1. Introduction
GayaRentals ("we", "our", "us") operates https://gayarentals.com. This Privacy Policy explains what information we collect from users of our cab booking website and services, why we collect it, and how we use, store and protect it. By using the site or booking a ride, you consent to this policy.
2. Information we collect
We collect information you provide directly, such as: full name, phone number, email address (optional), pickup and drop locations, travel date and time, passenger count, notes and preferences. When you verify your phone we receive an OTP session identifier. If you use our payment options we receive a UTR/transaction reference (we do not store card details). We also collect basic technical data automatically — IP address, browser type, referring page, and pages viewed — for site security and performance.
3. How we use your information
We use the information to confirm and dispatch your booking, communicate with you by phone, WhatsApp or email about your trip, send you booking receipts and invoices, verify your phone number via SMS OTP, prevent abuse and fraud, and improve our services. We do not sell or rent your personal information to advertisers.
4. Cookies and analytics
We use essential cookies to keep you signed in on the admin dashboard and remember minor preferences. We may use standard analytics (Google Analytics or similar) to understand aggregate usage patterns. You can disable non-essential cookies in your browser settings — this will not affect your ability to book a ride.
5. Third-party services
To operate our service we share the minimum data required with the following processors: Google Maps (pickup/drop location handling), 2Factor.in (SMS OTP delivery), Resend (transactional email delivery), MongoDB Atlas / our hosting provider (secure database storage), and — once enabled — Paytm Payment Gateway (secure payment processing). Each of these providers is contractually bound to protect your information.
6. Data storage and security
Your data is stored in encrypted-at-rest MongoDB clusters hosted in India. Passwords are hashed with bcrypt. Auth tokens are signed with a private JWT secret and transmitted only over HTTPS. Access to booking data is restricted to authorised staff via password-protected admin login with brute-force lockout.
7. Data retention
Booking records are retained for 3 years for accounting and dispute resolution. Contact-form messages are retained for 1 year. You may request earlier deletion by writing to us (see section 10). We anonymise personal data when it is no longer required for the purposes above.
8. Your rights
You have the right to: (a) access the personal information we hold about you, (b) request correction of inaccurate data, (c) request deletion or anonymisation subject to legal record-keeping requirements, (d) withdraw consent at any time, and (e) opt out of promotional messages. To exercise any of these rights please email us with proof of identity.
9. Children's privacy
Our services are not intended for children under 18. We do not knowingly collect personal information from minors. If you believe a child has provided us data, please contact us and we will delete it promptly.
10. Contact us
For any privacy question, correction or deletion request, contact nnilmani000@gmail.com or call +91 91531 36744. Address: Gaya, Bihar 823001, India.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be highlighted at the top of the page. The "Last updated" date reflects the most recent revision.