Privacy Policy

1. Scope and Applicability

​

This Privacy Policy applies to Riding Verse (RV) by Riding Verse PRIVATE LIMITED,and covers all users accessing our services (mobile app or web) in India. We handle “digital personal data” as defined under Indian law, i.e. any personal data collected in digital form. Our policy complies with the Information Technology Act 2000 and its 2011 Sensitive Personal Data Rules, as well as the Digital Personal Data Protection Act, 2023 (DPDP Act). In particular, we limit data collection and processing to what is necessary for the purposes described below, in accordance with Indian law’s purpose- and data-minimization principles.

​

2. Types of Data Collected

 

We collect the following categories of data to support app features (real-time messaging, events, location, and community):

•Personal Information: User’s name, email address, phone number, and profile photograph.

•User-Generated Content: Photos, videos, or other media that users upload or share within the app (e.g. ride photos, forum posts).

• Ride and Community Participation Data: Information relating to rides, tours, meetups, expeditions, events, communities, and clubs created, joined, organized, administered, or attended by users, including participation status, RSVPs, registrations, ride preferences, community memberships, attendance records, route information, ride planning data, and interactions with other participants.

•Device and Usage Data: Device model, operating system version, app usage logs, and IP address (recognizing IP addresses as personal data under Indian law).

• Real-Time Location Data: GPS coordinates, route information, ride tracking data, navigation data, and location history, but only when the user has explicitly granted consent. During active rides, location information may be shared with ride participants, Ride Creators, community administrators, club administrators, and authorized members for ride coordination, navigation, rider visibility, safety, group ride management, and community features. Users may disable location sharing through device or application settings; however, certain ride-related features may become unavailable.

•Cookies and Tracking Data: If the service is accessed via a web interface, we use cookies or similar technologies to manage sessions and preferences (e.g. a session cookie to stay logged in).All data collected is used solely to provide and improve the app’s functionalities.

We do not collect any additional sensitive personal data (such as health, financial, biometric, and racial or caste data) unless explicitly required and consented to by the user. 
• Push Notifications: With user permission, Riding Verse may send push notifications relating to rides, route updates, navigation alerts, community announcements, event reminders, safety notifications, account activity, and service-related communications. Users may disable push notifications through their device settings at any time. 

​

3. Legal Basis and Purpose of Processing

 

We process personal data only on valid legal grounds:

•User Consent: For optional features (e.g. real-time location sharing, push notifications, marketing communications), we obtain explicit user consent before collecting data. The DPDP Act emphasizes consent as the primary lawful basis for personal data processing. Users can withdraw consent at any time (see Section 6).

•Performance of Contract: Processing necessary to provide the service (e.g. account creation, login, order fulfilment of event tickets) relies on contractual necessity. For example, to enable messaging or event coordination, we use the user’s account information.

•Legitimate Interests:

Operational, Security, and Service Improvement Purposes: We may process certain information for operational purposes, fraud prevention, platform security, service improvement, analytics, troubleshooting, performance monitoring, ride coordination, navigation functionality, and platform integrity to the extent permitted by applicable law and consistent with user consent and lawful uses recognized under the Digital Personal Data Protection Act, 2023. In line with the DPDP Act’s limited “legitimate use” exemptions, we only process voluntarily provided data for improvements and security, ensuring such processing is proportionate and does not override user rights.

All processing is for the purposes disclosed at collection (e.g. community building, messaging, event planning, ride tracking) and otherwise as permitted by law. We do not use personal data for unrelated or hidden purposes.

​

4. Data Sharing and Disclosure

 

We may share personal data with:

•Service Providers: Third-party processors who provide essential services (e.g. cloud hosting, push notifications, analytics, email/SMS delivery). These vendors access data only as needed to provide services to us, under strict contractual and confidentiality obligations.

•Event Partners and Affiliates: Selected third parties who co-sponsor or organize biking events (e.g. event organizers, sponsors, venue partners), for coordinating events or prizes. We only share data with their consent or where required for the event purpose.

• Ride Creators, Club Administrators, and Community Administrators: When a user joins, registers for, RSVPs to, participates in, or interacts with a ride, meetup, tour, expedition, event, club, or community, certain profile information, participation details, ride-related information, and communications may be visible to or shared with the respective Ride Creator, club administrator, community administrator, or organizer for coordination, communication, safety, navigation, attendance management, ride planning, and community management purposes.

• Third-Party Payment Information: Riding Verse currently does not collect, process, store, manage, or control payments relating to user-generated rides, clubs, communities, tours, meetups, expeditions, or activities. Any payment made through QR codes, UPI IDs, bank accounts, payment links, digital wallets, payment gateways, or other payment methods provided by Ride Creators, organizers, clubs, communities, sponsors, vendors, or third parties is conducted directly between the participating parties. Riding Verse does not receive, process, or store banking credentials, card details, UPI PINs, payment passwords, CVV numbers, OTPs, financial account credentials, or other payment authentication information relating to such transactions.

•Business Transfers: In the event of a merger, sale, or asset transfer, personal data may be transferred to new owners under obligations to preserve privacy.

We do not sell or rent personal data to third parties. Any disclosure to third parties occurs under strict controls: sensitive personal data can only be shared with third parties with the user’s permission, or as contractually agreed. In all cases, any third-party receiving data is contractually bound to comply with data protection requirements (including the DPDP Act). For example, the law requires that transfers to another data processor or fiduciary must be governed by a valid contract, and that disclosure to third parties generally requires prior permission or contractual authorization. We also comply with legal requests from government or law enforcement agencies as required by law.

​

5. International Data Transfers

 

Some of our infrastructure (e.g. cloud servers on AWS or Google Cloud) may be located outside India. When transferring personal data outside India, we will comply with DPDP Act requirements. The DPDP Act permits cross-border transfer to any country except those blacklisted by the Government, and only under appropriate safeguards (e.g. contractual clauses). We ensure any international transfer (e.g. storing backups on overseas servers) is done lawfully, with encryption and contractual protections, and in accordance with any Indian government restrictions (such as blacklists).

​

6. User Rights and Controls

 

Under Indian law, users (data principals) have the following rights regarding their personal data:

•Right of Access: You may request a summary of the personal data we hold about you and how it is being processed.

•Right to Rectification/Correction: You may request correction or completion of inaccurate or incomplete personal data.

•Right to Erasure (Deletion): You may request erasure of your personal data that was processed based on consent, unless retention is required by law.

•Right to Withdraw Consent: You may withdraw any previously given consent at any time (the process for withdrawal will not be more difficult than it was to give consent). Upon withdrawal, we will cease processing that data and delete it as required.

• Community Visibility Controls: Users may control certain profile visibility settings through the Platform. However, profile information, ride participation status, community membership, ride registrations, shared content, and communications may remain visible to members of communities, clubs, rides, or activities in which the user chooses to participate, subject to the applicable privacy settings and platform functionality.

To exercise any of these rights, please contact us as provided in Section 10. We will respond to valid requests within the time frame prescribed by law. Please note that under the DPDP Act, these rights apply only to data processed on the basis of consent; data processed on other lawful bases (e.g. legal obligation) may be subject to different rules.

 

7. Data Retention

 

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or to comply with legal obligations. In practice:

•Active Accounts: We retain user data during the time your account is active.

•Account Deletion: When you delete your account or withdraw consent, we will generally delete or anonymize your personal data within 90 days by default (unless otherwise required to keep records by law).

•Backups and Archives: We may keep data in backups or archives for up to 90 days beyond account deletion, for recovery or legal compliance purposes; after that period data is permanently erased.

As the DPDP Act requires, we cease retention of personal data once it is no longer needed for our purposes or upon the user’s request for erasure. Similarly, the IT Rules mandate not retaining data longer than required. If specific laws require longer retention (e.g. accounting rules), we will securely store that data only to the extent needed.

​

8. Security Measures

 

We implement reasonable technical and organizational measures to protect personal data, as required under Indian law. These include:

• Ride and Community Data Protection: Riding Verse implements reasonable technical and organizational safeguards to protect ride information, route data, community information, participant records, communications, and location-based information shared through the Platform. Access to such information is restricted to authorized users and personnel as necessary for platform functionality, safety features, and service delivery.

•Encryption: We encrypt sensitive data in transit (using industry-standard TLS) and at rest (e.g. AES-256) to prevent unauthorized access.

•Access Control: Data access is limited to authorized personnel and services only. Administrative access uses strong authentication, and we regularly review permissions.

•Standards and Audits: We follow industry security standards (for example, ISO/IEC 27001) as a measure of compliance with “reasonable security practices”. Our servers and providers maintain security certifications and are independently audited.

•Monitoring and Logging: We maintain audit logs and monitoring to detect unauthorized access or anomalies, and retain logs (at least for one year) to investigate any incidents.

•Breach Response: In the event of a data breach, we will take all necessary steps to contain the breach and notify affected users as required. Under the DPDP Act, we are obligated to notify the Data Protection Board and affected individuals in case of a personal data breach.

Overall, our security program is designed to ensure confidentiality, integrity, and availability of personal data. As noted under the DPDP Act, failure to implement reasonable safeguards can incur severe penalties, so we treat data security as a top priority.

 

9. Children’s Data

 

We do not permit children under 18 years of age to use the app, in line with international norms (COPPA standards). The DPDP Act defines a child as anyone under 18 years old. If a user is under 18, we require verifiable consent from their parent or legal guardian before collecting any personal data. We will not knowingly market to or accept sensitive information from children without parental consent. We do not use personal data of minors for profiling or targeted advertising.If we become aware that we have collected data from a child under 18 without verifiable parental consent, we will promptly delete that data and close the account, as required by law.

 

10. Grievance Officer

 

In accordance with the IT Act and Rules, we have appointed a Grievance Officer to address any privacy or data-related complaints. You may contact our Grievance Officer at:

•Name: Abhimanyu (Data Privacy Officer)

•Email: Abhimanyu.bishnoi@enitechnologies.com

•Address: EXPLORATIONS AND INNOVATIONS TECHNOLOGIES PRIVATE LIMITED, ,GALI SANGAM, WALI,BAGAT SINGH COLONY, Sirsa- 125055, Haryana, India

All grievances will be acknowledged and handled in a timely manner (typically within 30 days). You may also escalate unresolved complaints to the relevant Data Protection Authority once constituted. 
 

Ride Coordination and Community Features

The Platform facilitates ride planning, ride management, navigation, community engagement, club activities, messaging, and rider coordination. Certain information provided by users, including profile information, ride participation status, location information (where enabled), community memberships, and user-generated content, may be displayed to other authorized participants, Ride Creators, community administrators, or club administrators as necessary for the operation of such features.

Participation in rides, communities, clubs, and related activities is voluntary. Users are responsible for reviewing ride details, community settings, and visibility preferences before participating in any activity through the Platform.
 

11. Changes to This Policy

 

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we do, we will revise the “Last Updated” date at the bottom and notify users by in-app notification or email if the changes are significant. We encourage users to review this policy periodically for any updates. Continued use of the app after a policy update constitutes acceptance of the revised terms.

Effective Date: 27/05/2026

EXPLORATIONS AND INNOVATIONS TECHNOLOGIES PRIVATE LIMITED and Riding Verse Private Limited(Riding Verse(RV) App) is committed to your privacy and adheres to all applicable Indian laws, including the IT Act 2000 and DPDP Act 2023, in protecting your data.

​