Introduction

Yelowsoft ("we," "our," or "us") is committed to safeguarding the privacy of individuals who use our software, mobile applications, web portals, websites, and related services. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regulations.

We recognize the responsibility you place on us when you share your information and we work diligently to keep that information secure and used only for legitimate purposes.

Roles & Responsibilities

Data Controller: Yelowsoft acts as the data controller for personal data we collect directly, such as through our websites, apps, or communications.

Data Processor: When providing services to clients (e.g., taxi companies, corporate transport providers, NEMT operators), we act as a data processor on behalf of those clients, who remain the data controllers.

Data Protection Officer (DPO):

Responsibilities

  • Oversee compliance with applicable data protection laws
  • Advise management and staff on privacy obligations
  • Conduct regular audits and Data Protection Impact Assessments (DPIAs)
  • Maintain Records of Processing Activities (RoPA)
  • Handle privacy-related inquiries and rights requests
  • Provide privacy training and awareness to staff

Data We Collect

We may collect the following categories of information:

Information Provided Directly

  • Name, email address, phone number
  • Business name and address (for enterprise clients)
  • Payment details (e.g., last four digits, transaction history)
  • Profile preferences, uploaded photos
  • Identification information required for account verification or auditing purposes

Information Collected Automatically

  • IP address, browser type, operating system
  • Device type, unique device identifiers
  • Log files and usage data
  • GPS location (if enabled for apps)
  • Crash logs, diagnostic and performance data

Third-Party and Partner Data

  • Data from fleet operators, corporate clients, or integrated systems
  • Payment gateway and financial institution data
  • Marketing and analytics data from authorized partners

How We Collect Data

Client agrees that it shall defend, indemnify, save and hold YelowSoft harmless from any and all demands, liabilities, losses, costs and claims, including reasonable attorney’s fees, ("Liabilities") asserted against YelowSoft, agents, its clients, servants, officers and employees, that may arise or result from any service provided or performed or agreed to be performed or any product sold by client, its agents, employee or assigns. Client agrees to defend, indemnify and hold harmless YelowSoft against Liabilities arising out of any injury to person or property caused by any products or services sold or otherwise distributed in connection with YelowSoft’ service, any material supplied by client infringing on the proprietary rights of a third party, copyright infringement, and any defective product which client has sold in the Application.

Copyright to application assets

We collect data when you:

  • Register online or use our services
  • Communicate with us via email, phone, or in-app chat
  • Provide information during onboarding or customer support

We may also receive your data from:

  • Fleet operators or corporate accounts you are associated with
  • Integrated booking systems and APIs
  • Payment processors and marketing platforms
PurposeLegal Basis
Account creation and loginContractual necessity
Booking and trip dispatchContractual necessity
Location tracking during tripsLegitimate interest / Consent
Customer support and onboardingLegitimate interest
Payment processingContractual necessity
Marketing and retargetingConsent
Product analytics and improvementLegitimate interest
Legal compliance and auditsLegal obligation

Data Sharing and Disclosures

We may share your data with:

  • Fleet operators or corporate clients using our platform
  • Payment processors and financial institutions
  • Hosting and analytics service providers
  • Marketing and advertising partners (with consent)
  • Legal or regulatory authorities (where required by law)
  • Business acquirers or investors (with confidentiality safeguards)

International Data Transfers

If your data is transferred outside your region (including outside the European Economic Area), we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions, are in place.

Data Security

We employ:

  • AES-256 encryption at rest and TLS encryption in transit
  • Firewalls and intrusion detection systems
  • Role-based access controls
  • Continuous system monitoring
  • Staff privacy and security training
  • Data breach response protocols

Data Retention

We retain data only for as long as necessary for the purposes outlined in this policy:

  • Account data: lifetime of account + 3 years
  • Booking and trip data: 7 years (regulatory requirement)
  • Support records: 2 years
  • Marketing data: until consent is withdrawn If you request deletion, we will erase your data within 2 business days of confirmation, unless legal obligations require longer retention.

Cookies & Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Performance and usage analytics
  • Marketing and advertising (with consent)

You can manage preferences via our cookie banner or browser settings.

Marketing & Consent Management

  • Obtaining Consent: We clearly state purposes for data use and require affirmative action to opt in.
  • Modifying Consent: You can update preferences via account settings or by contacting us.
  • Withdrawing Consent: You may withdraw consent at any time without negative consequences.

We may send marketing communications if you have opted in. You can unsubscribe anytime.

Your Data Protection Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct or update your data
  • Delete your data (“Right to be Forgotten”)
  • Restrict or object to processing
  • Withdraw consent at any time
  • Data portability in a machine-readable format

Requests will be addressed within one month. Contact: info@yelowsoft.com

Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect data from children. In exceptional cases where data from individuals under 18 is processed (e.g., for employment), we obtain verified parental or guardian consent.

Privacy & Third-Party Websites

Our websites may contain links to external websites. This policy applies only to Yelowsoft; you should review the privacy policies of any third-party sites you visit.

Monitoring, Enforcement & Compliance

  • Compliance with this policy is reviewed periodically by our Information Security Team.
  • Violations may result in disciplinary action.
  • Technology solutions are in place to monitor adherence to privacy policies and procedures.
  • Any exceptions require written approval from the CEO/CTO.

Policy Updates

We may update this policy from time to time. Updates will be posted on our website with the revised effective date. For significant changes, we will notify you via email or in-app notifications.

Contact Us

If you have questions, concerns, or complaints about this policy, or wish to exercise your data rights:

Contacting the Relevant Authority

If you believe we have not addressed your concerns satisfactorily, you may contact your local data protection authority.

If you like, I can also prepare a comparison matrix showing which parts of Privacy Policy 1 and Privacy Policy 2 were merged into each section — that way, you’ll have a clear audit trail for compliance purposes. Would you like me to prepare that?