๐ Privacy & GDPR
Privacy Policy
Last updated: 1 March 2026 ยท GDPR compliant ยท Applies to all users in the EU and EEA
Plain language summary: We collect the personal data needed to provide our services, keep the platform safe, and improve your experience. We never sell your data. You have full control โ access, correct, delete, or export it anytime.
1. Who We Are
Discovia Lda. is the data controller responsible for processing your personal data. We are registered in Portugal (PT-509 823 411) and our registered office is in Lisbon.
Our Data Protection Officer (DPO) can be contacted at: dpo@discovia.com
2. Data We Collect
We collect personal data in the following categories:
- Account data: Name, email, phone number, password (hashed), profile photo, nationality, preferred language and currency.
- Booking data: Service selections, dates, locations, passenger counts, special requests.
- Payment data: Processed by our payment provider. We do not store full card numbers.
- Identity verification (partners/drivers): Government ID, driving licence, business registration documents.
- Usage data: Pages visited, searches, feature usage, device type, browser, IP address (anonymised after 30 days).
- Location data: With your consent, for live ride tracking and nearby service discovery.
- Communications: Support tickets, reviews, feedback.
3. How We Use Your Data
- To create and manage your account
- To process bookings and payments
- To provide customer support
- To send booking confirmations, trip reminders, and service notifications
- To personalise travel recommendations via our AI engine
- To detect and prevent fraud or security breaches
- To comply with legal obligations
- To improve our platform (using aggregated, anonymised analytics)
4. Legal Basis for Processing
We process your data under the following GDPR legal bases:
- Contract performance: To fulfil your bookings and provide our services.
- Legitimate interests: For fraud prevention, security, and platform improvement.
- Legal obligation: Where required by law (e.g. tax records).
- Consent: For marketing communications and optional location data. You may withdraw consent at any time.
5. Data Sharing
We share your data only when necessary:
- With service partners: The minimum data needed to fulfil your booking (name, contact, booking details).
- With payment processors: For secure transaction processing.
- With mapping and notification providers: For real-time tracking and push notifications.
- With legal authorities: Only when required by law.
๐ซ We never sell your personal data to advertisers, data brokers, or any third party for commercial purposes.
6. Your Rights (GDPR)
As a data subject in the EU/EEA, you have the following rights:
- Access: Request a copy of all personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): Request deletion of your data.
- Restriction: Limit how we process your data in certain circumstances.
- Portability: Receive your data in a machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: For any consent-based processing, at any time.
To exercise any right, contact our DPO at dpo@discovia.com. We respond within 30 days. You may also lodge a complaint with the Portuguese data protection authority (CNPD) at www.cnpd.pt.
8. Contact Our DPO
For any privacy-related questions, data subject requests, or to report a concern, contact our Data Protection Officer directly at dpo@discovia.com. Postal: Discovia Lda., DPO Office, Rua Augusta 22, 1100-053 Lisboa, Portugal.