Legal

Data Processing Agreement

Effective: 2026-01-15

This Data Processing Agreement (DPA) forms part of the Terms of Service between TaxiCloud Ltd. (Processor) and the Customer (Controller). It is GDPR Article 28 compliant and incorporates the EU Standard Contractual Clauses where applicable. Pre-signed copies are available for signature on request — email legal@taxicloud.ai. The DPA covers scope of processing, data security, sub-processors, sub-processor change notifications, and data subject request handling.

1. Scope of processing

TaxiCloud processes Customer Personal Data on behalf of the Customer only for the purpose of delivering the dispatch platform Service. The nature, purpose, duration, and types of personal data are described in the Annex below.

2. Roles

The Customer is the Data Controller. TaxiCloud is the Data Processor. For our marketing-website visitors, TaxiCloud is the Data Controller — see the privacy policy.

3. Sub-processors

The current sub-processor list:

  • Amazon Web Services EMEA SARL — infrastructure (Frankfurt eu-central-1, optionally Dublin eu-west-1 on Pro Ultra)
  • Stripe Payments Europe Ltd. — payment processing (PCI-DSS Level 1)
  • Anthropic Ireland Ltd. — LLM inference for AI Copilot (PII masked at boundary; prompts not retained for training)
  • Plausible Insights OÜ — privacy-respecting first-party analytics on the marketing website
  • Cloudflare Inc. — DNS, DDoS protection, CDN
  • Twilio Ireland Ltd. — SMS gateway for passenger notifications (where the Customer enables it)

Customers receive 30-days' notice of new or replaced sub-processors via email and may object to a new sub-processor; objections are handled per Section 4.

4. Sub-processor change notifications

Material changes to sub-processors are notified to the operator contact at least 30 days in advance. If the Customer objects, the parties will attempt in good faith to find a workaround; if no agreement is reached within 30 days, the Customer may terminate the affected portion of the Service for cause without further notice.

5. Security

TaxiCloud implements technical and organisational measures including TLS 1.3 in transit, AWS KMS encryption at rest, MFA on all privileged-access accounts, quarterly third-party penetration tests, SOC 2 (in progress, audit underway 2026), ISO 27001 controls mapping, and PCI-DSS Level 1 compliance via Stripe. See the security page for details.

6. Data subject requests

TaxiCloud assists the Customer in responding to data subject access requests, deletion requests, and portability requests within 7 working days. The Customer initiates requests via privacy@taxicloud.ai.

7. International transfers

Customer Personal Data is stored in the European Economic Area (Frankfurt or Dublin). Where transfers outside the EEA are necessary, the parties rely on the EU Standard Contractual Clauses (SCCs) and a documented transfer impact assessment.

8. Data breach notification

TaxiCloud notifies the Customer of any personal data breach without undue delay and in any case within 72 hours of becoming aware, providing the information required under GDPR Article 33(3).

9. Termination and return

On termination of the Service, the Customer may export Personal Data as CSV or via the authenticated API for 30 days. After 30 days, all Personal Data is permanently deleted from production systems and within 90 days from backups, except where legal retention obligations apply.

Annex — Categories of Personal Data and Data Subjects

Data Subjects: the Customer's passengers, drivers, and authorised dispatcher users.

Categories of Personal Data: name, contact details (phone, email), pickup and dropoff coordinates, fare and payment metadata, driver licensing and vehicle assignment, AI Copilot prompt context (with PII masked at the boundary).

Special Categories: none, save where the Customer configures accessibility preferences (wheelchair access, assistance dog) per data subject — processed on the basis of explicit consent from the data subject.

Signing and contact

Pre-signed copies are available on request: legal@taxicloud.ai. Most Customers accept this DPA by reference in the Order Form.

Ready when you are

Dispatch on autopilot.

14-day free trial. No card. Cancel anytime.

47 fleets joined this month · Talk to sales