Privacy

Privacy Policy

How Voder (Transolux Transport) collects, uses, stores, shares, and protects your personal data. Prepared in compliance with the DPDP Act 2023, IT Act 2000, MSMED Act 2006, and Consumer Protection Act 2019.

Version1.0
Effective5 June 2026
Governed byRepublic of India
Your data, treated with care
We collect only what's needed to run the service safely, never sell your data, and give you full control to access, correct, or delete it under the DPDP Act 2023.
01

Introduction

Transolux Transport (operating the Voder platform — “Voder”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use the Voder mobile application, website, and related services.

This Policy applies to all Platform users — Customers and Drivers — and has been prepared in compliance with:

  • Digital Personal Data Protection Act, 2023 (DPDP Act)
  • Information Technology Act, 2000 and IT (SPDI) Rules, 2011
  • Micro, Small and Medium Enterprises Development Act, 2006
  • Consumer Protection Act, 2019
  • Payment and Settlement Systems Act, 2007
02

Definitions

TermMeaning
Personal DataAny information that identifies or can identify a natural person, directly or indirectly
Sensitive Personal Data (SPDI)Passwords, financial information, biometric data, and other data specified under IT (SPDI) Rules, 2011
Data PrincipalThe natural person to whom the personal data relates (i.e. you, the user)
Data FiduciaryTransolux Transport (Voder), which determines the purpose and means of processing your personal data
ProcessingAny operation on personal data including collection, storage, use, sharing, or deletion
MSMEA Micro, Small or Medium Enterprise as defined and registered under the MSMED Act, 2006
03

Personal Data We Collect

From customers

CategoryData collected
IdentityFull name, profile photograph
ContactMobile phone number (OTP-verified), email address (optional)
LocationPickup address, drop-off address, saved addresses (max 5), real-time GPS during active trips
Package detailsDescription, weight, dimensions, fragility flag, special instructions
PaymentPayment method preference; transactions processed by Razorpay / PhonePe (card numbers never stored by Voder)
Emergency contactsName, phone, relationship of up to 3 emergency contacts (SOS feature only)
BehaviouralTrip history, ratings given, reviews written, support tickets raised
Consent recordsTimestamped logs of consents granted or revoked, with policy version reference

Additional from drivers

CategoryData collected
Government documentsDriving licence (number, expiry), Vehicle RC, Vehicle insurance, PAN card; Aadhaar (optional)
Vehicle informationRegistration number, make, model, year, colour, vehicle type/category
Banking detailsBank account number, IFSC code, account holder name (for payout via Razorpay Route)
Real-time locationGPS coordinates, bearing, speed transmitted every 15 seconds while in 'Online' mode
Date of birthFor age and licence-category verification
Performance metricsAcceptance rate, completion rate, average rating, cancellation history

Aadhaar is collected only with the Driver's voluntary consent and is not mandatory for Platform access where alternative legally valid identity documents are available.

Collected automatically

CategoryData collected
Device informationDevice type (iOS / Android), model, OS version
App metadataApp version, Firebase Cloud Messaging (FCM) token
Network dataIP address at login or API access
Usage dataSession timestamps, screen navigation patterns, feature interactions
Location metadataGPS coordinates, bearing, speed (Drivers while online; Customers during active trips only)

Proof of delivery & SOS data

  • POD: delivery photo, recipient digital signature, OTP confirmation log, GPS coordinates and timestamp at delivery moment
  • SOS: incident record with timestamp, GPS, and trip reference; optional audio recording if microphone permission is granted; SMS to nominated emergency contacts
Audio recordings from SOS incidents are retained for 90 days, or longer if part of an active investigation, and treated as high-sensitivity personal data with enhanced security protections.
04

How We Use Your Personal Data

Service delivery

  • Creating and managing your account; verifying identity and (for Drivers) verifying documents
  • Matching Customers with nearby available Drivers via the dispatch algorithm
  • Enabling real-time GPS tracking between Customer and Driver during active trips
  • Processing payments, issuing GST-compliant receipts and invoices, managing Driver payouts
  • Enabling COD reconciliation and Driver earnings ledger management

Safety & security

  • Operating the SOS emergency feature and notifying emergency contacts
  • Preventing fraud, misuse, and unauthorised account access
  • Verifying Driver documents to ensure public safety

Legal & regulatory compliance

  • Complying with DPDP Act 2023, MSMED Act 2006, IT Act 2000, GST Act 2017, and all applicable Indian laws
  • Retaining financial and transaction records as required by Indian law (7 years)
  • Responding to valid lawful requests from government authorities or courts
  • Resolving insurance claims, disputes, and consumer complaints

Communication

  • Sending OTP for authentication
  • Sending trip confirmations, payment receipts, and status notifications
  • Responding to support queries, disputes, and insurance claims
  • Sending promotional offers (only with explicit opt-in consent)
05

Location Data — Special Notice

Location data is essential to the functioning of the Platform and is treated with heightened care as it may constitute Sensitive Personal Data under the IT (SPDI) Rules, 2011.

Customers

  • Location accessed only when you explicitly tap 'Use My Current Location' at booking
  • Platform does not track your location continuously in the background
  • Pickup/drop coordinates shared with your assigned Driver for navigation only

Drivers

  • Location tracked every 15 seconds while in 'Online' mode — essential for dispatch and customer tracking
  • Cached temporarily in Redis (30-second TTL) and stored in the trip tracking database for completed trips
  • Going 'Offline' stops continuous location tracking immediately

Trip sharing

  • 'Share Trip' generates a time-limited link showing Driver's live location — phone number, saved addresses, and payment details are never exposed
  • Links auto-expire 6 hours after trip completion and can be manually revoked
  • Only share with trusted recipients
06

How We Share Your Personal Data

We don't sell your data
We do not sell, rent, or trade your personal data to third parties for marketing. Data is shared only as described in this Section.

Between customers and drivers

RecipientData shared
Customer seesDriver name, profile photo, vehicle number, make/model/colour, average star rating, phone number
Driver seesCustomer first name, pickup/drop address, package description, masked contact details (or in-app communication where feasible), special instructions

Third-party service providers

ProviderPurposeData shared
Razorpay / PhonePePayment processingTransaction amount, order ID, user reference
Google Maps / PlacesGeocoding, routing, autocompleteLocation coordinates, address strings
Firebase (FCM)Push notificationsDevice FCM token, notification payload
SMS GatewayOTP delivery, SOS alertsPhone number, message content
AWS S3Secure file storageDriver documents, POD photos, receipts
Razorpay RouteDriver payoutsDriver bank account, payout amount
Income Tax / TRACESTDS complianceTransaction amounts (via Form 16A only)

MSME-related disclosures

Where required under the MSMED Act, 2006, details of transactions with registered MSME vendors may be disclosed to the MSME Samadhaan portal in the context of a formal payment dispute. No personal data beyond what is mandated by law will be disclosed.

Legal disclosures

We may disclose personal data if required by applicable law, court order, or valid government direction, or to protect the safety and rights of Voder and our users.

07

Data Retention

CategoryRetention period
Active account profile and contact dataWhile the account is active
Trip records and receipts3 years after trip completion
Financial and transaction records7 years (Income Tax Act, 1961 and Companies Act, 2013)
GST tax invoices5 years (GST Act, 2017)
TDS certificates (Form 16A)7 years from the relevant assessment year
MSME vendor payment records7 years (MSMED Act compliance)
Driver documents (licence, RC, insurance, PAN)Duration of account + 1 year after closure
SOS audio recordings90 days, longer if under active investigation
Consent and audit logsMinimum 7 years (DPDP Act 2023)
Support tickets and dispute records3 years after closure
Deleted account data30-day soft-delete grace; hard-deleted thereafter except legally retained
08

Data Security

MeasureDescription
Encryption in transitAll communication secured via HTTPS / TLS 1.2+
Encryption at restSensitive data encrypted at database level; AWS S3 files use server-side encryption
AuthenticationJWT-based with OTP verification and secure refresh token mechanism
Access controlRole-based access control — staff access only data required for their role
Payment securityPCI-DSS compliant gateways; Voder does not store card numbers, CVVs, or UPI PINs
Rate limitingAPI rate-limiting to prevent brute-force attacks
Input sanitisationAll inputs validated and sanitised against SQL injection and XSS
Audit loggingAll administrative actions on personal data logged with timestamp and actor ID
Suspect compromise?
Contact us immediately at security@voderapp.com. In the event of a breach likely to cause harm, Voder will investigate, contain, and notify affected individuals and competent authorities as required by law.
09

Enterprise Business & MSME Data Compliance

MSME-registered enterprise customers

If you are a Micro, Small, or Medium Enterprise registered under the Udyam Registration portal, you may declare your MSME status during enterprise account setup. Voder collects and retains your Udyam Registration Number solely for GST-compliant invoicing, prioritising dispute resolution timelines, and any preferential commercial terms.

Your Udyam Registration Number is not shared with any third party except as required by law or for the purposes listed above.

Voder's MSMED Act obligations as a buyer

  • Payments to MSME suppliers will be made within 45 days of acceptance of goods or services
  • If payment is delayed beyond the statutory limit, Voder pays compound interest at three times the RBI bank rate
  • Outstanding dues to MSME vendors are disclosed in Voder's annual financial statements
10

Your Rights Under the DPDP Act 2023

Right to access (Section 11)

  • Profile → Privacy Settings → Export My Data
  • Export delivered as an encrypted ZIP file within 72 hours to your registered email
  • Download link valid for 48 hours and requires re-authentication
  • Maximum 2 export requests per calendar month, unless required by law

Right to correction (Section 12)

  • Edit profile fields directly in Profile → Edit Profile
  • For document corrections (Drivers), contact the Grievance Officer

Right to erasure / account deletion (Section 13)

  • Profile → Privacy Settings → Delete Account
  • 30-day soft-delete grace period allows recovery by logging in
  • Hard deletion after 30 days removes profile, contacts, photos, chat history, analytics
  • Excluded from deletion: financial records, tax invoices, data tied to active disputes or claims
  • Re-registration with same phone number blocked for 90 days after hard deletion

Right to withdraw consent (Section 6)

  • Profile → Privacy Settings → Consent Preferences
  • Optional consents (Marketing, Analytics) may be revoked any time
  • Required consents (Location, Terms, Privacy Policy): revocation triggers account deactivation

Right to grievance redressal

File a complaint with our Grievance Officer (see contact card below). Acknowledgement within 5 business days; resolution within 30 days.

12

Children's Privacy

The Voder Platform is strictly intended for individuals who are 18 years of age or older. We do not knowingly collect, store, or process personal data of any person under 18. If we become aware that personal data of a minor has been collected, we will take immediate steps to delete such data. Please notify us at grievance@voderapp.com if you believe a minor has registered.

13

Changes to This Privacy Policy

We may update this Policy from time to time. Material changes will be communicated via in-app push notification, in-app banner on next launch, and email (if provided). Your continued use of the Platform after the effective date constitutes acceptance. Where required by applicable law — including the DPDP Act 2023 — Voder will obtain fresh consent before processing personal data for materially different purposes.

14

Grievance Officer

In accordance with the DPDP Act 2023, IT Act 2000, and Consumer Protection Act 2019, Voder has appointed a Grievance Officer. Reach them using the contact card below.

If your grievance is unresolved within 30 days, you may escalate to the Data Protection Board of India once established under the DPDP Act 2023.
15

Contact Us

ChannelAddress
Privacy emailprivacy@voderapp.com
General supportsupport@voderapp.com
Security concernssecurity@voderapp.com
Finance / TDSfinance@voderapp.com
Grievance Officergrievance@voderapp.com
Phone+91 94830 20256
In-appProfile → Help & Support
Support hoursMonday – Saturday, 9:00 AM – 6:00 PM IST
Frequently asked

Quick answers to common questions

The full policy above is authoritative — these are the questions our support team hears the most.

For customers, the core data is:

  • Name, mobile number (OTP-verified), optional email
  • Pickup and drop addresses, saved addresses (max 5)
  • Real-time GPS only during active trips — never in the background
  • Payment method preference (card numbers are never stored by Voder — they go directly to Razorpay/PhonePe)
  • Trip history, ratings given, support tickets

Drivers additionally provide KYC documents (DL, RC, insurance, PAN) and banking details for payout. See Section 3 above for the full breakdown.

Grievance Officer — Data Protection

Kiran K V

Grievance Officer — Data Protection · Transolux Transport

Appointed under the DPDP Act 2023, IT Act 2000, and Consumer Protection Act 2019. Contact for data access, correction, deletion, breach concerns, or any privacy-related complaint.

Emailgrievance@voderapp.comPhone+91 94830 20256
Working hoursMonday – Friday, 9:00 AM – 6:00 PM IST
Response SLAAcknowledge 5 days · Resolve 30 days
2nd Floor, No. 971/2, Andanur Rajesh Building, 1st Cross, 1st Main, KTJ Nagar, Near Ambedkar Circle, Davanagere, Karnataka — 577001, India