Privacy Policy

Yango Driver Privacy Policy

1. Effective Date and Identity

- Effective Date: March 12, 2026 

- App: Yango Driver 

- Company: JKM Global Pvt Ltd

2. Scope of Policy

This Privacy Policy explains how JKM Global Pvt Ltd collects, uses, stores, shares, and protects personal data when you use the Yango Driver mobile application and related services.

This policy applies to users in Sri Lanka and other regions where the app is available. By using Yango Driver, you agree to the practices described in this policy.

3. Data Collected

We collect the following categories of data.

3.1 Account and Authentication Data

- Google OAuth login data or OTP phone authentication data.

- Device identifier (device ID), user ID, session and authentication tokens.

- Login provider and account session metadata.

3.2 Driver Profile Data

- Full name, profession, date of birth, gender, home address.

- Driver profile image/photo.

3.3 Vehicle and Verification Document Data

- Vehicle details and vehicle photos.

- Driver's license documents (front and back).

- Vehicle insurance/vehicle document uploads (front and back).

- Document verification status and related metadata.

3.4 Ride, Operations, and Location Data

- Pickup and drop-off coordinates and addresses relevant to rides.

- Ride request, accepted request, and trip history information.

- Status updates and operational ride events.

- Passenger contact visibility during active trip contexts where required for service completion.

- Real-time or current location data when ride operations and map features are used.

3.5 Optional Referral and Friend Booking Metadata

- Referral information submitted during onboarding or profile completion.

- Friend booking metadata where such booking details are included in requests (for example friend name/phone/NIC when provided by passenger flows).

3.6 Earnings and Payment Data

- Fare and ride finance records.

- Wallet/earnings summaries and payout request records.

- Payment and invoice-related transaction data.

3.7 Notifications and Device Messaging Data

- Firebase Cloud Messaging (FCM) token, platform type (Android/iOS), and driver ID for push notification delivery.

- Notification payloads and notification records saved locally.

3.8 Emergency and Safety Data

- Emergency alert type, geolocation (latitude/longitude), and optional location address when emergency features are used.

3.9 Technical and Local Storage Data

- Data stored in SharedPreferences, secure storage, Hive, sqflite, and cached files as needed for app functionality.

- Foreground service/overlay-related operational state where enabled for ride alerts and floating-bubble style experience on supported Android devices.

4. How We Use Data

We use personal data to:

- Create and manage your driver account and authenticate access.

- Verify driver and vehicle documentation.

- Enable ride matching, navigation context, request handling, and trip execution.

- Calculate earnings, commissions, payouts, and related financial records.

- Enable push notifications and urgent ride updates.

- Enable safety and emergency workflows.

- Detect abuse, fraud, unauthorized use, and service misuse.

- Maintain and improve app performance, reliability, and user experience.

- Comply with legal and regulatory obligations.

5. Legal Basis and Processing Context

Depending on the situation, we process data for the following purposes:

- Service delivery and contract performance: to provide transportation platform functions requested by users.

- Safety and legitimate interests: to maintain platform trust, prevent fraud, secure accounts, and resolve disputes.

- Compliance obligations: to satisfy applicable legal, regulatory, tax, audit, and law-enforcement requirements.

6. Data Sharing and Third Parties

We do not sell personal data. We may share data only as needed for operations, safety, and legal compliance.

Data may be shared with:

- Passengers and relevant participants to fulfill ride services.

- Service providers and infrastructure operators supporting app functionality.

- Government authorities, regulators, courts, or law enforcement where legally required.

Third-party and platform services used include:

- Google services: Google Sign-In, Google Maps, Directions, Places.

- Firebase Cloud Messaging: push notification delivery.

- Yango backend microservices: auth, driver, passenger, hire, payment, review, admin services.

- MQTT infrastructure: real-time ride messaging flows.

- External link handlers: phone, map, and email launch actions when you tap related options.

7. Data Retention

We retain data for as long as necessary to:

- Provide services and maintain driver account functionality.

- Support safety, fraud prevention, and dispute handling.

- Meet legal, tax, accounting, and regulatory obligations.

When data is no longer required, we delete it or anonymize it according to operational and legal requirements.

8. Security Controls

We apply reasonable administrative, technical, and organizational safeguards, including:

- Secure storage for sensitive tokens and credentials.

- Access controls and authenticated service requests.

- Segregated microservice architecture for critical backend operations.

No online platform can guarantee absolute security, but we continuously work to protect data.

9. User Rights

Subject to applicable law, you may request:

- Access to your personal data.

- Correction of inaccurate or outdated data.

- Deletion of personal data.

- Restriction or objection to certain processing activities.

To submit a privacy request, contact us using the details in Section 13 with the subject:

"Privacy Request - Yango Driver".

We will review and respond within a reasonable timeframe, typically within 30 days where practical and legally permitted.

10. Children's Privacy (Under 18)

Yango Driver is not intended for individuals under 18 years of age. 

We do not knowingly allow minors under 18 to operate accounts for this app. If you believe such data was provided, contact us so we can investigate and take appropriate action.

11. Cross-Border Processing

Our services and technical providers may process or store data in multiple jurisdictions. 

Where cross-border transfers occur, we apply reasonable safeguards and controls consistent with applicable legal requirements.

12. Policy Updates

We may update this Privacy Policy from time to time. When material updates are made, we will update the effective date and may provide in-app notice or other appropriate communication.

Continued use of Yango Driver after an update means you acknowledge the revised policy.

13. Contact Details

For privacy questions or requests related to Yango Driver, contact:

- Company: JKM Global Pvt Ltd 

- Email: driversupport@yango.com 

- Phone: +94######

- Policy request subject: Privacy Request - Yango Driver

Yango Passenger Privacy Policy

Effective Date: March 12, 2026 

App: Yango Passenger 

Company: JKM Global Pvt Ltd

1. Scope of Policy

This Privacy Policy explains how JKM Global Pvt Ltd collects, uses, stores, shares, and protects personal data when you use the Yango Passenger mobile application and related services.

This policy applies to users in Sri Lanka and other regions where the app is available. By using Yango Passenger, you agree to the practices described in this policy.

2. Data Collected

We collect the following categories of data.

2.1 Account and Authentication Data

- Google OAuth login data or OTP phone authentication data.

- Device identifier (device ID), user ID, session and authentication tokens.

- Login provider and related account session metadata.

2.2 Profile and Identity Data

- Name, phone number, email address, date of birth, gender, address.

- Profile photo/image uploads.

- NIC document uploads (front and back) for verification where required.

2.3 Ride and Location Data

- Pickup and drop-off coordinates and addresses.

- Ride request and trip history data.

- Passenger count, special ride requirements, booking type (self/friend).

- Real-time or current location data when location-based ride functions are used.

2.4 Optional Friend Booking Data

- Friend name, friend phone number, and optional friend NIC for "Book for a friend" flows.

2.5 Contacts Data (Optional)

- If you choose "Add from Phonebook," the app may access your contacts to help populate friend booking details.

- Contact access is optional and permission-based.

2.6 Notifications and Device Messaging Data

- Firebase Cloud Messaging (FCM) token, platform type (Android/iOS), and passenger ID for push notification delivery.

- Notification content and notification records saved locally.

2.7 Emergency and Safety Data

- Emergency alert type, geolocation (latitude/longitude), and optional location address when emergency features are used.

2.8 Payment and Transaction Data

- Payment method information (for example, CASH/CARD).

- Card display metadata only (for example, brand and last 4 digits).

- Payment and transaction records related to trips and invoices.

- The app does not intentionally store full card numbers or CVV in local app storage.

2.9 Technical and Local Storage Data

- Data stored in SharedPreferences, secure storage, Hive, sqflite, and cached files as needed for app functionality.

3. How We Use Data

We use personal data to:

- Create and manage your account and authenticate access.

- Provide ride discovery, booking, routing, tracking, and trip management.

- Process trip-related payments and finance records.

- Enable push notifications and ride status updates.

- Enable friend booking and optional contact-based convenience features.

- Enable emergency and safety workflows.

- Detect abuse, fraud, unauthorized use, and service misuse.

- Maintain and improve app performance, reliability, and user experience.

- Comply with legal and regulatory obligations.

4. Legal Basis and Processing Context

Depending on the situation, we process data for the following purposes:

- Service delivery and contract performance: to provide transportation platform features you request.

- Safety and legitimate interests: to maintain platform safety, prevent fraud, secure accounts, and resolve disputes.

- Compliance obligations: to satisfy applicable legal, regulatory, tax, audit, or law-enforcement requirements.

5. Data Sharing and Third Parties

We do not sell personal data. We may share data only as needed for service operation, safety, and legal compliance.

Data may be shared with:

- Drivers and relevant participants to fulfill ride requests (for example, pickup/drop and contact context required for the trip).

- Service providers and infrastructure operators supporting app functionality.

- Government authorities, regulators, courts, or law enforcement where legally required.

Third-party and platform services used include:

- Google services: Google Sign-In, Google Maps, Directions, Places.

- Firebase Cloud Messaging: push notification delivery.

- Yango backend microservices: auth, passenger, driver, hire, payment, review, admin services.

- MQTT infrastructure: real-time messaging for ride-related flows.

- External link handlers: phone, map, and email launch actions when you tap related options.

6. Data Retention

We retain data for as long as necessary to:

- Provide services and maintain your account.

- Support safety, fraud prevention, and dispute resolution.

- Meet legal, tax, accounting, and regulatory obligations.

When data is no longer needed, we delete it or anonymize it according to operational and legal requirements.

7. Security Controls

We apply reasonable administrative, technical, and organizational safeguards, including:

- Token and sensitive value protection using secure storage mechanisms.

- Access controls and authenticated service requests.

- Segregated service architecture for core backend operations.

No online platform can guarantee absolute security, but we continuously work to protect user data.

8. User Rights

Subject to applicable law, you may request:

- Access to your personal data.

- Correction of inaccurate or outdated data.

- Deletion of personal data.

- Restriction or objection to certain processing activities.

To submit a privacy request, contact us using the details in Section 13 with the subject:

"Privacy Request - Yango Passenger".

We will review and respond within a reasonable timeframe, typically within 30 days where practical and legally permitted.

9. Children's Privacy (Under 18)

Yango Passenger is not intended for individuals under 18 years of age. 

We do not knowingly allow minors under 18 to operate accounts for this app. If you believe such data was provided, contact us so we can investigate and take appropriate action.

10. Cross-Border Processing

Our services and technical providers may process or store data in multiple jurisdictions. 

Where cross-border transfers occur, we apply reasonable safeguards and controls consistent with applicable legal requirements.

11. Policy Updates

We may update this Privacy Policy from time to time. When material updates are made, we will update the effective date and may provide in-app notice or other appropriate communication.

Continued use of Yango Passenger after an update means you acknowledge the revised policy.

12. Contact Details

For privacy questions or requests related to Yango Passenger, contact:

- Company: JKM Global Pvt Ltd 

- Email: support@yango.com 

- Phone: +94######### 

- Policy request subject: Privacy Request - Yango Passenger