Privacy & Security

Privacy Policy

Last Updated: April 14, 2026

This document is an electronic record in the form of an electronic contract formed under the Information Technology Act, 2000 and rules made thereunder and the amended provisions pertaining to electronic documents/records in various statutes as amended by the Information Technology Act, 2000 and does not require any physical, electronic or digital signature.

This document is a legally binding document that will be effective upon your acceptance of the same (directly or indirectly in electronic form or by means of an electronic record) and will lay out the privacy policy which governs the processing of the user’s data in the process of availing the Guvala services offered through website/mobile application under the name and style of ‘Guvala’ (“Application”).

1. Introduction

1.1. GUVALA VENTURES PRIVATE LIMITED (CIN: U77100KA2026PTC215992) is a company incorporated under the provisions of the Companies Act, 2013, having its registered office at G.K. Reddy Mansions, No. 653/623/1, 2nd Stage, Vinayakanagar, Kudlu (V), Sarjapura (H), Bengaluru - 562125 (hereinafter referred to as “Guvala”, "We", "Us" or "Our") and owns and operates the website available at guvala.co.in (the “Site”) and its application (the “App”) (collectively, the “Platform”).

1.2. To deliver a safe, reliable, and seamless experience on the Platform, We collect and use various categories of personal data from users interacting with our Platform, Services or Vehicles (“You”, “Your”, “User”). The types of data we collect to operate and improve our services efficiently and securely in compliance with applicable laws, including the Information Technology Act, 2000 (the “IT Act”) and the Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and the reasons for such collection are detailed below

1.3. By visiting or using the Platform, providing your information, or availing of any service, you expressly agree to the terms of this Privacy Policy, along with our Terms and Conditions and other policies available on the Platform.

2. Definitions

For the purposes of this Privacy Policy:

2.1.1. Account
means a unique account created for You to access Our Service or parts of Our Service.
2.1.2. Cookies
are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website.
2.1.3. Data
means a representation of information, facts, concepts, opinions or instructions in a manner suitable for communication, interpretation or processing by human beings or by automated beings.
2.1.4. Device
means any device that can access the Service such as a compute, a mobile phone or a digital tablet.
2.1.5. Personal Data
means any data about an individual who is identifiable by or in relation to such data.
2.1.6. Personal Data Breach
means any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to Personal Data, that comprises the confidentiality, integrity or availability of Personal Data.
2.1.7. Sale
means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Your personal information to another business or a third party for monetary or other valuable consideration.
2.1.8. Services
provided by Guvala are composed of the following: (i) Vehicles rented by the User; (ii) Vehicles parking locations which may be the same or different; and (iii) all other related equipment, personnel, charging stations for Vehicles, Application, website, and information provided or made available by Guvala.
2.1.9. Usage Data
refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
2.1.10. Vehicles
means the self-drive vehicle on the Application for rent/hire, which is reserved by the User for a specific period, as per the Terms of this Agreement and shall include (i) smart electric cars (ii) bike share smart bicycles; (iii) smart electric scooters; (iv) smart dockless electrical vehicle for easier and safer deliveries.

3. Collection of Data

3.1 We collect the following types of Personal Data when You create an Account, rent a Vehicle, update Your Account profile, contact customer support, participate in referrals or reward programs or otherwise engage with the Platform:

3.1.1. Identity and Contact Information:
Full name, gender, date of birth, postal address, email address, mobile number, and photograph.
3.1.2. Know Your Customer (“KYC”) mandated documents:
Aadhaar, Permanent Account Number (“PAN”), drigpsving licence, passport or other government approved identification or address proof documents.
3.1.3. Payment Data:
PAN, bank account details, UPI/credit/debit card details (as the case may be) and transaction history.
3.1.4. Miscellaneous:
Any other items of sensitive personal data or information, as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 enacted under the Information Technology Act, 2000.

3.2. You voluntarily consent to the collection and processing of Your Personal Data when You register on or use the Platform. Such usage shall be deemed as Your consent for the purposes specified under this Privacy Policy and the Terms and Conditions.

3.3. In certain cases, where additional permissions are required, Your explicit consent at the time of activation will be treated as valid consent under applicable laws.

3.4. When You access the Platform or use Our Services, Your Usage Data will automatically be collected. Usage Data may include information such as Your Device’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that You visit, time and date of Your visit, time spent on those pages, unique device identifiers and other diagnostic data.

3.5. When You access the Service by or through a mobile Device, We may collect certain information automatically, including but not limited to the type of mobile Device You use, Your mobile Device unique ID, the IP address of Your mobile Device, Your mobile operating system, the type of mobile Internet browser You use, unique Device identifiers and other diagnostic data.

3.6. We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of Our Service.

3.7. The other tracking technologies used are beacons, tags and scripts to collect and track information and to improve and analyse Our Service.

3.8. The Company may use Personal Data for the following services:

3.8.1. Account set-up, administration and verification.
3.8.2. Personalization of content, business information or user information.
3.8.3. For communication of new features, newsletters, feature usage guidance, compliance requirements, etc.
3.8.4. To provide accurate insights and additional value-added services.
3.8.5. Legal obligations and to meet internal audit requirements.
3.8.6. For the purpose of detecting, preventing and responding to security risks, fraud or any technical issues which can harm Our users or Guvala.

3.9. We may share Your personal data in the following situations:

3.9.1. For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Guvala’s assets, financing or acquisition of all or a portion of Our business to another company.
3.9.2. With affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honour this Policy.
3.9.3. With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.

3.10. No personal data shall be shared by the Company with any other third party not specified under this Policy without Your prior consent.

3.11. The Company may disclose Your Personal Data if the same is mandated by any law, statute, rule, regulation, judgement, decree or order, after giving You reasonable notice of the same.

3.12. While providing data at Our behest or for the purpose of availing Our Service, You agree to:

3.12.1. Not impersonate any other person while providing Your Personal Data.
3.12.2. Not suppress any material information while providing Your Personal Data.
3.12.3. Furnish only such information as is verifiably authentic.
3.12.4. Comply with all Applicable Laws.

4. Location Data and Trip Monitoring

4.1. We collect real-time location data (“Location Data”) during the course of active trips to ensure safe, transparent, and accountable trip experienc

4.2. Location tracking will occur through GPS Tracker-Based Tracking. The Vehicle rented by You will be equipped with a GPS device installed by us which will collect vehiclebased location data during the trip. These devices may collect:

4.2.1. Live Location and Route History: Captured for safety support, trip monitoring, theft recovery, and operational efficiency.
4.2.2. Vehicle Diagnostics: Includes ignition status and fault codes.
4.2.3. Driving Behaviour: Speed motions, braking, idling and acceleration to prevent misuse and improve User experience.
4.2.4. Tamper Alerts and Immobilizer Control: Detects interference with the device and, where required, initiates immobilization to enforce trip rules or assist in vehicle recovery.

4.3. Your Location Data will be used to:

4.3.1. Ensure safety and provide enhanced trip monitoring.
4.3.2. Help in detecting route deviation and locating the vehicle during delays or emergencies.
4.3.3. Assist in real-time roadside assistance, accident response, or recovery.
4.3.4. Verify return timelines and prevent misuse through anti-theft alerts.
4.3.5. Provide retrieval support in case of system failures or mobile app uninstalls

4.4. Location Data shall be securely stored for up to six (6) months in order to resolve posttrip disputes, incidents, or legal queries, after which it is automatically deleted. We may be required to retain some portions of this data under applicable laws for longer periods.

5. Third Party Sourced Data

5.1. Where permitted by law or where it is necessary for operations, to verify Your identity, validate documents, ensure regulatory compliance, and safeguard platform integrity, We may collect or supplement Your Personal Data from third-party sources in accordance with applicable laws. These third-party sources may include, without limitation:

5.1.1. Government and Regulatory Portals: We may retrieve information from publicly accessible government databases such as Unique Identification Authority of India (“UIDAI”) to validate identity and address information linked to Aadhaar, subject to applicable laws and User consent.
5.1.2. Public Legal and Law Enforcement Records: We may consult publicly disclosed traffic violation/challan portals, or consumer complaints if relevant to a rented Vehicle or associated legal risk.
5.1.3. Third-Party KYC, Insurance and Verification Services: We may partner with regulated and government-affiliated third-party service providers for KYC, document verification, driving license validation or biometric checks (if legally permitted and explicitly consented to by the User). These service providers are contractually bound to handle Your data securely and to process it only for the specified purpose.

6. Retention of Personal Data

6.1. We will retain Your Personal Data only for as long as it is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with Our legal obligations, resolve disputes, and enforce our legal agreements and policies.
6.2. Subject to the provisions of this Clause, You may decide to terminate your account with the Platform at any time, whereupon We shall cease processing of Your personal data.

7. Security

7.1. Guvala shall take all reasonable and appropriate measures to safeguard the security of Your Personal Data as mandated under applicable laws as well as industry best practices.

7.2. The measures implemented by Guvala to safeguard the security of Your Personal Data shall include, without limitation:

7.2.1. Data security measures including but not limited to encryption, obfuscation, masking and use of virtual tokens to represent data.
7.2.2. Strict security measures to guard computer resources used to store Your Personal Data.
7.2.3. Maintenance of logs of access attempts of Your Personal Data to enable detection of unauthorised access.
7.2.4. Appropriate technical, organisational and oversight measures to ensure effective observance of security safeguards.

7.3. You acknowledge and agree that no method of transmission over the Internet or method of electronic storage is completely secure and that despite all best efforts taken in this regard by Guvala, the absolute security of Your Personal Data cannot be guaranteed.

7.4. In the event of a Personal Data Breach, We shall give intimation of such breach to You and the Data Protection Board of India within an appropriate period of time.

8. Your Rights Under The DPDP Act

8.1. Guvala undertakes to respect the confidentiality of Your Personal Data and to ensure that You can exercise Your rights. You have the right under this Privacy Policy, and by law to:

8.1.1. Request access to Your Personal Data: You have the right to access, update or delete the information We have about You. Whenever made possible, You can access, update or request deletion of Your Personal Data directly within Your account settings. If You are unable to perform these actions by yourself, You may contact Us to assist You in this behalf.
8.1.2. Correct and erase Your Personal Data: You have the right to correction, completion, updating and erasure of your Personal Data. You may make a request in this behalf to Us and We will comply with the same unless otherwise prevented by any law for the time being in force.
8.1.3. Have grievances redressed: We shall provide you with a grievance redressal mechanism in the event that you are frustrated with the performance of Our obligations under this Policy and applicable law.
8.1.4. Withdraw Your consent: You have the right to withdraw Your consent from Us for using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service

8.2. We do not provide the Services to any individual below the age of sixteen (16), and below the age of eighteen (18) where the Services extend to use and rent of e-cars. We do not knowingly collect Personal Data from anyone below the age of sixteen (16). If We become aware that We have collected Personal Data from anyone below the age of sixteen (16) without parental consent, We shall immediately take steps to erase that information from our servers.

8.3. You may exercise Your rights of access, rectification, cancellation, etc. by contacting Us. We shall have a Grievance Redressal Mechanism in place to address your concerns.

8.4. In the event of any Personal Data Breach or breach on the part of the Company with respect to its obligations under this Policy or the law, or any infringement of Your rights under this Policy or the law, You have the right to make a complaint to the Data Protection Board of India

9. Data Protection Officer (DPO)

9.1. Guvala has appointed a dedicated Data Protection Officer (“DPO”) who shall be responsible for overseeing the Company’s data protection strategy and its implementation in compliance with applicable laws.

9.2. The DPO shall be responsible for the following:

9.2.1. Training of employees in data processing and data privacy compliance.
9.2.2. Regular audits to ensure compliance.
9.2.3. Monitoring implementation and effectiveness of data protection efforts within the Company.
9.2.4. Maintaining logs and records of all data processing activities, including purpose and necessity of all processing activities, which must be produced on request.
9.2.5. Interacting with Data Principals to address any questions raised by them about the processing of their Personal Data, their rights in this behalf and safeguards established by the Company for protection of Personal Data.

9.3. In case of any issue or grievance related to Your data privacy, please contact our DPO at privacy@guvala.in or +91 90000 00000 or write to our Data Protection Office at Guvala Technologies Pvt. Ltd., Bangalore, Karnataka, India – 560001.

10. Miscellaneous

10.1. Guvala shall not be held liable for any delay or failure in performing its obligations under this Privacy Policy if such delay or failure is caused by any Force Majeure Event. Force Majeure Event shall mean any event that is beyond the reasonable control of Guvala and shall include, without limitation, sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorised access to computer, computer system or computer network, computer crashes, breach of security and encryption (provided beyond reasonable commercial control of Guvala), power or electricity failure or unavailability of adequate power or electricity.

10.2. This Policy may be updated from time to time to reflect changes in Guvala’s services and policies. Any such change will be effective immediately upon the publishing of such revised Privacy Policy and such change will also be notified to you by email or by means of a notice prior to the change becoming effective. We encourage You to periodically review Our Website for the latest notices and policies.

Have Questions About Your Privacy?

If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager.

📧 privacy@guvala.in

📞 +91 90000 00000