Legal

Privacy policy

Effective: 2026-01-15

TaxiCloud processes personal data on behalf of UK and Ireland taxi and private-hire fleet operators. We are GDPR-compliant by design, host customer data in AWS Frankfurt (eu-central-1), and never sell or share customer data with third parties for advertising or marketing. Data subject access requests are handled within 30 days per Article 12. This policy explains what data we collect, why, how we protect it, and your rights as a data subject.

1. Who we are

TaxiCloud Ltd. is a company registered in England and Wales operating the TaxiCloud taxi dispatch software platform at taxicloud.ai. We act as a data processor on behalf of fleet-operator customers (the data controller) and as a data controller for our own marketing-website visitors. Contact: privacy@taxicloud.ai.

2. What personal data we process

For fleet operator customers, the platform processes booking metadata (pickup and dropoff coordinates, fare, timestamps, vehicle and driver identifiers), passenger contact details (name, phone, email) provided by the operator, driver records (name, licence, vehicle assignment), and operator account information (billing address, contact). For website visitors, we collect only IP address, user-agent, and first-party analytics events via Plausible. We do not use third-party advertising cookies.

3. Lawful bases

  • Contract: processing required to deliver the dispatch platform contracted with the operator.
  • Legitimate interest: first-party privacy-respecting analytics on the marketing website.
  • Legal obligation: retention of booking and licensing data per UK PHV and NTA Ireland SPSV regulations.
  • Consent: marketing communications and product updates (opt-in only, withdraw any time).

4. Where we store data

Customer dispatch data is stored in AWS Frankfurt (eu-central-1) by default. Pro Ultra customers may opt into AWS Dublin (eu-west-1) for in-country residency. We do not transfer data outside the European Economic Area without contractual safeguards (Standard Contractual Clauses) and a documented transfer impact assessment.

5. AI Copilot and LLM inference

AI Copilot prompts and dispatch context are processed by an LLM provider over an encrypted channel. Customer PII is masked before any data leaves the dispatch boundary for inference. We do not retain prompts for model training. Pro Ultra customers may opt into a regional model with stricter data-residency guarantees.

6. How long we keep data

Booking records retain for 7 years per UK private-hire and Hackney licensing requirements. NTA Ireland SPSV bookings retain for the regulator-mandated period. Marketing leads are deleted within 24 months of the last interaction. Account data is deleted within 30 days of contract termination unless legal obligation requires longer retention.

7. Your rights

You have the right to:

  • Access your personal data (Article 15)
  • Rectify inaccurate data (Article 16)
  • Erase data (Article 17), subject to legal retention requirements
  • Restrict processing (Article 18)
  • Data portability (Article 20)
  • Object to processing (Article 21)
  • Lodge a complaint with the ICO (UK) or DPC (Ireland)

Email privacy@taxicloud.ai for any data subject access request. We respond within 30 days.

8. Security

See our security page for SOC 2 progress, ISO 27001 mapping, encryption posture (TLS 1.3 in transit, AWS KMS at rest), MFA enforcement, and incident response SLAs.

9. Changes to this policy

Material changes are notified to customers 30 days in advance via email. The effective date at the top of this page is updated on every revision.

Ready when you are

Dispatch on autopilot.

14-day free trial. No card. Cancel anytime.

47 fleets joined this month · Talk to sales