Privacy Policy

MOVA is a vehicle rental and car-sharing platform that allows customers to book cars in two ways — through official rental operators (yellow number plate / commercially registered vehicles) and through peer-to-peer car sharing (white number plate / private vehicles listed by individual owners).

This policy explains what personal information we collect from you as a customer, how we use it, and how we protect it — including all device permissions used by the MOVA app. This policy complies with the Information Technology Act 2000, IT (SPDI) Rules 2011, the Digital Personal Data Protection Act 2023, and the Motor Vehicles Act 1988.

When you create an account or make a booking, we collect:

• Full Name
• Phone Number
• Email Address

Used for account creation, OTP login, booking confirmations, and customer support.

Since you are renting and driving a vehicle, we collect:

• Driving Licence — to verify you are legally eligible to drive the rented or shared vehicle
• Government-issued ID (Aadhaar or equivalent) — to verify your identity before any booking is confirmed

Permissions used: ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, ACCESS_MEDIA_LOCATION

During your rental or car-sharing trip we collect:

• Real-time GPS location — only during an active trip
• Pickup and drop-off locations
• Trip history

Used for navigation, pricing calculation, safety monitoring, and dispute resolution.

We do not track your location in the background when you are not on an active trip. During an active trip, MOVA runs a foreground service (visible as a persistent notification) to maintain real-time GPS and send safety alerts. This service stops automatically when your trip ends.

For car-sharing trips specifically, your real-time location during the trip may be visible to the vehicle owner through the MOVA platform for safety and trip coordination purposes. This happens only during the active trip and only with your consent at the time of booking.

For commercially registered rental vehicles (yellow board), trip location data may be shared with transport authorities such as the Regional Transport Office (RTO) when required under the Motor Vehicles Act 1988.

Permissions used: CAMERA, READ_EXTERNAL_STORAGE, READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, READ_MEDIA_AUDIO, READ_MEDIA_VISUAL_USER_SELECTED, WRITE_EXTERNAL_STORAGE, ACCESS_MEDIA_LOCATION

We request camera and media access for:

• Capturing your driving licence and ID documents during KYC verification
• Taking photos of vehicle condition at pickup and drop-off (mandatory for car-sharing trips, optional for regular rentals)
• Uploading documents or trip-related images from your gallery
• Downloading booking receipts or invoices to your device storage

For car-sharing trips, vehicle condition photos taken at the start and end of your trip are stored on MOVA’s servers for 90 days after the trip for dispute resolution purposes.

On Android 13 and above, we use the selective photo picker (READ_MEDIA_VISUAL_USER_SELECTED) which lets you choose specific photos to share without granting access to your entire gallery.

Permissions used: RECORD_AUDIO, MODIFY_AUDIO_SETTINGS

We request microphone access to enable:

• In-app voice-based customer support or help features
• In-app masked voice calling between you and the vehicle owner for car-sharing trips

Audio is not recorded or stored on MOVA servers without your explicit action. If you do not use voice or calling features, the microphone is never activated.

Permissions used: READ_CONTACTS, WRITE_CONTACTS

We access your phone contacts solely for:

• Adding or saving an emergency contact for your trip
• Enabling you to share trip details or a live trip link with a trusted contact of your choice

We do not upload your full contact list to our servers. Contact data is used only for the specific feature you trigger and is not retained beyond that session. We do not use your contacts for marketing or advertising purposes.

Permissions used: READ_PHONE_STATE, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE, INTERNET

We collect limited device and network information including:

• Device model and operating system version
• Network connectivity status (mobile data or Wi-Fi)

Used for fraud prevention, device authentication, ensuring app stability, and optimising the app experience. We do not collect your IMEI or SIM-level identifiers for marketing purposes.

Permissions used: POST_NOTIFICATIONS, VIBRATE, WAKE_LOCK, RECEIVE_BOOT_COMPLETED

We use these permissions to:

• Send you booking confirmations, trip alerts, and payment updates
• Vibrate your device for important trip or safety notifications
• Ensure notifications are delivered reliably even when the app is not open
• Start a lightweight notification service when your device boots so you never miss a booking alert

You can manage notification preferences at any time through your device settings or within the MOVA app.

Permissions used: FOREGROUND_SERVICE, FOREGROUND_SERVICE_MEDIA_PLAYBACK, WAKE_LOCK, RECEIVE_BOOT_COMPLETED

During an active rental or car-sharing trip, MOVA runs a foreground service visible as a persistent notification on your device. This service maintains real-time GPS tracking and delivers safety alerts for the duration of your trip only. The service stops automatically when your trip ends. No location data is collected outside of an active trip.

Permissions used: SYSTEM_ALERT_WINDOW

This permission allows MOVA to display important trip alerts or safety notifications over other apps on your screen during an active rental or car-sharing trip. Used only for time-sensitive information such as trip start confirmation, return reminders, or emergency alerts. Not used for advertising or unsolicited pop-ups.

Permissions used: com.google.android.c2dm.permission.RECEIVE

MOVA uses Firebase Cloud Messaging (FCM) to deliver push notifications for bookings, payments, and trip updates. Firebase is a Google service and operates under Google’s privacy policy. No personal data beyond a device token is shared with Firebase for this purpose.

Permissions used: Samsung, Huawei, Sony, OPPO, HTC and other launcher badge permissions

MOVA uses standard Android launcher badge permissions to display the count of unread notifications or booking alerts on the MOVA app icon across different Android device brands and launchers. No personal data is collected or transmitted through these permissions.

Permissions used: com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

This permission allows MOVA to detect how you discovered and installed the app — for example through a referral link or promotional campaign. No personal browsing data or unrelated app data is accessed through this permission.

When you make a payment for a rental or car-sharing booking, your payment is processed through Razorpay or Cashfree Payments, which are PCI-DSS compliant payment gateways operating under RBI regulations. MOVA does not store your card number, CVV, or UPI PIN. Only a payment confirmation reference is retained for your booking record.

When you book through MOVA’s peer-to-peer car-sharing feature (white number plate vehicles listed by private owners), the following additional points apply:

Data Shared with the Vehicle Owner

When you book a car-sharing vehicle, the vehicle owner will receive only your first name, booking details (pickup time, drop-off time, location), and trip status updates. Your full phone number, ID documents, and KYC data are never directly shared with the vehicle owner. All communication between you and the owner happens through MOVA’s in-app masked calling or chat feature.

Vehicle Condition Photos

At the start and end of every car-sharing trip, you will be required to photograph the vehicle’s condition using the MOVA app. These photos are stored on MOVA’s servers for 90 days after the trip end date and are used exclusively for dispute resolution between you and the vehicle owner.

Trip Data for Disputes

Your GPS trip data and trip duration records may be used to resolve disputes between you and the vehicle owner regarding mileage, trip duration, or vehicle condition. Only the relevant portion of trip data is shared with the owner and only in the context of an active, logged dispute.

Insurance

Car-sharing vehicles are privately owned. Insurance coverage may differ from commercially registered rental vehicles. MOVA verifies vehicle registration and insurance documents before listing any vehicle but recommends you review the vehicle’s insurance details in the app before confirming your booking.

Regulatory Note

Private vehicle car-sharing operates under applicable state transport authority rules in India. MOVA verifies vehicle registration and insurance at onboarding but is not responsible for the vehicle owner’s ongoing compliance with local regulations beyond the documents verified at listing.

We use your information to:

• Create and manage your MOVA account
• Verify your identity and driving eligibility before any rental or car-sharing booking
• Process your booking and send confirmations
• Enable GPS navigation and pricing during your trip
• Monitor trip safety and respond to emergencies
• Enable communication between you and the vehicle owner for car-sharing trips
• Resolve disputes related to your booking including vehicle condition and trip records
• Prevent fraud and misuse of the platform
• Send booking alerts, payment updates, and trip reminders
• Comply with Indian laws including the Motor Vehicles Act 1988 and Income Tax Act 1961

We do not sell your personal data to anyone. We share it only when necessary:

Under DPDPA 2023 and IT (SPDI) Rules 2011 you have the right to:

• Access: Request a copy of your personal data held by MOVA
• Correction: Request correction of inaccurate or outdated information
• Deletion: Request deletion of your account and data (subject to legal retention requirements)
• Withdraw Consent: Turn off non-essential data permissions anytime via app settings
• Grievance: Raise a complaint with our Grievance Officer
• Nominate: Nominate another person to exercise your rights in the event of your death or incapacity, as per DPDPA 2023

• All data in transit encrypted using TLS 1.2 or higher
• KYC documents encrypted at rest using AES-256
• Biometric data never transmitted to or stored on MOVA servers
• Access restricted to authorised MOVA staff on a need-to-know basis
• Regular security audits and vulnerability assessments conducted
• Data breach notification to affected users and authorities as required under DPDPA 2023

MOVA is available only to individuals aged 18 and above. A valid driving licence is required to rent or book any vehicle on the platform. We do not knowingly collect data from anyone under 18. If you believe a minor has used our platform, please contact us at privacy@mova.in and we will delete their data immediately.

By registering on and using MOVA, you provide free, specific, informed, and unambiguous consent to the collection and use of your personal data as described in this policy, in accordance with DPDPA 2023.

When we make material changes to this policy, we will notify you via in-app notification or email to your registered address. Continued use of MOVA after the effective date of any changes means you accept the updated policy.

This policy is governed by Indian law including the Information Technology Act 2000, IT (SPDI) Rules 2011, Digital Personal Data Protection Act 2023, and Motor Vehicles Act 1988. Any disputes are subject to the exclusive jurisdiction of competent courts in Hyderabad, Telangana, India. Users may also approach the Data Protection Board of India once operational under DPDPA 2023.