Privacy Policy

Article 1 - Scope and Controller Identity

1.1 Scope

This Privacy Policy ("Policy") describes how Jetset Transportation Inc. ("Company," "we," "us"), doing business as Limo-Elite, collects, uses, discloses, and protects your personal information when you use our website (limo-elite.com), mobile applications, and transportation services (collectively, the "Platform"). This Policy applies to all Users, including passengers, drivers, corporate account administrators, and website visitors.

1.2 Controller

1.3 Legal Basis

We process your personal information under the following legal bases: (a) performance of a contract (when necessary to fulfill your Booking), (b) legitimate business interests (improving our services, preventing fraud), (c) compliance with legal obligations (tax reporting, regulatory requirements), and (d) your consent (for optional features like marketing communications and location tracking).

Article 2 - Information We Collect

2.1 Information You Provide Directly

• Account registration: Full name, email address, phone number, password
• Booking information: Pickup and dropoff addresses, scheduled date/time, passenger count, luggage count, special requests, flight numbers, notes to driver
• Payment information: Credit/debit card number, expiration date, CVV, billing address (processed and stored by Stripe; we retain only the last 4 digits and card brand)
• Profile information: Profile photo, saved addresses (home, work, favorites), ride preferences (temperature, music, conversation level)
• Communications: Messages sent through the in-app chat, customer support tickets, contact form submissions, email correspondence
• Ratings and reviews: Star ratings, written reviews of rides and drivers
• Referral information: Names and contact details of persons you refer to the Platform

2.2 Information Collected from Drivers

• Application data: Full legal name, date of birth, Social Security Number (for background checks and tax reporting), driver's license number and state, vehicle registration, proof of insurance
• Documents: Driver's license copy, vehicle inspection certificates, insurance certificates, TNC/livery license
• Financial data: Bank account information for direct deposit payouts, Stripe Connect account details, W-9 tax form, 1099 tax documents
• Location data: Real-time GPS location during active rides and while online on the Platform

2.3 Information Collected Automatically

• Device information: Device type, operating system, browser type and version, unique device identifiers, screen resolution, language settings
• Location data: GPS coordinates (with your permission), IP-based approximate location
• Usage data: Pages and features accessed, time spent on pages, click patterns, search queries, booking history
• Log data: IP address, access timestamps, referring/exit URLs, HTTP request headers, error logs
• Cookies and tracking technologies: See our Cookie Policy for details

2.4 Information from Third Parties

• Background check providers: Criminal history, driving record, sex offender registry results (for driver applicants)
• Payment processor (Stripe): Payment confirmation, fraud risk scores, chargeback notifications
• Flight data providers: Flight status, arrival times, delays, gate information
• OAuth providers (Google, Apple): Name, email address, profile photo (when you sign in via social login)
• Mapping services (Mapbox): Geocoding data, route calculations, estimated travel times

Article 3 - How We Use Your Information

3.1 Service Delivery

• Process and fulfill Bookings
• Match riders with available drivers using our dispatch and matching algorithms
• Provide real-time ride tracking and estimated arrival times
• Process payments, refunds, and driver payouts
• Send Booking confirmations, ride status updates, receipts, and invoices
• Monitor flight status and adjust pickup times for airport transfers

3.2 Safety and Security

• Conduct background checks on driver applicants
• Verify driver identity, license, and insurance
• Detect and prevent fraud, unauthorized access, and illegal activity
• Investigate incidents, accidents, and complaints
• Enable emergency contact notifications during active rides
• Maintain ride records for insurance and legal compliance

3.3 Platform Improvement

• Analyze usage patterns to improve the user experience
• Optimize dispatch algorithms and routing
• Develop new features and services
• Conduct internal analytics and reporting

3.4 Communications

• Send transactional notifications (booking updates, ride alerts, payment confirmations)
• Respond to customer support inquiries
• Send marketing and promotional communications (with your consent; opt-out available)
• Deliver push notifications (with your device-level consent)

3.5 Legal and Regulatory Compliance

• Comply with tax reporting obligations (IRS 1099 forms for drivers)
• Respond to lawful requests from government authorities
• Enforce our Terms of Service
• Protect the rights, property, or safety of the Company, its users, or the public

Article 4 - Information Sharing and Disclosure

4.1 Sharing with Service Participants

• With Drivers: Passenger's first name, pickup and dropoff locations, ride details, special requests, and phone number (for contact purposes). We do not share the passenger's full address history, payment details, or email.
• With Passengers: Driver's first name, photo, rating, vehicle make/model/color, license plate number, and real-time location during the ride.

4.2 Third-Party Service Providers

We share data with the following categories of service providers who process data on our behalf:

• Stripe, Inc. - Payment processing, fraud prevention (PCI-DSS Level 1 certified)
• Mapbox - Geocoding, route calculation, mapping display
• Twilio - SMS notifications, phone verification
• SendGrid / SMTP providers - Email delivery
• Firebase Cloud Messaging / Apple Push Notification Service - Push notifications
• Background check providers - Driver screening (for driver applicants only)
• Cloud infrastructure providers - Data hosting and storage

4.3 Legal Disclosures

We may disclose your information when required or permitted by law:

• In response to a court order, subpoena, or government investigation
• To law enforcement if we believe disclosure is necessary to prevent illegal activity or harm
• To regulatory agencies in connection with licensing or compliance obligations
• In connection with a merger, acquisition, bankruptcy, or sale of Company assets

4.4 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. This applies to all users in all jurisdictions.

Article 5 - GPS Location Tracking

5.1 Passenger Location

With your device-level permission, we collect your GPS location to: suggest pickup points, display nearby available drivers, provide real-time ride tracking, and calculate accurate fare estimates. You may disable location access through your device settings, but this may limit Platform functionality.

5.2 Driver Location

Drivers' GPS locations are collected continuously while they are online on the Platform. This data is used for: dispatching, real-time ride tracking visible to passengers, route optimization, and safety monitoring. Driver location data is retained for 90 days for operational purposes and up to 7 years for rides where a dispute or legal claim exists.

Article 6 - Payment Data and Fraud Prevention

6.1 Payment Processing

All payment card data is processed by Stripe, Inc. in compliance with the Payment Card Industry Data Security Standard (PCI-DSS) Level 1. We do not store full credit card numbers, CVV codes, or magnetic stripe data on our servers. We retain only: last 4 digits, card brand, expiration month/year, and billing postal code.

6.2 Fraud Prevention

Stripe provides automated fraud detection using machine learning. We may share IP addresses, device fingerprints, email addresses, and transaction patterns with Stripe for fraud scoring. If fraudulent activity is suspected, we may require additional identity verification.

6.3 Tax Reporting

For Drivers earning above the IRS threshold, we are required to issue Form 1099-NEC and report earnings to the Internal Revenue Service. Driver SSN/EIN data is encrypted at rest and in transit and is accessed only for tax compliance purposes.

Article 7 - Data Retention

• Active account data: Retained while your account is active and for 30 days after account deletion request
• Booking and ride records: 7 years (tax and legal compliance)
• Payment transaction records: 7 years (IRS requirements)
• Driver application data (rejected): 1 year
• Customer support communications: 3 years
• GPS location data (rides): 90 days (operational), up to 7 years (if dispute exists)
• Marketing consent records: Duration of consent plus 3 years
• Server logs: 90 days

After the retention period, data is permanently deleted or anonymized.

Article 8 - Data Security

We implement the following security measures to protect your data:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
• Encryption at rest: Sensitive data (SSN, payment tokens) is encrypted using AES-256
• Authentication: JWT-based token authentication with short-lived access tokens (15 minutes) and refresh tokens
• Access controls: Role-based access control (RBAC) limiting data access to authorized personnel only
• Infrastructure: Hosted on secure cloud infrastructure with firewalls, intrusion detection, and DDoS protection
• Monitoring: Security audit logging, anomaly detection, and regular vulnerability assessments
• Incident response: Documented incident response plan with notification procedures

Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

Article 9 - Your Privacy Rights

9.1 Rights for All Users

Regardless of your location, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format (JSON or CSV)
• Opt-out of marketing: Unsubscribe from promotional emails at any time via the unsubscribe link
• Withdraw consent: Withdraw previously given consent for optional data processing

To exercise any of these rights, contact us at privacy@limo-elite.com. We will respond within thirty (30) days.

9.2 Massachusetts Residents

Under Massachusetts data privacy and consumer protection laws (M.G.L. Chapter 93A and 201 CMR 17.00), you have the right to: be notified of data breaches affecting your personal information, know what personal information we collect, and request that we correct or delete your data. We maintain a comprehensive information security program in compliance with 201 CMR 17.00.

9.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the purposes of collection, and the categories of third parties with whom we share data
• Right to Delete: Request deletion of your personal information (subject to exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Data: You may limit the use of sensitive personal information to what is necessary for service delivery
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To submit a CCPA request, contact us at privacy@limo-elite.com or call 1-800-LIMO-ELITE. We will verify your identity before fulfilling any request.

9.4 European Economic Area (EEA) Residents

If you are located in the EEA, you have rights under the General Data Protection Regulation (GDPR), including the rights listed in Section 9.1 plus: the right to restrict processing, the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local data protection authority. Our legal bases for processing are described in Article 1.3.

Article 10 - Children's Privacy

The Platform is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we discover that we have inadvertently collected data from a child under 13, we will promptly delete it. If you believe we have collected information from a child, please contact us at privacy@limo-elite.com.

Article 11 - International Data Transfers

Your data is primarily stored and processed in the United States. If you access the Platform from outside the United States, your data will be transferred to and processed in the United States, which may have different data protection laws than your country of residence. By using the Platform, you consent to this transfer. For EEA users, transfers are conducted under Standard Contractual Clauses or other approved transfer mechanisms.

Article 12 - Automated Decision-Making

We use automated systems for the following purposes: (a) dispatch matching algorithms that pair riders with drivers based on proximity, availability, rating, and vehicle type; (b) fraud detection algorithms that flag suspicious transactions; (c) surge pricing algorithms that adjust fares based on supply and demand. These automated decisions may affect the availability of services and pricing. You may request human review of any automated decision by contacting customer support.

Article 13 - Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals because no industry-wide standard has been established. You may manage tracking preferences through our Cookie Policy or your browser settings.

Article 14 - Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of any third-party sites you visit.

Article 15 - Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you in accordance with Massachusetts breach notification law (M.G.L. Chapter 93H) and other applicable state and federal laws. Notification will be made without unreasonable delay, and in no event later than required by applicable law.

Article 16 - Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email to registered users and posted on this page with an updated "Last Updated" date. We encourage you to review this Policy periodically.

Article 17 - Contact Us