Privacy Policy

Last Updated: January 3, 2026 | ICO Registration: ZC042900

1. Introduction

Welcome to Nyata AI. We are committed to protecting your privacy and personal data. This Privacy Policy explains how Nyata Ltd ("we", "us", or "our") collects, uses, and safeguards your information when you use our AI companion application designed to help Bristol residents access community services, support resources, local information, and transportation services including taxi bookings.

Our Commitment

Nyata Ltd is registered with the Information Commissioner's Office (ICO) under registration number ZC042900. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect the following types of information to provide and improve our service:

2.1 Information You Provide

  • Account Information: Email address, name, and password when you create an account
  • Profile Information: Optional profile details and profile picture you choose to provide
  • Chat Conversations: Messages you send to our AI characters to provide personalized responses and improve service quality
  • Booking Information: Pickup and destination addresses, payment preferences, and contact details when booking taxis, barbers, or beauty services
  • Feedback and Ratings: Service ratings, reviews, and any feedback you submit

2.2 Information Automatically Collected

  • Usage Data: How you interact with the app, features used, conversation frequency, and session duration
  • Device Information: Device type, operating system, app version, and unique device identifiers
  • Location Data: Precise GPS location when using taxi services (with your permission), approximate location for Bristol-specific information
  • Analytics: App performance, crash reports, and usage patterns to improve user experience
  • Push Notification Tokens: Device tokens for sending booking updates and notifications

2.3 Information from Third Parties

  • Authentication Services: If you sign in with Apple, Google, or other OAuth providers, we receive basic profile information
  • Payment Information: Payment data processed by Stripe (we do not store full card details)
  • Driver Information: Licensed taxi driver details from our partner network

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

  • Provide AI-powered conversations and responses
  • Deliver personalized Bristol community service information
  • Process and manage taxi, barber, and beauty service bookings
  • Enable real-time tracking and driver matching
  • Send booking confirmations, updates, and notifications
  • Remember your conversation history and preferences

3.2 Service Improvement

  • Analyze usage patterns to enhance features
  • Train and improve AI models (in anonymized form)
  • Identify and fix technical issues
  • Develop new features based on user needs
  • Improve booking algorithms and driver matching

3.3 Communication

  • Send service updates and announcements
  • Provide booking status notifications via push notifications and email
  • Respond to your inquiries and support requests
  • Send notifications about Bristol community events (if you opt-in)
  • Provide information about API usage and billing

3.4 Safety and Security

  • Verify driver licenses and credentials for taxi services
  • Generate verification codes for secure pickups
  • Enable ride sharing for safety purposes
  • Prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations including Bristol City Council taxi regulations
  • Enforce our Terms of Service

Legal Basis for Processing (UK GDPR):

  • Contract Performance: To provide the services you've requested including taxi bookings
  • Legitimate Interests: To improve our services, maintain security, and match you with drivers
  • Consent: For optional features like marketing communications and location tracking
  • Legal Obligation: When required by law or regulatory requirements

4. Taxi Booking Services

When you use our taxi booking service, we collect and process additional information to facilitate your journey:

4.1 Booking Information

  • Journey Details: Pickup address, destination address, estimated distance and duration
  • Location Data: Real-time GPS coordinates for pickup location and live tracking
  • Payment Preference: Whether you'll pay the driver by cash, card, or either
  • Contact Information: Email address for booking confirmations and updates
  • Verification Code: A 4-digit code generated for secure passenger-driver verification

4.2 Driver Information Shared With You

When a driver accepts your booking, you will receive:

  • Driver's name and profile photo
  • Vehicle details (make, model, color, registration)
  • Bristol City Council PHV license number and expiry date
  • Driver rating and completed rides count
  • Real-time driver location during your journey
  • Estimated time of arrival

4.3 Your Information Shared With Drivers

Drivers receive only the information necessary to complete your journey:

  • Your name (first name only)
  • Pickup and destination addresses
  • Your preferred payment method
  • Verification code for identity confirmation

Driver Verification:

All drivers on our platform are licensed by Bristol City Council as Private Hire Vehicle (PHV) drivers. We verify license numbers and expiry dates to ensure your safety. License information is displayed in the app for your peace of mind.

4.4 Ride Sharing Feature

For your safety, we offer a "Share My Ride" feature that allows you to share your journey details with trusted contacts. This includes:

  • Driver name and vehicle details
  • Pickup and destination addresses
  • Real-time tracking link
  • Estimated arrival time

5. Payment Processing

We use Stripe as our payment processor for taxi booking fees. Here's how we handle your payment information:

5.1 Payment Methods Accepted

  • Apple Pay: One-tap payment using Face ID or Touch ID (iOS devices)
  • Google Pay: One-tap payment using fingerprint or PIN (Android devices)
  • Credit/Debit Card: Direct card payment via secure Stripe form

5.2 What We Store

  • Stripe Payment Intent ID (for transaction reference)
  • Payment status (authorized, captured, refunded, cancelled)
  • Transaction timestamps
  • Booking fee amount (£2.00)

What We DON'T Store:

We never store your full card number, CVV, expiry date, or any sensitive payment credentials. All payment data is securely processed by Stripe, who are PCI DSS Level 1 certified.

5.3 Authorization and Capture

Our payment system uses a two-step process to protect you:

  1. Authorization: When you book, we place a temporary hold on your card for £2.00. This is NOT a charge.
  2. Capture: The £2.00 is only charged when a driver accepts your booking.
  3. Cancellation: If you cancel before a driver accepts, the hold is released immediately (no charge).
  4. Refund: If the driver cancels or no drivers are available, you receive a full refund.

Payment Timeline

Hold Release: If cancelled, the authorization hold typically disappears from your bank statement within 24-48 hours, depending on your bank.

Refunds: Processed refunds typically appear in your account within 5-10 business days.

5.4 Stripe's Privacy Policy

Payment processing is subject to Stripe's privacy policy. For more information, visit stripe.com/privacy.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

6.1 Service Providers

We work with trusted third-party service providers who help us operate our service:

  • Cloud Hosting: Data storage and server infrastructure
  • Stripe: Payment processing for booking fees
  • Pusher: Real-time updates and notifications
  • Appilix: Push notification delivery to iOS and Android
  • Google Maps: Location services, routing, and geocoding
  • Email Services: Transactional emails for bookings and updates

All service providers are contractually bound to protect your data and may only use it for the purposes we specify.

6.2 Taxi Drivers

When you book a taxi, relevant booking information is shared with the assigned driver to complete your journey. Drivers are bound by our driver terms which require them to protect your information.

6.3 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations, court orders, or government requests
  • Comply with Bristol City Council taxi licensing regulations
  • Enforce our Terms of Service and other agreements
  • Protect the rights, property, or safety of Nyata, our users, drivers, or the public
  • Investigate potential violations, fraud, or security issues

6.4 Business Transfers

If Nyata Ltd is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6.5 With Your Consent

We may share your information for other purposes with your explicit consent, such as when using the "Share My Ride" feature.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest
  • Payment Security: All payments processed through PCI DSS Level 1 certified Stripe
  • Access Controls: Strict access controls limit who can view your data
  • Verification Codes: 4-digit codes ensure secure passenger-driver verification
  • Regular Audits: Security assessments and vulnerability testing
  • Employee Training: Staff are trained on data protection principles
  • Incident Response: Procedures to address potential data breaches

Data Breach Notification:

In the unlikely event of a data breach affecting your personal information, we will notify you and the ICO within 72 hours as required by UK GDPR, and provide information about the breach and steps we're taking to address it.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

You can request a copy of the personal data we hold about you, including your booking history and conversation logs.

8.2 Right to Rectification

You can ask us to correct inaccurate or incomplete data.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. Note that we may need to retain certain data for legal compliance (e.g., taxi booking records for regulatory purposes).

8.4 Right to Restriction of Processing

You can request that we limit how we use your data.

8.5 Right to Data Portability

You can receive your data in a structured, commonly used format and transmit it to another service.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

8.7 Rights Related to Automated Decision-Making

While we use algorithms for driver matching and fare estimation, you have the right to request human review of automated decisions that significantly affect you.

How to Exercise Your Rights

To exercise any of these rights, please contact us at: ibrahim@nyataai.co.uk

We will respond to your request within one month. In complex cases, this may be extended by two further months, and we will inform you of any extension.

8.8 Right to Complain

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Chat History: Retained while your account is active; you can delete conversations at any time
  • Taxi Booking Records: Retained for 2 years for regulatory compliance and dispute resolution
  • Payment Records: Retained for 7 years as required by UK tax regulations
  • Usage Analytics: Aggregated and anonymized data may be retained indefinitely
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

10. Children's Privacy

Nyata AI is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If we discover that we have collected data from a child under 13, we will delete it immediately.

For users aged 13-18, we recommend parental guidance when using the app, particularly for booking services. Parents or guardians can contact us to review, delete, or limit collection of their child's information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via email or in-app notification
  • Your continued use of Nyata AI after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Contact Information

Nyata Ltd
1F23 Student Venture
University of the West of England
Bristol, BS16 1QY
United Kingdom

Email: ibrahim@nyataai.co.uk
ICO Registration: ZC042900

International Data Transfers:

Your data is primarily stored and processed in the United Kingdom. Some of our service providers (such as Stripe and Pusher) may process data in other countries. When we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses where applicable.

Additional Resources:

  • Terms of Service - Our terms and conditions
  • FAQs - Frequently asked questions about privacy and data
  • Help Center - Guides on managing your privacy settings