Ridero logo

Privacy Policy — Ridero

Last updated: 29/11/2025

This Privacy Policy explains how Ridero ("Ridero", "Grupo Holeria", "we", "us") collects, uses, stores and protects personal information in connection with the Ridero platform: backend services hosted on Google Cloud, the web administrative panel and the Riders mobile apps for iOS and Android.

1. Data Controller

The data controller responsible for processing personal data is:

Grupo Holeria S.L.
Paseo Castellana, 194
28046 Madrid, España
Email: soporte@holeria.com

2. Information We Collect

We collect the following categories of personal data:

2.1 Account information

From administrators, supervisors and riders: name, email, phone number, company association, role and hashed password.

2.2 Rider geolocation data

Real-time GPS coordinates, route information and timestamps. This information is used to assign riders, calculate routes and track deliveries. Geolocation may be collected in foreground and in background.

2.3 Delivery and operational data

Orders received via stores, assignment and status updates, interaction logs and timestamps.

The delivery name and address information is only kept while the order is in progress, it is immediately deleted afterwards.

2.4 Device information

Device model, OS version, app version and push notification token (FCM / APNs).

2.5 Technical and usage data

IP address, browser information (admin panel), activity logs, crash reports and analytics.

3. How We Use Your Information

  • Account creation and management.
  • Assigning and managing orders; providing real-time tracking to supervisors and administrators.
  • Geolocation for proximity-based assignment, routing and geofence validation.
  • Push notifications for new orders and system alerts.
  • Security, fraud prevention and system integrity monitoring.
  • Legal compliance (e.g., responses to lawful requests).

5. Data Sharing

We do not sell personal data. We may share data with:

5.1 Service providers

Examples include Google Cloud (hosting), Firebase (notifications, crash reporting), Fleet API (order integration), Google Maps & Routes API (navigation). These providers act as processors and are contractually bound to protect data.

5.2 Authorized Ridero personnel

Administrators may access company-wide data. Supervisors access data scoped to their company and riders.

5.3 Legal authorities

When required by law or to protect legal rights.

6. Data Retention

We retain personal data only as long as necessary:

Data typeTypical retention
Account informationWhile account is active
Delivery records5 years (or as required by regulation)
Geolocation data30–180 days (operational needs)
Logs & crash reportsUp to 12 months

Users may request deletion in accordance with applicable law (see User Rights).

7. Data Security

We implement technical and organizational measures including:

  • Encrypted transport (HTTPS/TLS)
  • Password hashing and secure authentication
  • Token-based APIs and least-privilege access
  • Regular backups and infrastructure isolation within Google Cloud

However, no system is completely secure; if a breach occurs we will follow applicable notification obligations.

8. International Data Transfers

Data may be stored in data centers located in the EU or elsewhere. Transfers are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs) and other GDPR-compliant measures.

9. User Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Object to processing
  • Request portability
  • Withdraw consent

To exercise rights, contact: [privacy@example.com]

10. Children’s Privacy

The platform is not intended for children under 18. We do not knowingly collect data from minors.

11. Third-Party Services

We use third-party services which have their own privacy policies, including but not limited to:

  • Google Cloud (Cloud Run, Cloud SQL)
  • Firebase (Cloud Messaging, Crashlytics, Analytics)
  • Google Maps & Routes API
  • Flutter Background Geolocation and Flutter Geolocator Plugin (rider location tracking)
  • Fleet API v1 (external order integration)

12. Changes to this Policy

We may update this policy. We will notify users of material changes via the app or by email.

13. Contact Information

If you have questions or wish to exercise your data protection rights, contact:

Grupo Holeria S.L.
Paseo Castellana, 194
28046 Madrid, España
Email: soporte@holeria.com