Comprehensive Privacy Notice

1. Personal Data Collected

We collect the following categories: Identification and Contact (full name, email, WhatsApp phone number, confirmed legal age, profile picture, emergency contact). Device and Security (IP address, User-Agent, device type, Device ID, FCM push tokens, and legal acceptance audit logs). Behavioral and Reputational (ratings given and received, trip history, cancellation rates, no-shows, and reputation metrics). Vehicle — drivers only — (make, model, color, seats, vehicle photos, and verification status).

2. Sensitive Data

The Platform collects the following sensitive data, which requires your explicit consent: Geolocation — origin, destination, intermediate stops, and real-time GPS routes, an indispensable technical necessity for route matching. Gender (optional) — used exclusively for security matching preferences (e.g., women-only rides).

3. Third-Party Data (Guests and Recipients)

When you enter personal data of third parties into the Platform (unregistered guest passengers or package recipients), you declare under oath that you have the prior, express, and informed consent of those individuals to share their name and phone number with ColoRideGo. You assume full legal liability before the INAI for any unauthorized entry of third-party data.

4. Purposes of Processing

Primary purposes (required): account creation and verification, algorithmic route matching, ecosystem security management, handling reports, and log retention for NOM-151 compliance. Secondary purposes (optional): marketing communications and statistical analysis for UX improvement. You can disable secondary purposes in the "Settings" section of the application.

5. Data Transfers and Internal Flows

Your data is shared with other users solely to perfect the voluntary expense-sharing agreement: name, photo, rating, vehicle (if applicable), and meeting location. ColoRideGo DOES NOT sell, rent, or commercialize databases to third parties for profit. Transfers to authorities will only be made through a reasoned and motivated judicial order.

6. Data Retention and Deletion

Your data is kept while your account is active and, thereafter, for the periods required by applicable commercial and tax law (typically up to 10 years for audit and legal acceptance logs). Technical operational data, sessions, and password recovery codes are subject to automatic temporary purging.

7. Exercise of ARCO Rights

You have the right to Access, Rectify, Cancel, and Object to the processing of your personal data. To exercise these rights, send your request with a valid official ID to: legal@coloridego.com

ColoRideGo will respond within a maximum of 20 business days.