CoRi Data Privacy & Security Notice

1. Introduction

CoRIDE Smart Mobility Solutions Ltd. (“CoRi,” “CoRIDE,” “we,” “us,” or “our”) is committed to protecting your privacy and handling personal data responsibly and securely. This Privacy Notice describes how we collect, use, process, disclose, store, and protect your personal data in connection with our services.

We process personal data in accordance with applicable laws of the United Arab Emirates, including applicable personal data protection requirements, transport-sector compliance obligations, and lawful requests from competent authorities.

2. Data We Collect

Depending on the services you use, we may collect the following categories of data:

• Identity Data: full name, date of birth, account details, and verified identification information where required, including Emirates ID verification for certain access tiers.
• Professional or Institutional Data: employer details, university details, work or student verification data, and related credentials for closed-loop or restricted access environments.
• Contact Data: email address, mobile number, and communication preferences.
• Location Data: real-time GPS coordinates, pickup and drop-off points, route preferences, corridor history, and background location data where enabled for service continuity and safety.
• Financial and Transaction Data: ride fares, payment status, transaction records, billing details, and limited payment metadata handled through secure third-party processors.
• Usage Data: ride history, booking activity, app interactions, support tickets, device information, IP address, and browser or operating system data.
• Safety and Verification Data: incident reports, complaint records, fraud-prevention signals, and account verification outcomes.
• Analytics Data: route efficiency information, corridor demand signals, estimated emissions savings, and anonymized mobility trends.

3. How We Use Your Data

We may use personal data for the following purposes:

• To create, manage, and secure your account.
• To provide CoRi’s AI-driven batching, matching, and virtual hub services.
• To support booking, dispatch coordination, ride-related communications, and customer support.
• To verify eligibility for Professional Tier or other restricted-access environments.
• To support safety, fraud prevention, misuse detection, and operational integrity.
• To comply with applicable legal and regulatory obligations, including lawful transport oversight requirements.
• To process payments, refunds, billing, and reconciliation.
• To improve performance, quality, reliability, analytics, and service design using anonymized or minimized data where appropriate.
• To communicate operational notices, service updates, and other permitted service-related communications.

4. Data Sharing and Third Parties

We do not sell your personal data. We may disclose data only where necessary and lawful, including to:

• Regulatory Authorities: including transport or competent authorities where disclosure is required by law.
• Cloud, Hosting, and Security Providers: for secure infrastructure, storage, communications, and cybersecurity operations.
• Payment Processors: to process fares, payments, refunds, and billing events.
• Verification Providers: where eligibility or identity checks are necessary.
• Professional Advisers: including auditors, lawyers, and insurers acting under confidentiality obligations.
• Corporate Transaction Parties: where necessary in connection with restructuring, financing, mergers, acquisitions, or sale of assets, subject to appropriate safeguards.

5. Data Security Measures

We maintain reasonable and appropriate administrative, technical, and organizational safeguards, including:

• Encryption in transit using secure protocols.
• Encryption or equivalent protection for sensitive data at rest where appropriate.
• Role-based access controls and least-privilege access principles.
• Monitoring, logging, and incident response procedures.
• Data minimization, anonymization, or pseudonymization where practical and lawful.

6. Data Retention

We retain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, including to provide services, comply with legal or regulatory requirements, resolve disputes, enforce agreements, prevent fraud, and protect our legitimate interests.

7. Your Rights

Subject to applicable law, you may have the right to:

• Request access to personal data we hold about you.
• Request correction of inaccurate or incomplete personal data.
• Request deletion of personal data where retention is no longer required or otherwise lawful.
• Withdraw consent where processing is based on consent.
• Request information about how your personal data is used and shared.

These rights are not absolute and may be limited where legal, regulatory, compliance, fraud-prevention, or dispute-resolution obligations require continued processing or retention.

8. Children and Minors

Our services are not intended for persons below the age permitted by our eligibility rules or applicable law. If an account requires an adult user, you must be at least 18 years old to register and use the Platform.

9. Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in law, operations, services, or internal practices. We will publish the updated version on this page with the revised effective date.

10. Contact Us

If you have privacy-related questions, requests, or complaints, please contact us: