Privacy Policy
When you use LEPRD, you trust us with your personal data. We’re committed to keeping that trust. That starts with helping you understand our privacy practices.
This notice describes the personal data (“data”) we collect, how it’s used and shared, and your choices regarding this data. We recommend that you read this, which highlights key points about our privacy practices.
Overview
SCOPE
This notice applies to users of LEPRD's services anywhere in the region it operates, including users of LEPRD’s apps, websites, features, or other services.
This notice describes how LEPRD and its affiliates collect and use data. This notice specifically applies to:
-
Riders: individuals who request or receive transportation and related services via their LEPRD account.
-
Drivers: individuals who provide transportation to Riders individually or through partner transportation companies.
All those subject to this notice are referred to as “users” in this notice.
Our privacy practices are subject to applicable laws in the places in which we operate. This means that we engage in the practices described in this notice in a particular region only if permitted under the laws of those places.
​
DATA CONTROLLER AND TRANSFER
Mham International for Information Technology (Abi Al Darda, Ar Rawdah, Riyadh 13213, KSA) is the data controller for the data collected in connection with the use of LEPRD's services in the Middle-East Economic Area and the entire MENA zone.
LEPRD operates, and processes personnel on a city basis where it is operational; wherever and whenever you travel, your data travels with you so we can offer you a seamless experience. We also respect your data protection rights whether you are in your home city or elsewhere.
This means that we may transfer personal data to cities other than your home city in order to provide our services in a different city at your request. We may also transfer personal data to another city if that is necessary to respond to a customer support request that you submitted outside your region. And trip/order histories may be accessed by users in another city after they have left the city where services were rendered. Because our services involve multiple users at the same time, limited personal data may be accessible to the other user in another city.
We do so in order to fulfill our agreements with all of our users or based on users’ instructions or prior consent, adequacy decisions for the relevant city, or other transfer mechanisms as may be available under applicable regional law.
We may also transfer data to other cities in order to respond to a request for personal data from a law enforcement agency. To provide additional safeguards to these data transfers, LEPRD applies a robust internal procedure for processing these requests. LEPRD only discloses personal data to law enforcement agencies in a manner that is consistent with the regulatory requirements of applicable laws, such as the Privacy and Data Protection Regulation (KSA GDPR).
To help provide equivalent data protection wherever you use our services, LEPRD has implemented the following measures across the regions it operates:
-
Policies and procedures to limit access to, and the processing of personal data for defined purposes
-
Specific training of personnel responsible for managing personal data
-
A government data access policy that refuses government access to data, except when disclosure is mandated by applicable laws including the KSA GDPR, there is an imminent risk of serious harm to individuals, or consent is obtained
-
Robust protection of data while it is in transit between LEPRD apps and our servers, and when the data is processed on our servers. This includes encryption and the use of pseudonymized data to help protect users' full identities against unauthorized disclosure.
For your convenience, the exercise of your data protection rights can be directed to LEPRD via any of the designated channels mentioned above and will be handled centrally on behalf of the relevant controller.
Data management
THE DATA WE COLLECT
LEPRD collects data:
-
Provided by users to LEPRD , such as during account creation
-
Created during the use of our services, such as location, app usage, and device data
-
From other sources, such as other users or account owners, business partners, vendors, insurance and financial solution providers, and governmental authorities
LEPRD collects the following data:
​
Data provided by users.
This includes:
-
User profile information: We collect data when users create or update their LEPRD accounts. This may include their name, email, phone number, login name and password, address, profile picture, payment or banking information (including related payment verification information), driver’s license, and other government-issued documents (which may include identification numbers as well as birth date, gender, and photo). This also includes vehicle or insurance information of drivers, emergency contact information, user settings, and evidence of health or fitness to provide services using the LEPRD apps.
-
Background check information (drivers): This includes information submitted during the driver in-person application processes, such as driver history or criminal record (where permitted by law), license status, known aliases, prior addresses, and right to work. This information may also be collected by an authorized vendor on LEPRD's behalf.
-
Identity verification photos: This includes photos of users (such as selfies) and/or their government-issued identifications (such as driver’s license, National ID, or passports). Please see the section titled “How we use personal data” for more information regarding how user photos are used for safety and security purposes, including identity verification.
-
Demographic data: We may collect demographic data about users, such as birth date/age, gender, or occupation, when required for certain LEPRD safety features that allow women users to set a preference to provide or receive services to/from other women (“Women Rider Preference”).
We may also infer demographic data from other data collected from users. For example, we may infer a user’s gender based on their first name to enable safety features, such as the Women Rider Preference, or to display personalized ads for third-party products or services. See the section titled “How we use personal data” below for more information.
We may also collect demographic data through user surveys.
-
User Content: We collect the data submitted by users when they contact LEPRD customer support to provide ratings or feedback for other users or otherwise contact LEPRD . This may include photographs, or audio or video recordings submitted by users in connection with a customer support request. This also includes metadata relating to the method you use to communicate with LEPRD .
​
Data created during the use of our services.
This includes:
-
Location data (driver): We collect precise or approximate location data from drivers’ mobile devices when the LEPRD app is running in the foreground (app open and on-screen) or background (app open but not on-screen).
-
Location data (riders and order recipients). We collect precise or approximate location information from riders’ mobile devices if they enable us to do so via their device settings.
LEPRD collects such data from the time a ride is requested until it is finished, and any time the app is running in the foreground (app open and on-screen).
Riders may use the LEPRD apps without enabling the collection of location data from their mobile devices. However, this may affect certain features in the LEPRD apps. For example, a rider who has not enabled precise location data will have to manually enter their pickup address.
In addition, precise location data collected from a driver’s device during a trip is linked to the rider’s account, even if the rider has not enabled precise location data to be collected from their device. This data is used for purposes such as receipt generation, customer support, fraud detection, insurance, and litigation.
-
Transaction information: We collect transaction information related to the use of our services, including the type of services requested or provided; trip or order details (such as date and time, requested pick-up and drop-off addresses, distance traveled); and payment transaction information (amount charged, and payment method). We also associate a user’s name with that of anyone who uses their promotion code.
-
Usage data: We collect data about how users interact with our services. This includes access dates and times, app features or pages viewed, browser type, app crashes, and other system activity.
-
Device data: We collect data about the devices used to access our services, including the hardware models, device IP address or other unique device identifiers, operating systems and versions, software, preferred languages, advertising identifiers, device motion data, and mobile network data.
-
Communications data: We collect data regarding phone, text, or in-app communications between users that are enabled through LEPRD's apps. This includes the date and time, as well as the content of the in-app messages. We may also collect the content of phone calls solely where users are notified in advance that the call may be recorded.
​
Data from other sources.
These include:
-
Users participating in our referral programs. For example, when a user refers another person, we receive the referred person’s data from that user.
-
LEPRD account owners who request services for or on behalf of other users (such as friends or family members), or who enable other users to request or receive services through their business accounts.
-
Users or others providing information in connection with claims or disputes.
-
LEPRD business partners through which users create or access their LEPRD accounts, such as payment providers, social media services, or apps or websites that use LEPRD's APIs or whose APIs LEPRD uses.
-
LEPRD business partners in connection with debit or credit cards issued by a financial institution in partnership with LEPRD to the extent disclosed in the terms and conditions for the card.
-
Vendors who help us verify users’ identity, background information, and eligibility to work, or who screen users in connection with sanctions, anti-money laundering, or know-your-customer requirements.
-
Insurance, vehicle, or financial services providers for drivers.
-
Partner transportation companies (for drivers who use our services through an account associated with such a company).
-
Publicly available sources.
-
Marketing service providers or data resellers whose data LEPRD uses for marketing or research.
​
HOW WE USE PERSONAL DATA
LEPRD uses data to enable reliable and convenient transportation, delivery, and other products and services. We also use such data:
-
To enhance the safety and security of our users and services
-
For customer support
-
For research and development
-
To enable communications between users
-
For marketing and advertising
-
To send non-marketing communications to users
-
In connection with legal proceedings
LEPRD does not sell or share user data with third parties for purposes of their direct marketing, except with users’ consent.
We use the data we collect:
​
To provide our services. LEPRD uses data to provide, personalize, maintain, and improve our services.
This includes using data to:
-
Create/update accounts.
-
Enable transportation, and other services/features, such as:
-
Using location data to navigate rider pick-ups, calculate ETAs, and track the progress of rides.
-
Features that involve data sharing, such as sharing the driver’s first name and vehicle information with riders to facilitate pick-ups, user profile and trip details for ETA, and user ratings and compliments.
-
Match available drivers to users requesting services. Users can be matched based on availability, location/proximity, user settings/preferences, and other factors such as the likelihood to accept a trip based on their past behavior or preferences.
-
Features that facilitate the use of our services by those with disabilities.
-
Features that involve account linking, such as linking of email to create and linking of rewards programs to enable partnership benefits.
-
Enable dynamic pricing, in which the price of a ride, is determined based on factors such as estimated time and distance, predicted route, estimated traffic, and the current number of users requesting or providing services.
-
Process payments.
-
Personalize users’ accounts.
-
Facilitate insurance, vehicle, invoicing, or financing solutions.
-
Provide users with, generate receipts, and inform them of changes to our terms, services, or policies.
-
Perform necessary operations to maintain our services, including troubleshooting software bugs and operational problems.
LEPRD performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, or on the grounds that they are necessary for purposes of LEPRD's and its users’ legitimate interests.
​
Safety and security.
We use data to help maintain the safety, security, and integrity of our services and users. This includes:
-
Verifying users' identity and eligibility to provide transportation, including through reviews of background checks, to help prevent the use of our services by unsafe drivers.
-
Use the data from drivers’ devices to detect unsafe driving behavior such as speeding or harsh braking and acceleration, and to inform them of safer driving practices.
-
Using driver location information, and communications between riders and drivers, to identify cancellation fees earned or induced through fraud. For example, if we determine that a driver is delaying a rider pick-up in order to induce a cancellation, we will not charge the rider a cancellation fee and will adjust the amounts paid to the driver to omit such a fee. To object to such an adjustment, please contact LEPRD customer support.
-
Using the device, location, user profile, usage, and other data to prevent, detect, and combat other types of fraud. This includes identifying fraudulent accounts or uses of our services, preventing the use of our services by unauthorized drivers, verifying user identities in connection with certain payment methods, and preventing and combating unauthorized access to users’ accounts. In some cases, such as when a user is determined to be abusing LEPRD's referral program or has submitted fraudulent documents, such behavior may result in automatic deactivation. To object to such a deactivation, please contact LEPRD customer support.
-
Use user ratings, reported incidents, and other feedback to encourage compliance with our Community Guidelines and as grounds for deactivating users with low ratings or who otherwise violated such guidelines in certain regions. To object to such a deactivation, please contact LEPRD customer support.
-
Using driver data (such as location, ratings, and gender where legally permitted) and rider data (such as ratings, origin, and destination) to help avoid pairings of users that may result in an increased risk of conflict (for instance, because one user previously gave the other a one-star rating).
-
Sharing user name, location, phone number, vehicle details, and other relevant information with third-party companies that support the management and de-escalation of interpersonal conflicts that may occur between users while on a trip.
LEPRD performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, and/or for purposes of the legitimate safety and security interests of LEPRD , our users, and members of the general public.
​
Customer support.
LEPRD uses the information we collect (which may include call recordings at a later stage) to provide customer support, including investigating and addressing user concerns and monitoring and improving our customer support responses and processes.
LEPRD performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users or for purposes of LEPRD ’s legitimate interest in monitoring and improving its customer support services.
​
Research and development.
We use data for testing, research, analysis, product development, and machine learning to improve the user experience. This helps us make our services more convenient, enhance the safety and security of our services, and develop new services and features.
LEPRD performs the above activities on the grounds that they are necessary for purposes of LEPRD’s legitimate interests in improving and developing new services and features.
​
Enabling communications between users.
For example, a driver may message or call a rider to confirm a pick-up location or a rider may contact a driver to retrieve a lost item.
LEPRD performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users.
​
Marketing and Advertising.
LEPRD uses data (other than Guest Users’ data) to market its services and those of LEPRD partners. This may include:
-
Sending emails, text messages, push notifications, and in-app messages or other communications marketing or advertising of LEPRD products, services, features, offers, promotions, sweepstakes, news, and events. This may include using location, trip and order history, and usage data to send marketing communications that are personalized based on users’ observed or inferred interests and characteristics.
-
Displaying LEPRD advertising on third-party apps or websites. This includes using location, trip and order history, and usage data, and sharing hashed email addresses and device or user identifiers with advertising partners (such as Facebook, Maalik, Snapchat, Instagram, and TikTok), to personalize such ads to users’ interests.
-
Displaying third-party advertising in LEPRD's apps or in connection with our services. This also includes ads for other third-party products or services that are personalized based on users’ observed or inferred interests and characteristics, which we determine using data such as approximate location, trip information and history, usage data, demographic data (which may include inferred gender), and device or user identifiers. This also includes ads that are personalized based on data about the current trip, including the time of request and services requested. For example, if a user requests a trip to a supermarket, we may display in-app ads for third-party products that may be available at that supermarket. In the current version, these Ads are not displayed, but in future releases, such Ads would add value to the customer experience.
LEPRD performs the above activities on the grounds that they are necessary for purposes of LEPRD's legitimate interests in informing users about LEPRD services and features or those offered by LEPRD partners.
​
Non-marketing communications.
LEPRD may use data to send surveys and other communications that are not for the purpose of marketing the services or products of LEPRD or its partners.
LEPRD performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, or for purposes of LEPRD's and its users’ legitimate interests in informing users about events that may have an impact on their use of LEPRD services.
8. Legal proceedings and requirements. We use data to investigate or address claims or disputes relating to the use of LEPRD's services, to satisfy requirements under applicable laws, regulations, or operating licenses or agreements, or pursuant to legal processes or governmental requests, including from law enforcement.
LEPRD performs the above activities on the grounds that they are necessary for purposes of LEPRD's legitimate interests in investigating and responding to claims and disputes relating to the use of LEPRD's services and features, and/or necessary for compliance with applicable legal requirements.
​
COOKIES AND THIRD-PARTY TECHNOLOGIES
LEPRD and its partners use cookies and other identification technologies on our apps, websites, emails, and online ads for purposes described in this notice.
Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and advertisements. LEPRD uses cookies and similar technologies for purposes such as:
-
Authenticating users
-
Remembering user preferences and settings
-
Determining the popularity of content
-
Delivering and measuring the effectiveness of advertising campaigns
-
Analyzing site traffic and trends, and generally understanding the online behaviors and interests of people who interact with our services
We may also allow others to provide audience measurement and analytics services for us, to serve advertisements on our behalf across the internet, and to track and report on the performance of those advertisements. These entities may use cookies, web beacons, SDKs, and other technologies to identify the devices used by visitors to our websites, as well as when they visit other online sites and services.
​
DATA SHARING AND DISCLOSURE
Some of LEPRD's services and features require that we share data with other users or at a user’s request. We may also share such data with our affiliates, subsidiaries, and partners, for legal reasons or in connection with claims or disputes.
LEPRD may share data:
​
With other users.
This includes sharing:
-
Riders’ first name, rating, and pickup and/or dropoff locations with drivers.
-
Riders’ first name with other riders in a carpool trip. Riders in carpool trips may also see the drop-off location of the other riders.
-
For drivers, we may share data with the rider(s), including name and photo; vehicle make, model, color, license plate, and vehicle photo; location (before and during the trip); average rating provided by users; the total number of trips; period of time since they signed up to be a driver; contact information; and driver profile, including compliments and other feedback submitted by past users.
We also provide riders and order recipients with receipts containing information such as a breakdown of amounts charged, the driver’s first name, photo, and route map. We also include other information on those receipts if required by law.
-
For those who participate in LEPRD's referral program, we share certain data of referred users, such as trip count, with the user who referred them, to the extent relevant to determining the referral bonus.
​
At the user’s request.
This includes sharing data with:
-
Other people at the user’s request. For example, we share a user’s ETA and location with a friend when requested by that user, or a user’s trip information when they split a fare with a friend.
-
LEPRD business partners. For example, if a user requests a service through a partnership or promotional offering made by a third party, LEPRD may share certain data with those third parties. This may include, for example, other services, platforms, apps, or websites that integrate with our APIs; vehicle suppliers or services; or those with an API or service with which we integrate with connection to promotions, contests, or specialized services.
​
With the general public.
Questions or comments from users submitted through public forums such as LEPRD blogs and LEPRD social media pages may be viewable by the public, including any data included in the questions or comments submitted by a user.
​
With LEPRD subsidiaries and affiliates.
We share data with our subsidiaries and affiliates to help us provide our services or conduct data processing on our behalf.
​
With LEPRD service providers and business partners.
These include:
-
Payment processors and facilitators
-
Background check and identity verification providers
-
Cloud storage providers
-
Google, in connection with the use of Google Maps in LEPRD's apps (see Google’s privacy policy for information on their collection and use of data)
-
Social media companies, including Maalik, Facebook, and TikTok, in connection with LEPRD's use of their tools in LEPRD's apps and websites (see Facebook’s privacy policy and TikTok’s privacy policy for information on their collection and use of data)
-
Advertising intermediaries who enable LEPRD to display and measure the effectiveness of personalized ads.
-
Marketing partners and marketing platform providers, including social media advertising services, advertising networks, third-party data providers, and other service providers to reach or better understand our users and measure advertising effectiveness
-
Research partners, including those performing surveys or research projects in partnership with LEPRD or on LEPRD behalf.
-
Vendors that assist LEPRD to enhance the safety and security of LEPRD apps and services
-
Consultants, lawyers, accountants, and other professional service providers
-
Insurance and financing partners
-
Airports
-
Third-party vehicle suppliers, including fleet and rental partners
​
For legal reasons or in the event of a dispute.
LEPRD may share users’ data if we believe it’s required by applicable law, regulation, operating license or agreement, legal process, or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns.
This includes sharing data with law enforcement officials, public health officials, other government authorities, airports (if required by the airport authorities as a condition of operating on airport property), or other third parties as necessary to enforce our Terms of Service, user agreements, or other policies; to protect LEPRD's rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services. In the event of a dispute relating to the use of another person’s credit card, we may be required by law to share your data, including trip or order information, with the owner of that credit card.
This also includes sharing data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
​
With the consent.
LEPRD may share a user’s data other than as described in this notice if we notify the user and they consent to the sharing.
​
DATA RETENTION AND DELETION
LEPRD retains user data for as long as necessary for the purposes described above.
LEPRD retains user data to provide its services and comply with its legal obligations.
LEPRD retains user data for as long as necessary for the purposes described above. The period for which we retain user data is determined by the type of data, the category of user to whom the data relates, and the purposes for which we collected the data.
The length for which LEPRD retains user data may further be determined by legal and regulatory requirements, purposes of safety, security, and fraud prevention, or by issues relating to the user’s account such as an outstanding credit or an unresolved claim or dispute.
For example:
-
We retain certain categories of users for a maximum of 7 years regardless of the lifetime of the user's account, such as location data used to calculate the fee of the trip to comply with Tax regulations.
-
We retain certain categories of data of all users for a period unrelated to the lifetime of the user's account, to avoid fraudulent use of the app. The period for which the data is retained will be determined by the necessity of the data for purposes of safety, security, and fraud prevention, as well as legal and regulatory requirements. Examples include incomplete driver applications, which are retained for 1 year, and rejected driver applications and customer service communications on safety incidents, which are retained for 7 years.
-
Pursuant to legal and regulatory requirements, for purposes of safety, security, and fraud prevention, or because of an issue relating to the user’s account such as an outstanding credit or an unresolved claim or dispute, we may retain certain categories of data after the deletion of the user's account, such as user profile information, vehicle and tax data. This generally means that we retain their account and data for 7 years after a deletion request.
Users may request the deletion of their accounts at any time by contacting us. LEPRD may retain user data after a deletion request due to legal or regulatory requirements or for reasons stated in this policy.
Following an account deletion request, LEPRD deletes the user’s account and data, unless they must be retained due to legal or regulatory requirements, for purposes of safety, security, and fraud prevention, or because of an issue relating to the user’s account such as an outstanding credit or an unresolved claim or dispute. Because we are subject to legal and regulatory requirements relating to drivers, this generally means that we retain their account and data for the applicable statutory retention period after a deletion request.