Ailoo/Legal/Privacy Policy

Legal

Privacy Policy

Last updated: December 3, 2025Applies to: All Ailoo users in Saudi Arabia
01

Introduction

Ailoo ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our mobile applications, website, and related services (collectively, the "Services").

By using Ailoo Services, you agree to the collection and use of information in accordance with this Privacy Policy. This policy applies to all users — riders, drivers, and visitors to our platform.

Jurisdiction

Ailoo operates under the laws of the Kingdom of Saudi Arabia, including the Personal Data Protection Law (PDPL) issued by Royal Decree No. M/19 dated 9/2/1443H.
02

Information we collect

Account registration

  • Full name
  • Phone number (verified via WhatsApp OTP)
  • Email address
  • Profile photo (optional)
  • Date of birth
  • Language preference (English or Arabic)

Driver-specific information

  • National ID or Iqama number
  • Driver's licence number and expiry date
  • Vehicle registration and insurance documents
  • Bank account details for 0% commission payouts
  • Background check results
  • Profile photo

Usage data

  • Trip history — origin, destination, route, duration, fare
  • Device information — model, OS version, unique device identifiers
  • Log data — IP address, browser type, pages visited, timestamps
  • App interaction data — features used, buttons tapped, session length
  • Crash reports and performance data

Payment data

  • Credit/debit card details (tokenised — we never store raw card numbers)
  • Apple Pay and Google Pay tokens
  • Transaction history
  • Billing address

Communications

  • Support messages and chat history
  • Ratings and reviews you submit
  • Responses to surveys or promotions
  • In-app communications between riders and drivers
03

How we use your information

Providing the service

  • Matching riders with drivers
  • Processing payments and distributing driver earnings
  • Sending trip confirmations, receipts, and driver arrival alerts
  • Enabling in-app navigation and real-time tracking
  • Managing daily commute subscriptions

Safety and security

  • Verifying user identities
  • Detecting and preventing fraud, abuse, and unsafe behaviour
  • Storing always-on audio recordings for women-only trips (encrypted, access-restricted)
  • Sharing trip information with emergency services when required
  • Enforcing community guidelines and driver agreements

Improving the platform

  • Analysing usage patterns to improve features and reliability
  • Conducting research and testing
  • Training machine learning models to improve matching and pricing
  • Resolving disputes using trip data and recordings

Communications

  • Sending promotional offers and notifications (with your consent)
  • Providing customer support responses
  • Notifying you of policy updates
04

Information sharing

Core principle

We do not sell your personal data. We share it only where necessary to provide or improve the service, comply with the law, or protect safety.

Between riders and drivers

When a trip is matched, riders see their driver's name, photo, vehicle details, and rating. Drivers see the rider's name, pick-up location, and destination. Exact home or work addresses are never shown to drivers after a trip is complete.

Service providers

  • Payment processors (Tap Payments, Stripe) — for transaction processing
  • Cloud infrastructure providers — for data hosting
  • Analytics providers — for anonymised usage insights
  • Customer support tools — for resolving queries
  • SMS/OTP providers — for authentication

Legal requirements

We may disclose your information to government authorities, law enforcement, or courts when required by Saudi law, a court order, or to protect the safety of users or the public.

Business transfers

If Ailoo is involved in a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data is subject to a different privacy policy.

05

Location data

Location data is central to how Ailoo works. We collect precise GPS coordinates from both riders and drivers during active sessions.

When we collect it

  • Riders: When the app is open and during active trips
  • Drivers: While the app is open (including background) so we can match nearby requests
  • Daily commute: During active commute sessions for route validation

How you can control it

  • You can revoke location permission from your device settings at any time
  • Revoking location permission will prevent you from booking rides or using the service
  • Historical location data from completed trips is retained for 12 months
06

Data retention

  • Account data: retained for the life of your account plus 5 years after closure
  • Trip data: retained for 3 years after trip completion
  • Payment records: retained for 7 years (Saudi tax/accounting requirements)
  • Safety audio recordings: retained for 30 days unless flagged for a dispute or investigation
  • Support communications: retained for 2 years
  • Analytics data: anonymised and retained indefinitely

You can request deletion of your account and personal data at any time. Requests are processed within 30 days. Some data may be retained where required by law or for active dispute resolution.

07

Security

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access to user data is restricted to authorised personnel on a need-to-know basis
  • Payment data is tokenised and never stored in raw form on our servers
  • We conduct regular security audits and penetration testing
  • Multi-factor authentication is available and encouraged for all accounts

Incident response

In the event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach, in accordance with Saudi PDPL requirements.
08

Your rights

Under the Saudi Personal Data Protection Law, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Correction: request that inaccurate data be corrected
  • Deletion: request that your data be deleted (subject to legal retention requirements)
  • Portability: receive your data in a structured, machine-readable format
  • Objection: object to processing your data for marketing purposes
  • Withdraw consent: withdraw consent for optional processing at any time

To exercise any of these rights, email privacy@ailoo.co. We will respond within 30 days.

09

Children's privacy

Ailoo Services are not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us immediately at privacy@ailoo.co and we will delete the account promptly.

10

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app or email at least 14 days before the changes take effect. Your continued use of Ailoo after the effective date constitutes acceptance of the updated policy.

11

Contact

  • Privacy enquiries: privacy@ailoo.co
  • General support: support@ailoo.co
  • Legal: legal@ailoo.co
  • Address: Ailoo, Riyadh, Kingdom of Saudi Arabia

Other legal documents

Terms of ServiceCookie PolicyRefund PolicyDriver AgreementCommunity GuidelinesAccessibility

© Ailoo 2026. All rights reserved.

legal@ailoo.co