Clause 1: Introduction and Scope

Introduction

This policy constitutes the official privacy statement for the CarAm application, the technology platform owned by Alpha Minds for Technical Solutions, which operates the electronic application dedicated to requesting smart transportation services. This policy aims to explain how users’ personal data is collected, used, processed, stored, shared, and protected, in accordance with applicable laws and regulations in the Kingdom of Saudi Arabia, while adhering to international best practices for data protection.

By downloading or using the CarAm app, registering an account, or interacting with any of its services, the user acknowledges that they have read, understood, and agreed to this policy. Such consent is deemed a legally binding contract between the user and the company. This agreement governs your access to and use of our digital platform and the services provided through it; by using the platform, you agree to be bound by these terms and policies. If the user does not agree to any provision of this policy, they must immediately stop using the app and all related services.

Scope

1. Passengers (users).
2. Drivers (Captains).
3. Guest users.
4. Visitors.
5. Vendors and contractors.

Legal Effect

• This policy is an integral part of CarAm’s Terms of Use and is applied in conjunction with them.
• In the event of any conflict between this policy and any other documents or statements published by the company, the text of this policy shall prevail.
• The company reserves the right to amend or update this policy from time to time. Continued use of the app after any amendment will be considered explicit acceptance of the updated version.

Clause 2: Definitions

1. Company: Alpha Minds for Technical Solutions.
2. App/Platform: The CarAm program, the website, and related digital services.
3. Account Holder User: Any natural person who downloads, uses, or registers in the app.
4. Passenger: A user who requests transportation services via the app.
5. Driver (Captain): A user who provides transportation services using an approved vehicle.
6. Guest User: A person who uses the app temporarily or indirectly without a permanent account.
7. Visitor: A person who interacts with the company’s channels without being a registered user.
8. Vendor/Contractor: A party that provides services or products to the company to support platform operations.
9. Personal Data: Any information that identifies an individual directly or indirectly.
10. Processing: Any operation performed on data such as collection, storage, or sharing.
11. Services: All services provided through the app.
12. Trip: A transportation request that starts with an order and ends upon arrival.
13. Account: The user profile within the app.
14. Third-Party Service Providers: Independent parties supporting platform operations (maps, payments, messaging).
15. Force Majeure: Exceptional events beyond one’s control.
16. Fees: Amounts and taxes applied in exchange for services.

Clause 3: Legal Basis for Data Processing

1. Compliance with applicable laws: Processing is carried out in accordance with relevant Saudi regulations.
2. User’s explicit consent: Requested when creating an account and may be withdrawn; withdrawal may result in restricting the service.
3. Performance of contractual obligations: To process trips, payments, and technical support.
4. Legitimate interests of the company: To ensure safety, combat fraud, improve services, and analyze operations.
5. Compliance with legal obligations: Sharing data upon official requests within legal limits.
6. International practices: Striving to follow best practices inspired by global regimes such as the GDPR.

Clause 4: Data We Collect

First: Data provided directly

1. Identity data: full name, date of birth, gender, profile photo.
2. Contact data: phone number, email, address.
3. Driver registration data: ID, driving license, vehicle registration, vehicle photos, inspection certificate (upon request).
4. Payment and subscription data: payment methods, subscription details, and fees.

Second: Data generated through use

1. Geolocation (GPS): pickup and destination locations and routes, and may operate in the background if enabled.
2. Trip data: date and time, vehicle type, duration, distance, and fare.
3. Interaction data: searches, cancellations/refusals, in-platform messages.
4. Device data: device type, operating system, IP, language, region, and network.

Third: Ratings and communications

• Mutual ratings and comments.
• Notes and complaints submitted through support.
• Call recordings for training and supervisory purposes.

Fourth: From third parties

• Official entities for verification and compliance.
• Payment, identity, and hosting service providers.
• Business partners under contractual programs.

Fifth: Non-personal data

Anonymous statistical and technical data to improve performance and system stability.

Clause 5: How We Use Data

First: Platform operations

• Enable passenger requests and their execution by drivers.
• Verify identity and prevent fraud.
• Process payments and manage accounts and wallets.

Second: Quality improvement

• Analyze usage to improve the experience and features.
• Update algorithms and enable dynamic pricing when activated.
• Technical maintenance and troubleshooting.

Third: Communications

• Trip status notifications.
• Offers, updates, complaint handling, and alerts.

Fourth: Security and compliance

• Detect unauthorized activities and investigate disputes.
• Cooperate with official authorities within legal frameworks.

Fifth: Research and statistical purposes

Use aggregated and anonymized data for reports and market trends.

Sixth: Marketing (with user consent)

• Promotional notifications, referral programs, rewards, and an opt-out option.

Seventh: Internal purposes

• Train support teams, evaluate performance, and conduct financial and administrative audits.

Clause 6: Data Sharing

• Between passengers and drivers to complete the trip (name, pickup location, destination, and phone number when necessary).
• With service providers (payments, maps, hosting) to the extent necessary for operation.
• With official authorities when legally required.
• Anonymous public data for statistical and research purposes.

Clause 7: Automated Decisions

• Matching passengers with the nearest drivers.
• Automatically calculating fares.
• Evaluating performance and its impact on visibility.
• Automatic suspension when suspicious or violating activity is detected.

These decisions aim to improve the experience without unfair discrimination.

Clause 8: Data Transfers

Storage and processing are preferably performed locally; however, data may be transferred or processed outside the country when engaging external providers, with reasonable safeguards applied.

Clause 9: Data Storage and Retention

Data is stored on secure servers as long as the account is active or as needed. After account closure, we may retain certain data for limited legal/accounting periods, then delete or securely archive it.

Clause 10: User Rights

1. Right of access.
2. Right to rectification.
3. Right to deletion (right to be forgotten), unless there is a legal obligation to retain the data.
4. Right to restrict processing in certain cases.
5. Right to object to marketing and to opt out.
6. Right to close the account.
7. Right to submit complaints and receive a response within a reasonable period.

Clause 11: Data Security

We use encryption in transit, secure storage, and access restrictions to authorized personnel only. However, the internet is not a fully secure environment and absolute protection cannot be guaranteed.

Clause 12: Cookies

We may use cookies to improve performance and user experience (such as language preferences and easier login). You can control cookies through device/browser settings; disabling them may affect certain features.

Clause 13: Marketing and Communications

Types

• Operational communications (confirmation/cancellation/security).
• Promotional communications (offers and promo codes).
• Informational and awareness communications.

Channels

• In-app notifications.
• Email.
• SMS (OTP).
• Messaging apps (WhatsApp/Telegram) when enabled.
• Phone calls when necessary.

Consent and options

• Operational communications are enabled by default because they are essential to provide the service.
• You may opt out of promotional messages through settings, email links, or a formal request.
• To create a passenger account, you must be 18 years of age or older.

Sharing marketing data

• No sharing for direct marketing purposes without explicit consent.
• We may share aggregated non-personal statistical data with partners.

Retention period

Marketing interaction data is retained for no more than 24 months from the last activity, then deleted or anonymized.

Clause 14: Guest Users

Limited and necessary data may be collected only to complete the service (such as phone number, pickup location, destination) and retained for a short period, unless a legal obligation exists.

Clause 15: Vendors and Visitors

1. Vendors and contractors: collecting the data necessary to manage contractual and financial relationships.
2. Visitors: basic data may be collected for protection and security purposes.

Clause 16: Force Majeure

The company shall not be liable for delays or failures resulting from events beyond its control, such as natural disasters, wars, sanctions, power/internet outages, epidemics, and large-scale cyberattacks.

Clause 17: Disclaimer

1. Nature of role: The platform is a technical intermediary; the trip’s contractual relationship is between the passenger and the driver, and drivers are independent contractors.
2. No warranties: Services are provided “as is” and subject to availability.
3. Maps and locations: Provided on an estimated basis and may be affected by external factors.
4. Safety and security: Features are guidance-only and do not replace the user’s responsibility.
5. Lost items: Follow-up is handled directly between the passenger and the driver.
6. Off-app dealings: Outside the scope of the company’s responsibility.
7. Technical issues: No guarantee of uninterrupted continuity.
8. User behavior: No liability for personal acts or violations.
9. Third-party content: No responsibility for its accuracy or reliability.
10. App limitations: Disclaimer of any warranties not expressly stated, to the extent permitted by law.

Clause 18: Limitation of Liability

1. Protected parties: The company, its affiliates, partners, employees, suppliers, and contractors.
2. Financial cap: For passengers, up to the value of the disputed fare paid through the app; for drivers, up to the total subscription fees paid over the last three months.
3. Exclusion of indirect damages: No liability for lost profits, reputation, or data…
4. Cap applies regardless: Applies regardless of the basis of the claim.
5. Claim period: Within 12 months of the incident.
6. Mitigation obligations: The user must make reasonable efforts and cooperate.
7. Legal exceptions: Nothing is excluded where the law does not allow exclusion.
8. Link to force majeure: Liability is excluded for the duration of the force majeure event.

Clause 19: Dispute Resolution

1. Amicable settlement within 30 days of notice.
2. If arbitration is not possible: the competent courts in Jeddah.
3. No class actions.
4. This clause remains effective after account closure.

Clause 20: Changes to This Policy

This policy may be amended based on developments. Users will be notified of material changes through appropriate channels. Continued use constitutes acceptance of the updated version.

Clause 21: Contact Us

Clause 22: Acknowledgment

By using the CarAm platform and its services, you acknowledge that you have read and understood this policy and agree to be bound by it and by the applicable terms and conditions. If you do not agree to any part, you must stop using the services.