Privacy Policy

1. Who We Are

CabZen is a Software-as-a-Service (SaaS) platform for taxi, private hire, and airport transfer operators. The platform is owned and operated by NYXANO LTD, registered in Scotland. For the purposes of UK data protection law, NYXANO LTD is the data controller for personal data collected through the CabZen platform and the CabZen Driver app.

Contact: [email protected]

2. Data We Collect

2.1 CabZen Driver App (Mobile)

• Location data: When you start a shift, the app collects your GPS location (latitude, longitude, accuracy, heading, and speed) and transmits it to the CabZen server. This data is used to show your position to your dispatch operator and to customers tracking their booking. Location tracking starts only when you explicitly tap "Start Shift" and stops immediately when you tap "End Shift". We do not collect location data at any other time.
• Account credentials: Your email address and hashed password used to log into the app.
• Device identifier: A randomly generated UUID stored securely on your device to associate it with your account for authentication purposes.
• Job and shift data: Information about bookings assigned to you, job status updates you submit, shift timing, working hours, and availability schedules.
• Compliance documents: If you upload documents (driving licence, taxi licence, insurance certificate, etc.) through the app, these files are stored securely on our cloud storage. They are visible only to you and to the operator managing your account.
• Personal details: If you enter your National Insurance number and home address via the compliance section of the app, this information is stored and shared with your operator only.

2.2 CabZen Web Platform (Operators)

• Business account information: Company name, email address, billing information, and payment method details (processed securely by Mollie).
• Booking data: Customer names, phone numbers, email addresses, pickup and drop-off addresses, and journey details entered into the system by operators or submitted by customers via the booking widget.
• Driver profiles: Names, email addresses, phone numbers, vehicle details, licence numbers, expiry dates, and compliance documents of drivers added by operators.
• Customer data: Names, contact details, booking history, and payment records of passengers who have booked through an operator's CabZen-powered booking page.
• Usage data: Log data, IP addresses, browser type, and pages visited on the dashboard, used for security and to improve the platform.

3. Background Location — Driver App

The CabZen Driver app requests "Always On" location permission on iOS and background location permission on Android. This is required so that your location continues to be tracked when the app is in the background or your phone screen is locked during an active shift.

When is background location used? Exclusively during active driving shifts. The app uses the operating system's background location service only between the time you tap "Start Shift" and the time you tap "End Shift". No background location data is collected outside of active shifts.

Why is this necessary? Passengers need to track their driver's progress in real time. Drivers frequently lock their phone while driving. Without background location, tracking would stop the moment the phone is locked, making the feature non-functional.

How to revoke access: You can revoke location permission at any time in your device Settings under Privacy > Location Services > CabZen Driver. If you revoke the permission, shift tracking will not function until access is restored.

4. How We Use Your Data

• To provide core dispatch, booking management, driver tracking, and compliance features of the CabZen platform.
• To transmit your real-time location to your dispatch operator and to passengers tracking an active booking.
• To authenticate your identity and keep your account secure.
• To send booking-related email and SMS notifications (job offers, confirmations, status updates).
• To enable operators to manage driver compliance documentation and scheduling.
• To process subscription payments and manage billing for operator accounts.
• To fulfil our contractual obligations to operator subscribers.
• To improve platform reliability, diagnose technical issues, and prevent fraud.

5. Legal Basis for Processing (UK GDPR)

• Contract performance: Processing necessary to provide the services you or your employer have contracted for.
• Legitimate interests: Security monitoring, fraud prevention, and platform improvement.
• Consent: Location permissions are requested explicitly and can be revoked at any time.
• Legal obligation: Retaining booking and payment records as required by applicable law.

6. Data Sharing

We do not sell personal data. We share data only in the following circumstances:

• Your dispatch operator: Your location during active shifts, compliance documents, and profile details are visible to the operator who manages your account via the CabZen dashboard.
• Passengers: Customers with an active booking can view your real-time location and first name during the journey.
• Service providers: We use Mollie for subscription payment processing, Postmark for transactional email delivery, and DigitalOcean for cloud infrastructure and file storage. All providers are bound by data processing agreements.
• Payment processors: Operators may connect Stripe, Square, or Mollie to their CabZen account to process customer payments. We transmit relevant booking and customer data to the selected processor to complete transactions.
• Legal requirements: We may disclose data if required by law, court order, or to protect the rights, property, or safety of CabZen, our users, or the public.

7. Data Retention

• Location pings: Raw GPS pings are retained for 30 days and then deleted automatically.
• Booking records: Retained for 7 years for accounting and legal compliance.
• Compliance documents: Retained while the driver account is active. Operators may delete documents at any time.
• Account data: Retained while your account is active and for 90 days after closure, after which it is permanently deleted.
• Authentication tokens: Expire after 30 days of inactivity.

8. Your Rights (UK GDPR)

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Request deletion of your personal data ("right to erasure").
• Object to or restrict certain types of processing.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent for location tracking at any time (via device settings).

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. Security

We use industry-standard security measures including TLS encryption in transit, hashed passwords, secure token authentication, access-controlled cloud storage, and database-level access controls. Location data is transmitted over HTTPS. Compliance documents are stored in private, access-controlled cloud storage buckets.

10. Cookies

The CabZen web platform uses session cookies necessary for authentication and security. We do not use advertising or third-party tracking cookies on our platform. Our public-facing website (cabzen.app) may use analytics to understand visitor behaviour; no personally identifiable information is collected through these analytics.

11. International Transfers

Your data is stored and processed within the UK and European Economic Area (EEA). Our infrastructure provider, DigitalOcean, operates data centres in the UK and EU. Where any transfer outside the UK/EEA is necessary, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

12. Children's Privacy

CabZen is a professional platform intended for use by adults (18+). We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email or an in-app notice at least 14 days before taking effect. The date at the top of this page reflects the most recent revision.

14. Contact & Complaints

For any privacy-related questions, contact us at [email protected].

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.