Privacy Policy

Last updated: April 16, 2026

Overview

Zarta (“we,” “us,” or “our”) operates the Zarta platform for shuttle operators, including the web application at gozarta.com, the embeddable booking widget, and the Zarta Driver mobile application (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Services.

Information We Collect

Account Information

When you create an account or are invited to the platform, we collect your email address and password. Staff members may also provide their name, phone number, and address.

Customer and Booking Information

When a booking is made through the platform, we collect the information necessary to fulfill that reservation:

  • Passenger names and contact information (email, phone number)
  • Pickup and drop-off locations
  • Travel dates and times
  • Luggage and special needs requirements
  • Flight information (airline, flight number) when provided

Payment Information

We use third-party payment processors (Stripe and Elavon) to handle payment transactions. Your full card number is tokenized directly by these processors and is never transmitted to or stored on our servers. We retain only the last four digits of your card, the card type, transaction identifiers, and payment amounts for record-keeping purposes.

Location Data

The Zarta Driver app collects precise GPS location data (latitude, longitude, speed, and heading) while a driver has an active trip in progress. This data is used to provide real-time shuttle position tracking. Location data is collected only with the driver’s explicit permission, only while a trip is active, and only while the app is in the foreground.

Device Information

If you enable push notifications in the Zarta Driver app, we collect your device push token (APNs for iOS, FCM for Android) to deliver notifications about schedule changes, new bookings, and cancellations. This token is removed when you log out.

Error and Performance Data

We use Sentry for error tracking and performance monitoring. When an error occurs, Sentry may collect technical information such as stack traces, device type, and app version. Error reporting is disabled during development and active only in production builds.

Communication Data

We send transactional emails (booking confirmations, reminders, cancellations) through Postmark. We track email delivery status, including whether emails were delivered, opened, or bounced, to ensure reliable communication.

Cookies and Analytics

We do not use cookies, third-party analytics, or tracking pixels on our website or in our applications.

How We Use Your Information

We use the information we collect to:

  • Process and manage shuttle bookings
  • Process payments and issue refunds
  • Provide real-time shuttle tracking for passengers and operators
  • Send booking confirmations, reminders, and schedule updates
  • Notify drivers of new bookings, cancellations, and schedule changes
  • Monitor and improve the reliability and performance of our Services
  • Detect and prevent fraud or unauthorized access

How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

  • With shuttle operators: When you make a booking, your booking and contact information is shared with the shuttle operator fulfilling your reservation.
  • Payment processors: Stripe and/or Elavon process your payment transactions in accordance with their own privacy policies.
  • Service providers: We use Postmark for email delivery and Sentry for error tracking. These providers process data on our behalf under contractual obligations to protect your information.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encrypted data transmission (HTTPS/TLS) for all communications
  • Encrypted storage for sensitive credentials and payment data
  • On-device encryption for locally stored data in the Driver app, with per-device encryption keys stored in the OS keychain (iOS Keychain / Android Keystore)
  • JWT-based authentication with automatic token expiration
  • Role-based access controls for operator staff

Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Booking records and payment history are retained for accounting and legal compliance purposes. You may request deletion of your account and associated personal data by contacting us.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Opt out of marketing communications
  • Withdraw consent for location tracking (via device settings)

To exercise any of these rights, please contact us at the email address listed below.

Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

privacy@gozarta.com