drivo
Legal

מדיניות פרטיות — Drivo Driver

Effective date: 2026-05-15 Last updated: 2026-05-15

This Privacy Policy governs the collection, use, storage, and disclosure of information by All Good Ltd. (Israeli company, hereinafter "the Company", "we", "us", "our") in connection with the Drivo Driver mobile application and any related services (collectively, the "Service").

By installing, registering for, or using the Service, you (the "User", "Driver") affirmatively consent to every clause of this Policy and to our [Terms of Service](TERMS_OF_SERVICE.md). If you do not agree, you must immediately uninstall the Service and cease all use. Continued use constitutes ongoing acceptance.

1. Lawful basis and consent

The Service is offered "AS IS", "AS AVAILABLE", and on an "at-your-own-risk" basis. The User acknowledges that all information provided to, or generated by, the Service originates from the User's own voluntary actions and is processed on the basis of the User's explicit consent given upon registration and re-affirmed each time the User opens or uses the Service.

The User represents and warrants that they:

passenger vehicle in their jurisdiction;

laws and regulations applicable to their use of the Service, including but not limited to taxation, licensing, vehicle insurance, traffic laws, occupational safety and consumer protection.

  • are at least 18 years of age and legally licensed to operate a commercial
  • have full legal capacity to enter into this agreement;
  • are providing accurate and lawful information;
  • are solely responsible for compliance with all local, regional and national

2. Information we collect

The Company collects, processes and stores the following categories of information at the User's initiative and with the User's consent:

(a) Identity and contact data. Phone number, full name, optional email, profile photograph (optional), date of registration, last login IP and user agent.

(b) Vehicle data. License plate, vehicle make / model / colour / year, seats, driver's licence number, vehicle category.

(c) Driver profile data. Public display name, biographic note, favourite music, hobbies, payment methods accepted.

(d) Precise geolocation data, including in the background, while the User is signed in and the User's status is set to "פנוי" (available), "תפוס" (busy) or "בנסיעה" (on-trip). This data is used to fulfil the core purpose of the Service (matching the User to trips, displaying the User's position to riders during an active trip and to the User's fleet manager). The User expressly authorises this collection and acknowledges that disabling it disables the Service.

(e) Telemetry data. Distance travelled, average speed, time spent in each operational status, and the geographic zone the User was located in, aggregated into one record per day. Raw minute-level coordinates are discarded after each 60-second tick is folded into the daily aggregate.

(f) Trip data. Pickup and dropoff coordinates, fare, ratings given by the User and by riders, payment method selected, timestamps of each trip state transition.

(g) Technical data. App version, OS version, device identifier (random, not the hardware IMEI), crash logs.

The User confirms that they will not enter into the Service any data belonging to third parties without those third parties' explicit consent, and that the User alone bears any consequence of doing so.

3. How we use the information

The information is used at the User's instruction to:

earnings, displaying live position to riders and fleet managers;

distance, hours) and inside the Company's operations console (aggregate fleet metrics by zone, by day, by manager);

  • operate the Service: dispatching trips, computing fares, paying out
  • compute statistics surfaced inside the Service (the User's own earnings,
  • verify the User's identity via SMS or voice OTP;
  • enforce the Terms of Service, detect fraud, and resolve disputes;
  • comply with any legal obligation imposed on the Company.

We do not sell personal data to third parties.

The User accepts that the Company may use de-identified, aggregated statistics derived from the User's activity (e.g. "average driver does X trips per week in Tel Aviv") for any business purpose, including marketing, investor materials, and product development, without further notice or compensation.

4. Sharing

Information is shared with:

approximate live position, photo, and rating;

identity, real-time and historical location, status, statistics, app version, and any administrative notes;

cloud hosting, OTP carrier, payment processors, SMS gateways, analytics providers. These parties are bound by confidentiality obligations but the User acknowledges that the Company is not liable for any breach or failure on the part of such service providers;

in good faith that disclosure is required by law, court order, or to protect the Company's rights or the safety of any person.

  • Riders during an active trip: the User's name, vehicle details,
  • The User's fleet manager and the Company's super-administrators: full
  • Service providers acting on the Company's behalf under contract:
  • Public authorities, courts and regulators when the Company believes

In the event of a merger, acquisition, sale of assets, financing or insolvency, the User's data may be transferred to the successor entity without further notice, and this Policy will bind that successor.

5. Storage, retention and transfer

Data is stored on servers operated by or for the Company, located in Israel and/or the European Union. By using the Service the User explicitly consents to the transfer of their data to and processing within these jurisdictions, regardless of the User's country of residence.

The Company retains:

seven (7) years** following deletion, for tax, accounting and legal compliance;

  • account, vehicle and trip records for **the duration of the account plus
  • daily telemetry aggregates for the lifetime of the account;
  • raw real-time location for the duration of the active session only.

The Company does not guarantee that deleted data will be removed from backups or archival storage within any specific timeframe.

6. Security

The Company implements industry-customary technical and organisational measures (HTTPS/WSS transport, bcrypt password hashing, Android Keystore for on-device token storage). The User acknowledges and accepts that:

security, integrity, or availability** of any data;

passwords, and any access credentials;

loss, or alteration of data caused in whole or in part by the User's device, network connection, or by a third party.

  • no system is fully secure;
  • the Company makes **no warranty, express or implied, regarding the
  • the User is solely responsible for safeguarding their device, OTP codes,
  • the Company shall not be liable for any unauthorised access, interception,

7. User rights

The User may request access, correction, or deletion of their personal data by emailing [email protected]. The Company will respond within thirty (30) days. The Company reserves the right to:

excessive;

  • verify the User's identity before acting on any request;
  • refuse or charge a fee for requests that are manifestly unfounded or
  • retain any data necessary for legal compliance or to defend legal claims.

The User waives any further right of action with respect to data processing beyond what is mandatorily required by applicable law (e.g. Israeli Protection of Privacy Law, EU GDPR where it applies).

8. Children

The Service is not directed to anyone under 18. The Company does not knowingly process data of minors. Any User found to be under 18 will have their account terminated and their data deleted, and the User accepts full responsibility for any misrepresentation of age.

9. Third-party services

The Service may interoperate with third-party services such as Google Maps, OpenStreetMap, Waze, WhatsApp, and payment processors. Such services are governed by their own privacy policies and terms. The Company is not responsible for the content, accuracy, availability, security, or privacy practices of any third-party service.

10. Cookies and similar technologies

The mobile application does not use traditional cookies. It does use the on-device encrypted storage to persist authentication tokens. By using the Service the User consents to such persistence; the User may revoke consent by signing out, after which tokens are erased on the next launch.

11. Limitation of liability concerning data

To the maximum extent permitted by applicable law, the Company, its officers, directors, employees, contractors, agents, licensors and suppliers shall not be liable for any direct, indirect, incidental, special, consequential, punitive or exemplary damages, including but not limited to damages for loss of profits, goodwill, use, data or other intangible losses, resulting from:

(a) any access to, use of, or inability to use the Service; (b) any conduct or content of any third party on the Service; (c) any content obtained from the Service; (d) any unauthorised access, use, or alteration of the User's transmissions or content; (e) any error, mistake, inaccuracy, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, or theft or destruction of the User's communications;

even if the Company has been advised of the possibility of such damages.

The User expressly agrees that the User's sole and exclusive remedy for any dissatisfaction with the Service or with this Policy is to stop using the Service.

12. Indemnification

The User agrees to indemnify, defend and hold harmless the Company, its affiliates, officers, directors, employees, contractors, agents, licensors and suppliers from and against any claim, demand, loss, liability, damage or expense (including reasonable legal fees) arising out of or related to:

the User uploads belonging to a third party);

Service.

  • the User's use of the Service;
  • the User's violation of this Policy or the Terms of Service;
  • the User's violation of any law or third-party right (including any data
  • any data, opinion, instruction, or content the User submits to the

13. Changes

The Company may modify this Policy at any time by posting a revised version inside the application or at https://drivo.pro/legal/driver-privacy. Continued use after the change date constitutes acceptance of the modified Policy. It is the User's responsibility to review the Policy periodically.

14. Governing law and venue

This Policy is governed by the laws of the State of Israel, without regard to conflict-of-law principles. The courts of Tel Aviv-Jaffa shall have exclusive jurisdiction over any dispute arising out of or relating to this Policy or the Service. The User waives any objection to such venue.

15. Severability

If any provision of this Policy is held invalid or unenforceable, the remaining provisions remain in full effect and the invalid provision shall be replaced with one that most closely reflects the original intent within the bounds of applicable law.

16. Contact

All Good Ltd. Email: [email protected] Website: https://drivo.pro