Privacy Policy — Driver

Last updated: June 2026

This Privacy Policy describes how Loadindo Technologies Private Limited (“Loadindo”, “we”, “us”, “our”) collects, uses, shares, retains, and protects information about you when you install, register on, or use the Loadindo Driver App and related services (the “Platform”). It is published in accordance with the Information Technology Act, 2000 (“IT Act”), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDP Act”) as and when its provisions are notified.

1. Scope & Consent

This Policy applies to all Drivers and prospective Drivers who use the Loadindo Driver App. By providing your information and using the Platform you provide free, specific, informed, and unambiguous consent to the collection, processing, and disclosure of your information as described here. You may withdraw consent or exercise your rights at any time as described in Section 12.

2. Definitions

• Personal Data — any data about an identifiable individual.
• Sensitive Personal Data or Information (SPDI) — as defined under the SPDI Rules, including financial information, biometric information, and government identifiers.
• Processing — any operation performed on Personal Data, including collection, storage, use, sharing, and erasure.

3. Information We Collect

3.1 Information You Provide

• Account & Profile: full name, mobile number (E.164 format, typically +91), email address, password (stored only as a salted hash), profile photograph (JPEG/PNG, up to 5 MB).
• KYC & Verification: Driving Licence number, date of birth, Aadhaar (only the last four digits are stored, alongside the verification reference and the name, date of birth, gender, and masked mobile returned by DigiLocker), PAN number and name as returned by DigiLocker.
• Vehicle Data: truck type, registration number, Registration Certificate (RC), insurance, fitness, permit, pollution-under-control certificate, and photographs of the vehicle (front, back, left, right, interior, and number plate).
• Banking / Payout (where applicable): bank account number, IFSC, or other settlement details you provide for receiving freight payouts.
• Support Communications: messages, screenshots, and details you share when contacting Loadindo support or the Grievance Officer.

3.2 Information Collected Automatically

• Location: precise (fine) and approximate (coarse) location, place identifiers, address labels, and timestamps. Captured in the foreground at all times the App is open, and in the background while you have an active Trip.
• Device & Technical Data: device model, operating system version, app version, language, time zone, IP address, network type, advertising/installation identifiers, crash data, and diagnostic logs.
• Usage Data: screens viewed, Bids placed, Loads viewed, in-app navigation, push-token state, and similar telemetry.
• Push Token: a Firebase Cloud Messaging (FCM) token assigned to your device to deliver push notifications.
• Audit Trail: additions, edits, and deletions performed by you against documents, profile, and Trip records are logged for accountability and compliance, with sensitive fields redacted.

3.3 Information From Third Parties

• Verification responses from government and licensed identity APIs, including the Unified Logistics Interface Platform (ULIP), Sarathi (DL), DigiLocker (Aadhaar, PAN), and equivalent services.
• Payment status, settlement, and refund metadata from our payment gateway (Razorpay).
• Map, geocoding, and routing data from Google Maps Platform.

4. How We Use Your Information

• To create and operate your account, verify your identity, and confirm your legal entitlement to operate a commercial vehicle.
• To match you with Loads based on truck type, location, and other Vendor-defined criteria.
• To enable Vendors to view your name, vehicle, contact number, and real-time location during an active Trip.
• To compute Commissions, advances, settlements, refunds, and invoices.
• To send transactional and service notifications by push, email, or in-app message.
• To detect and prevent fraud, abuse, or violation of these Terms; to enforce our rights and protect Loadindo, Vendors, and third parties.
• To analyse and improve the Platform, including measuring feature adoption and operational performance.
• To comply with legal obligations, respond to lawful requests from authorities, and produce records to regulators when required.

5. Legal Bases for Processing

We rely on the following legal bases under the DPDP Act and the SPDI Rules:

• Consent — for collection of KYC data, banking data, and use of background location.
• Performance of Contract — to deliver the Platform and execute Locked Trips.
• Legitimate Use — for fraud prevention, security, and to comply with applicable law.
• Legal Obligation — to retain audit, tax, and regulatory records.

6. How We Share Your Information

• With Vendors: your name, profile photo, vehicle details, contact number, and real-time location during an active Trip; KYC verification status (Verified / Pending / Rejected) but not raw documents.
• With Verification Partners: we transmit DL number, Aadhaar reference, PAN number, and related identifiers to ULIP, Sarathi, DigiLocker, GST API providers (for the limited cases where joint verification is required), and other licensed verifiers.
• With Payment & Banking Partners: Razorpay and similar gateways process payments and may receive name, contact, and amount details necessary to complete the transaction.
• With Cloud, Storage, and Notification Providers: Amazon Web Services (S3 storage for documents and photos), Firebase (push notifications), and equivalent infrastructure providers.
• With Professional Advisors: auditors, lawyers, and accountants under appropriate confidentiality obligations.
• With Government & Law Enforcement: in response to a lawful order, summons, regulatory direction, or to protect rights, property, or safety.
• In Corporate Transactions: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

We do not sell your personal data to marketing agencies or data brokers.

7. Background Location — Specific Notice

Background location collection is required for the Platform's core function of live shipment tracking. Once you begin an active Trip, the App will continue to collect your location while in the background or when closed, until the Trip status is set to Delivered or Completed, or until you log out. We will not collect background location when no Trip is active. You may revoke the “Allow all the time” location permission from your device settings; however, doing so will prevent you from accepting or operating Trips on the Platform.

8. Data Retention

• Account data: retained for the duration of your account and for up to seven (7) years after closure for legal, tax, and audit purposes.
• KYC documents and verification responses: retained for as long as required by law (typically five to seven years) and to maintain a defensible record of compliance.
• Transaction and audit logs: retained for at least ninety (90) days in accordance with the Intermediary Guidelines, and longer where required by tax or regulatory law.
• Location data: raw real-time location pings during a Trip are retained for the duration of the Trip and for a reasonable period thereafter (typically up to twelve months) for dispute resolution; thereafter, only aggregated or anonymised location may be retained.

9. Account & Data Deletion

You may ask us to delete your Loadindo account and the personal data associated with it. This applies to data held by Loadindo Technologies Private Limited (the developer of the Loadindo Driver App) in connection with your use of the App.

9.1 How to Request Deletion

To request deletion, send a request to support@ntruck.com (or to the Grievance Officer at grievance@ntruck.com) from your registered email address, or from your registered mobile number, with the subject line “Account Deletion Request”.

We verify that the request comes from the account holder before acting on it. Verified requests are processed within thirty (30) days, and we confirm by email once the deletion is complete. You cannot request deletion while you have an active Trip in progress; the Trip must first be completed, cancelled, or settled.

9.2 Data That Is Deleted

• Your profile information — name, email address, mobile number, profile photograph, and password hash.
• Your Firebase Cloud Messaging (FCM) push token, device identifiers, and any marketing preferences.
• Vehicle photographs and profile content that are not part of a completed transaction or otherwise subject to legal retention.

Once deleted, your account can no longer be used to log in, and the data above is removed from our active systems and queued for deletion from backups within a reasonable period.

9.3 Data That Is Retained

We retain certain records even after account deletion, where we are legally required to or where retention is necessary to resolve disputes, prevent fraud, and maintain a defensible record of compliance:

• KYC & verification responses (Driving Licence number, the last four digits of Aadhaar and its verification reference, PAN, and vehicle documents such as the RC) — retained for as long as required by law, typically five to seven (5–7) years.
• Transaction, payment, payout, and invoice records — retained for up to seven (7) years to meet tax and accounting obligations.
• Transaction and audit logs — retained for at least ninety (90) days, and longer where required by tax or regulatory law.
• Trip location records — retained for up to twelve (12) months for dispute resolution, after which only aggregated or anonymised location may be kept.

Where retained data is no longer required for these purposes, it is deleted or irreversibly anonymised at the end of the applicable retention period.

10. Security

We follow reasonable security practices in line with ISO/IEC 27001 principles and the SPDI Rules. Measures include encryption in transit (TLS), encryption at rest where supported by the underlying storage service, role-based access control, JWT-based session management with short-lived access tokens, salted-hash password storage, audit logging, least-privilege deployments, and periodic security reviews. No system can be made absolutely secure, and you are responsible for safeguarding your password and device.

11. Children's Data

The Platform is not intended for use by persons under the age of eighteen (18). We do not knowingly collect personal data from children. If you become aware of any child using the Platform, please notify us and we will take steps to delete the relevant data.

12. Your Rights

Subject to applicable law (including the DPDP Act when in force) and reasonable verification of your identity, you may:

• Access the personal data we hold about you and request a summary;
• Correct inaccurate or incomplete data;
• Request erasure of data we are not legally required to retain;
• Withdraw consent where processing is based on consent (subject to consequences such as inability to use the Platform);
• Nominate another person to exercise these rights on your behalf in the event of your death or incapacity;
• Raise a grievance with our Grievance Officer (see Section 15).

13. Cookies & Analytics

The mobile App itself does not rely on browser cookies, but uses standard device identifiers and SDKs (including Firebase) for crash reporting, analytics, and push delivery. Where the Platform is accessed via a web browser, essential cookies may be used to maintain a session. You can manage cookies through your browser settings; disabling them may impact functionality.

14. International Transfers

Your data is primarily stored on infrastructure located in India. Where certain processing (for example, push notification delivery via Firebase or storage of model verification responses) may involve transfer outside India, we ensure such transfers are conducted in accordance with applicable law and through providers offering equivalent levels of data protection.

15. Grievance Officer

In accordance with the IT Act and the Intermediary Guidelines, the Grievance Officer is responsible for the redressal of complaints relating to this Policy or the Platform.

• Name: Grievance Officer, Loadindo Technologies Private Limited
• Email: grievance@ntruck.com
• Support: support@ntruck.com

Grievances will be acknowledged within forty-eight (48) hours and resolved within one (1) month of receipt. Cyber-security incidents are reported to CERT-In as and when required.

16. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified through the App or by email at least seven (7) days before taking effect. The latest version is always available at /legal/policy-driver.

17. Contact Us

Loadindo Technologies Private Limited
Email: support@ntruck.com
Grievance Officer: grievance@ntruck.com