Privacy Policy

Privacy Policy

Catch Technologies Inc. — Privacy Policy

Effective date: October 8, 2025

Who we are: Catch Technologies Inc. (“Catch”, “we”, “us”, “our”) operates a Canadian ride-hailing platform connecting riders and drivers via our apps, websites, and support channels (the “Catch Platform”).

Where this policy applies

This policy applies to riders; driver applicants and active drivers; visitors to our websites; enterprise/business account users; and anyone who contacts our support. It covers personal information as defined under Canadian privacy laws (PIPEDA; Alberta PIPA; BC PIPA; Québec’s Act respecting the protection of personal information in the private sector as amended by Law 25).

Our privacy commitments

• We follow Canada’s accountability/consent model and the OPC’s meaningful-consent guidance (layered, just-in-time, easy withdrawals).

• In Québec, we designate a privacy officer, keep an incident register, disclose use of technologies that identify, locate, or profile individuals, and assess cross-border transfers (DPIA/PIA) as required.

1) Personal information we collect

A. You provide

• Identity & contact: name, email, phone, postal address, date of birth, profile photo.

• Account & preferences: saved places, accessibility needs, language/pronouns.

• Payment & tax: card details via PCI-compliant processors; driver banking and tax identifiers.

• Driver screening: licence/class, driving record abstracts (where applicable), right-to-work, vehicle registration/insurance, MVR/police/background reports (consent obtained).

• Verification/biometric checks: selfie/liveness images (if used), ID scans only with express consent and subject to provincial law.

• Communications & support: feedback, ratings, survey responses, attachments.

B. Collected automatically when you use the Platform

• Precise location (rider app during request drop-off; driver app while online and briefly after for incident detection), route, distance, speed/accel (device sensors/telematics), network data (IP, Wi-Fi/Bluetooth beacons), device identifiers, OS/browser, push tokens.

• Ride details: pickup/drop-off, timestamps, fare, promo usage.

• In-app communications: masked calls/SMS and chat metadata and contents; safety-flagging may trigger recording/retention (you’ll see an on-screen notice).

• Cookies/SDKs/analytics/ads: tools to operate, secure, measure, and improve the Platform and show/measure ads (see Section 7 and Cookie Notice).

C. From others

• Background-check and identity vendors; payment processors; mapping/telemetry providers; insurers/adjusters; enterprise customers; referral partners; lawful requests from regulators/law enforcement (see Section 9).

• Safety reports from users or third parties (e.g., incident witnesses).

• Municipal/provincial transport programs that require limited trip stats for planning/audits (always aggregated/limited unless law says otherwise).

2) How we use personal information (purpose + examples)

• Provide the service: account setup, identity checks, driver onboarding, matching riders/drivers, routing, pricing/fare calculation, payments/receipts, ETA/share-trip.

• Safety & integrity: licence/vehicle eligibility, telematics-based unsafe-driving detection, incident response, fraud/abuse prevention, deactivation decisions, insurance and claims handling.

• Support: troubleshoot, appeals, accessibility accommodations.

• Improve & innovate service quality, demand forecasting, app performance testing.

• Marketing & communications: service updates, promotions, ads on and off our services (with consent/choices).

• Compliance: tax/accounting, municipal audits, regulator reporting, legal requests.

• Our use follows PIPEDA’s purpose-limitation and consent principles and the OPC’s meaningful-consent guidance.

3) Lawful authority & consent in Canada

We rely on consent (express or implied, depending on sensitivity and context). We obtain express consent for: background checks; selfie/liveness/ID scanning; precise location; and profiling/ads where required (including Québec’s enhanced transparency for technologies that identify, locate, or profile). You can withdraw consent at any time, but some features (e.g., rides, driver activation) may require certain data.

4) Automated decision-making & profiling

We use automated tools for fraud prevention, unsafe-driving detection, dynamic pricing/fare estimates, and trust/safety risk scoring. You may request information about how such decisions are made, the principal factors, and your options; in some cases, you can contest or request human review (noting we must balance platform safety and anti-fraud). Québec users receive additional transparency about technologies used for identification, location, or profiling.

5) Sharing your information

We do not sell personal information for money. We share only as described:

• Service providers/Processors: identity/background, payments, cloud hosting, mapping/telematics, analytics/measurement, customer support, communications (masked calling/SMS), marketing/ads—under contracts with security and use restrictions.

• Riders ↔ Drivers: names, profile photos, pronouns (if set), ratings, vehicle and plate, real-time approach, pickup/drop-off (and additional stops); shared-ride participants may see each other’s first name/photo and stop sequence.

• Enterprise payors/Programs: limited trip details for billing/compliance when a third-party requests/pays.

• Insurers/adjusters: claims, incident data, and telematics where relevant.

• Municipal/provincial authorities: limited, often aggregated trip stats where required by applicable bylaws/regulations/audits.

• Legal & safety: to comply with law or protect rights/safety (see Section 9).

• Corporate transactions: merger, acquisition, or restructuring (with safeguards).

6) Cross-border transfers

We may store or process data in Canada and other countries (e.g., the United States). When we transfer personal information, we remain accountable under PIPEDA and require comparable protections by contract; we disclose that foreign authorities may access data under their laws. For Québec users, we conduct a privacy impact assessment for transfers outside Québec and disclose that your information may be communicated outside Québec.

7) Cookies, SDKs, and analytics

We use cookies/SDKs for core functionality, security/fraud, performance analytics, and to show/measure ads. You can manage preferences in-app, in our Cookie/Tracking Notice, and via your device/browser settings. We implement meaningful consent patterns (layered notices, clear choices, and easy opt-outs).

8) Retention

We keep personal information only as long as needed for the purposes above and to meet legal, tax, audit, insurance, and safety obligations, then securely delete or anonymize it. Typical periods (subject to lawful holds):

• Trip & receipt records: 7 years (tax/accounting).

• Driver onboarding (licence/vehicle/insurance) & background-check outcomes: at least the engagement period + 7 years after deactivation (claims/defence).

• Safety/incident and claims files: 7–10 years depending on limitation periods and insurer requirements.

• Telematics and communications logs: up to 3 years, longer if linked to an investigation or legal hold.

(Where a specific statute or regulator requires a different period, we follow that requirement.)

9) Security

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the data (access controls, encryption in transit/at rest, network monitoring, vendor due diligence, least-privilege, secure development, incident response). No security is perfect; we cannot guarantee absolute security.

10) Your privacy rights & choices (Canada)

• Access & correction: request a copy and ask us to correct inaccuracies.

• Withdraw consent/marketing choices: unsubscribe from marketing emails; manage push/SMS; adjust tracking preferences; disable precise location (note: service may be limited).

• De-indexation/cease dissemination (Québec): request that we stop disseminating certain personal information or de-index links under Law 25 criteria.

• Portability (where available): if/when regulations are in force, request a structured copy of certain computerized personal information.

• Response times: we aim to respond within 30 days (extensions permitted by law).

How to exercise: use the in-app Privacy menu, email the Privacy Officer, or write to our postal address (Section 13). We will verify your identity before fulfilling requests.

11) Children & teens in Canada

The Platform is not intended for children under 13. We do not knowingly collect personal information from children under 13; if discovered, we delete it. For teens, we apply age-appropriate consent and allow guardian involvement where required.

12) Breach notification (what happens if there’s a breach)

If a breach of security safeguards creates a real risk of significant harm (RROSH), we will notify the Office of the Privacy Commissioner of Canada (OPC) and affected individuals as soon as feasible and keep records of all breaches. In Alberta, we notify the OIPC without unreasonable delay and follow any directions to notify individuals. In Québec, if there is a risk of serious injury, we promptly notify the CAI and affected individuals and maintain an incident register.

13) Contact & Privacy Officer

Privacy Officer (Canada):

Title: Privacy Officer, Catch Technologies Inc.

Email: admin@gotocatch.com (example)

Mail: [Company address], Canada

In Québec, the Privacy Officer is responsible for compliance and can be reached at the contact above; the Officer’s title and contact are published here as required by Law 25.

14) Changes to this policy

We may update this policy as our services or laws evolve. We’ll post updates here and, for material changes, provide a prominent in-app notice or email. Your continued use after the effective date means you accept the updated policy.

15) Linked notices

• Cookie/Tracking Notice (granular controls)

• Driver Screening & Safety Notice (background/telematics specifics)

• Law-Enforcement Guidelines (how we handle requests)

• Terms of Service (contract terms)