Privacy policy
What personal data TrustTrip processes, why, and the choices you have.
TrustTrip processes personal data for one purpose family: operating a trustworthy shared-travel platform. This policy explains what we collect, why we collect it, how long we keep it, and the rights you can exercise — in plain language.
Our data principles
Three principles govern every processing activity on TrustTrip. First, purpose limitation: data is used to operate the service — accounts, bookings, payments, safety, fraud prevention, and support — not for unrelated resale. Second, access limitation: internal access is restricted by role and operational need, and sensitive operations are audited. Third, proportional retention: records are kept as long as needed for the service, legal obligations, and dispute resolution, then removed or anonymized.
What we process and why
Account and identity
Name, email, phone verification status, language preference, and role-specific profile fields. Drivers additionally provide verification documents (licence, vehicle, insurance) reviewed during onboarding. Purpose: account security, eligibility, and trust.
Trips and bookings
Published routes, schedules, seat reservations, booking history, and the messaging tied to confirmed shared travel. Purpose: operating the marketplace and providing a reliable record when something goes wrong.
Payments
Payment metadata (amounts, status, references) processed through our payment provider. TrustTrip does not store full card numbers. Purpose: secure checkout, refunds under the cancellation policy, and accounting obligations.
Support and safety
Support conversations, reports, and policy events (cancellations, no-shows, reviews). Purpose: helping you, enforcing community rules, and keeping reliability signals accurate.
Sharing and processors
Personal data is shared in two situations only. With other members: the minimum required to run a shared trip (your public profile, pickup points, trip messaging) — never your payment details. With service providers: hosting, payment processing, and communication providers acting under contract as processors. TrustTrip does not sell personal data.
Your rights in Canada
Canadian privacy law — including PIPEDA and, in Quebec, the private-sector privacy framework (Law 25) — gives you rights over your personal information: to access it, to correct it, to withdraw consent where processing relies on it, and to ask questions about how it is handled.
To exercise a right or ask a privacy question, contact support through the documented channels. We respond within the timelines required by applicable law, and you can escalate to the relevant privacy authority if you are not satisfied with the answer.
Changes to this policy
We may update this policy as the product and applicable law evolve. Material changes are communicated before they take effect. This page always reflects the current published version.