Legal · Privacy Policy

Privacy
Policy

Effective January 1, 2026 · Last updated February 2026

At Rylton, your privacy is not a checkbox — it's a commitment. This policy explains exactly what data we collect when you use our electric scooters, app, and website, and how we protect it.

01

Information We Collect

  • Account details: name, email, phone number, and password when you register.
  • Ride data: GPS location, route history, speed, and distance to operate your journeys.
  • Payment info: processed via PCI-compliant partners — we never store full card numbers.
  • Device data: device type, OS version, app version, and unique device identifiers.
  • Usage analytics: features used, screens visited, and session duration.
  • Support communications: any messages or feedback you send to our team.
02

How We Use Your Data

  • Operating, maintaining, and improving our scooter fleet and platform.
  • Processing payments and managing your subscription or ride credits.
  • Sending ride receipts, account alerts, and service updates.
  • Detecting and preventing fraud, unsafe riding, or misuse.
  • Optimizing scooter placement and fleet availability in your city.
  • Sending promotional offers — only with your explicit consent.
03

Data Sharing

  • Service Providers: payment processors and cloud infrastructure bound by strict data agreements.
  • City Partners: aggregated, anonymized ride data for urban mobility planning only.
  • Legal Requirements: when compelled by valid court orders or applicable law.
  • Business Transfers: you'll be notified and given options before any acquisition-related change.
04

Your Rights

  • Access: request a copy of all data we hold about you.
  • Correction: update inaccurate or incomplete information at any time.
  • Deletion: request erasure of your data, subject to legal retention obligations.
  • Portability: receive your data in a structured, machine-readable format.
  • Withdraw Consent: where processing is consent-based, withdraw it at any time.
05

Security

  • AES-256 encryption at rest; TLS 1.3 for all data in transit.
  • Role-based access controls limiting employee access to personal data.
  • Regular third-party penetration testing and security audits.
  • Breach notification within 72 hours where legally required.
Privacy Team

Questions, access requests, or concerns about your data.

rylton89@gmail.com
Data Protection Officer

For formal data protection inquiries and GDPR matters.

rylton89@gmail.com

We respond within 30 days. Your data, your rights.