Driver App Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you create an account and use the App, you may provide the following personal information:

• Identity Information: Full name, email address, phone number, and mailing address (city, state, zip code)
• Driver Credentials: Driver's license number, license expiration date, and license class
• Tax and Employment Information: Social Security Number (SSN) or Tax Identification Number (Tax ID), collected solely for employment verification and tax compliance purposes
• Emergency Contact: Name, phone number, and relationship of your designated emergency contact
• Profile Photo: A photograph of yourself for identification purposes

1.2 Information Collected Automatically

When you use the App, we automatically collect certain information from your device:

• Location Data: GPS coordinates, accuracy, heading, and speed. Location is collected in both the foreground and background only while you are on an active shift. Location tracking stops when you clock out or end your shift.
• Device Information: Device type, operating system, and push notification tokens used to deliver notifications to your device
• Presence Data: Online/offline status transmitted via periodic heartbeat signals (approximately every 30 seconds) during active use of the App

1.3 Activity and Operational Data

As part of your use of the App for NEMT service delivery, we collect:

• Trip Details: Pickup and drop-off addresses and coordinates, trip timestamps, mileage, and passenger medical transport requirements (including wheelchair needs, oxygen requirements, infectious disease status, weight, and date of birth)
• Shift Data: Clock-in and clock-out times, break durations, total hours worked, and overtime records
• Vehicle Inspection Data: Photographs of vehicle exterior and interior (up to six photos per inspection), as well as any damage reports
• Incident Reports: Descriptions, photographs, and other details related to accidents, vehicle issues, or passenger incidents
• Communications: Team chat messages and attachments sent through the App
• Voice Calls: Metadata from WebRTC peer-to-peer audio calls made through the App. Voice calls may be recorded for quality assurance and compliance purposes

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Operations: To facilitate trip assignments, dispatch, navigation, and real-time coordination of NEMT services
• Account Management: To create and manage your driver account, verify your identity, and authenticate your access
• Workforce Management: To track shifts, breaks, hours worked, and overtime for payroll and labor compliance
• Safety and Compliance: To maintain vehicle inspection records, process incident reports, and ensure regulatory compliance
• Communication: To enable in-app messaging and voice calls between drivers, dispatchers, and coordinators
• Location Services: To provide real-time location tracking during active shifts for dispatch optimization and trip coordination
• Tax and Legal Compliance: To fulfill employment verification, tax reporting, and other legal obligations
• Service Improvement: To improve the App, our services, and the overall driver experience

3. Protected Health Information (PHI) and HIPAA

In the course of providing non-emergency medical transportation, the App may process limited passenger health-related information, including medical transport requirements (such as wheelchair needs, oxygen requirements, infectious disease status, weight, and date of birth). This information is provided by transportation coordinators and healthcare facilities to ensure safe and appropriate transport.

Nemtify is committed to handling all health-related information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state regulations. As a driver, you are required to protect the confidentiality of any passenger medical information you access through the App and to use such information solely for the purpose of providing transportation services.

We implement administrative, technical, and physical safeguards to protect health-related information processed through the App, including encrypted data transmission, access controls, and audit logging.

4. Location Tracking

The App collects GPS location data, including coordinates, accuracy, heading, and speed. Location tracking operates in both the foreground and background of your device.

Location tracking is active only during your shifts. When you clock in and begin a shift, location tracking activates automatically. When you clock out or end your shift, location tracking stops. We do not track your location outside of active shift hours.

Location data is used for dispatch coordination, trip tracking, navigation, and ensuring service accountability. You may be required to grant location permissions to use the App during shifts.

5. Data Sharing and Disclosure

We may share your personal information with the following parties:

• Transportation Coordinators and Dispatchers: To facilitate trip assignments, communication, and service coordination
• Healthcare Facilities: As required for passenger pickup, drop-off, and transport verification
• Insurance Providers: As necessary for claims processing, incident reporting, and coverage verification
• Legal and Regulatory Authorities: When required by law, regulation, or legal process, or to protect the rights, safety, or property of Nemtify, our users, or the public
• Service Providers: Third-party vendors who assist in operating the App and delivering services (see Section 6 below)

We do not sell your personal information to third parties.

6. Third-Party Services

The App uses the following third-party services to deliver its functionality:

• Supabase: Provides database hosting, user authentication, file storage, and real-time data synchronization
• Google Maps API: Provides mapping, geocoding, and location-based navigation services
• Twilio: Provides TURN server credentials to facilitate WebRTC-based voice calls within the App
• Expo Push Notifications: Delivers push notifications to your device

These third-party services may process your data in accordance with their own privacy policies. We select service providers that maintain appropriate security standards and contractual protections for your data.

We do not use third-party analytics, advertising, or crash reporting services within the App.

7. Data Security

We take the security of your personal information seriously and implement industry-standard measures to protect it, including:

• All data transmitted between the App and our servers is encrypted using TLS (Transport Layer Security)
• Sensitive data such as SSN/Tax ID is encrypted at rest in our database
• Photographs (vehicle inspections, incidents, profile photos) are stored in secure cloud storage with access scoped to your workspace and driver profile
• Authentication is managed through secure, token-based sessions
• Access to personal and health-related data is restricted based on role and need-to-know principles
• Voice calls use encrypted WebRTC peer-to-peer connections

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining reasonable and appropriate safeguards.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

• Account Data: Retained for the duration of your active account and for a reasonable period after account deactivation to comply with legal and business obligations
• Trip and Shift Records: Retained as required by transportation regulations and business record-keeping requirements, typically for a minimum of three (3) years
• Tax and Employment Records: Retained as required by federal and state tax laws, typically for a minimum of seven (7) years
• Vehicle Inspection and Incident Records: Retained as required by regulatory and insurance obligations
• Location Data: Retained for operational and compliance purposes and deleted in accordance with our data retention schedule
• Communications: Chat messages and call records are retained for a reasonable period for service and compliance purposes

When personal information is no longer required, we securely delete or anonymize it in accordance with our data retention policies.

9. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you
• Correction: You may request that we correct inaccurate or incomplete personal information
• Deletion: You may request that we delete your personal information, subject to legal and regulatory retention requirements
• Portability: You may request a copy of your data in a structured, commonly used format
• Opt-Out of Communications: You may opt out of non-essential communications at any time

To exercise any of these rights, please contact us at legal@nemtify.com. We will respond to your request within thirty (30) days, or as required by applicable law.

Please note that certain data may be exempt from deletion requests due to legal, regulatory, or contractual obligations (such as tax records and transportation compliance records).

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
• Right to Correct: You have the right to request correction of inaccurate personal information
• Right to Opt-Out of Sale: We do not sell your personal information. If this practice changes, we will provide a "Do Not Sell My Personal Information" mechanism
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To submit a CCPA request, contact us at legal@nemtify.com. We may need to verify your identity before processing your request.

11. Children's Privacy

The Nemtify Driver App is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a minor, we will take steps to delete such information promptly. If you believe that a minor has provided us with personal information, please contact us at legal@nemtify.com.

12. Cookies and Web Technologies

The Nemtify Driver App is a native mobile application and does not use cookies. If you access any Nemtify web-based services (such as nemtify.com), please refer to our Website Privacy Policy for information about cookies and web tracking technologies used on our website.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you through the App or by other appropriate means before the changes take effect. Your continued use of the App after the effective date of any updated policy constitutes your acceptance of the revised terms.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Nemtify LLC

Email: legal@nemtify.com

Website: nemtify.com