third parties.
• You can download a copy of your data or delete your account at any time from Settings > Privacy.
• We retain trip records for 7 years to comply with tax and insurance regulations. Everything else is deleted within 90 days of account closure.

1. What we collect

Account information

When you create a SceneKey account, we collect your name, mobile phone number, email address, and a profile photo (optional). If you sign up through Apple, Google, or Facebook, we receive the basic profile fields you authorize.

Trip information

When you book a ride, we record the pickup and drop-off locations, the route taken, the fare, the driver's name and photo, and the timestamps for each phase of the trip.

Location data

We collect your location while a trip is in progress — from the moment you tap "Book ride" until the trip ends. With your permission, we also collect location data while the app is in the background to improve pickup ETAs and detect fraud. You can disable background location in your device settings at any time.

Device & usage data

We collect basic device information (model, OS version, app version) and usage analytics to improve the app. We use this to fix crashes, understand which features are most useful, and detect abuse.

Payment information

Payments are processed by our PCI-compliant payment processor. We store the last four digits of your card and the card brand (Visa, Mastercard, etc.) for display and fraud detection. We never store full card numbers or CVV codes.

2. How we use your information

We use the data we collect for the following purposes — and only these purposes:

• To match you with the nearest available driver
• To process payments and prevent fraud
• To send you trip updates, receipts, and account notifications
• To improve safety features, including real-time anomaly detection
• To respond to support requests
• To comply with legal and regulatory obligations

3. What we never do

• We never sell your personal data to third parties — full stop.
• We never share your location history with advertisers or data brokers.
• We never use the contents of your in-app messages to train AI models or for marketing.
• We never hand over trip data to law enforcement without a valid legal process (subpoena, court order, or warrant).

4. Who we share data with

We share the minimum data necessary with a small set of vetted partners:

• Stripe / payment processors — to charge your card and prevent fraud.
• Twilio / messaging providers — to send you trip SMS updates.
• Mapbox / Google Maps — to power routing and ETA calculations. These providers receive pickup and drop-off coordinates but cannot link them back to your identity.
• Cloud hosting (AWS) — encrypted at rest, hosted in US-East and US-West regions.
• Law enforcement — only when we receive a valid legal process, and only the minimum data required to comply.

5. Your rights and controls

You have the following rights regarding your personal data. Most can be exercised directly from Settings > Privacy in the app:

• Access. Download a full copy of your data at any time. We deliver it as a JSON file within 24 hours.
• Correction. Update your name, photo, phone number, and email from the profile settings.
• Deletion.Delete your account and all associated data, with the exception of trip records we're legally required to retain for tax and insurance purposes.
• Opt out of marketing. Adjust notification preferences under Settings > Notifications.

6. How we protect your data

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• We run annual third-party security audits and a public bug bounty program.
• Access to production data is limited to a small group of engineers with MFA + hardware security keys, and all access is logged and audited.
• In the event of a data breach affecting your personal information, we'll notify you within 72 hours.

7. Children's privacy

SceneKey is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact privacy@scenekey.app and we'll delete the account.

8. International users

SceneKey operates in the United States only. By using the app, you understand that your data will be processed in the US. If you're visiting the US, your data will be deleted when your account is closed, subject to the retention periods above.

9. Changes to this policy

If we make material changes to this policy, we'll notify you in the app at least 30 days before they take effect. Minor edits (typo fixes, clarification) are reflected in the "Last updated" date above.

Questions about privacy?

Email our Data Protection Officer at privacy@scenekey.app — we respond within 1 business day. Or read our Cookie policy for details on the cookies and similar technologies we use.