Privacy Policy

Last Updated: May 20, 2026

Flyd (“we,” “our,” or “us”) operates the Flyd carpooling mobile application. We are committed to protecting your personal data and your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection laws.

This Privacy Policy explains how we collect, use, store, and share your personal data when you use our mobile application and related services (collectively, the “Service”).

1. Data Controller

The entity responsible for processing your personal data is:

  • Company Name: Flyd

  • Registration Number: 3433948-3

  • Address: Kitarakuja 3 C
    00420 HELSINKI

  • Contact Email: support@flyd.app

2. The Personal Data We Collect

We only collect personal data that is necessary to provide you with a safe, efficient, and functional carpooling experience. This includes:

  • Account & Authentication Data: Name, email address, phone number, encrypted password, and profile picture (if provided).

  • Identity Verification Data: Government-issued ID, driver’s license (for drivers), and selfie/photo verification data to ensure platform safety.

  • Location & Route Data: Precise pickup locations, drop-off locations, travel routes, and real-time GPS coordinates (while using the app) to match riders and drivers and track active trips.

  • Financial & Transaction Data: Payment details, billing address, transaction history, and payouts (for drivers).

  • Device & Usage Data: IP address, device type, operating system, and app usage logs.

3. Legal Basis for Processing Data

Under the GDPR, we process your personal data under the following legal grounds:

  1. Performance of a Contract: To create your account, verify your identity, process payments, and facilitate matches between riders and drivers.

  2. Legal Obligation: To comply with financial, tax, and safety regulations in Finland.

  3. Legitimate Interests: To prevent fraud, improve our application services, and maintain platform security.

  4. Consent: For processing precise real-time location data (which you can turn off in your device settings) or sending marketing communications.

4. How We Use Your Data

We use your data strictly to run the Flyd platform, including to:

  • Verify your identity and phone number during registration.

  • Match riders with available drivers traveling along similar routes.

  • Calculate distances and navigate trips accurately using mapping tools.

  • Process secure ride payments and driver payouts.

  • Secure your account using industry-standard password encryption.

  • Provide customer support and resolve disputes.

5. Third-Party Service Providers (Data Processors)

We do not sell or rent your personal data to third parties. However, we share necessary data with trusted third-party service providers who assist us in operating our platform under strict Data Processing Agreements (DPAs):

  • Firebase (Google LLC): Used for secure User Authentication and sending One-Time Passwords (OTP) via SMS.

  • Google Sign-In: Used as an optional third-party authentication method to log into your account.

  • Google Maps API: Used to display maps, calculate routes, and provide location autocomplete services.

  • Stripe: Used to securely process all financial transactions. Note: Flyd does not store your raw credit card numbers or banking passwords; these are handled directly by Stripe.

6. Data Security and Encryption

We implement robust technical and organizational measures to safeguard your personal data:

  • Password Encryption: All user passwords are encrypted using strong, industry-standard cryptographic hashing functions before being saved. We never store passwords in plain text.

  • Transit Security: All communication between the app and our servers is encrypted using Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocols.

  • Access Control: Access to user data is strictly limited to authorized personnel who require it to perform their jobs.

7. International Data Transfers

Because we utilize infrastructure providers like Google (Firebase, Maps), your data may occasionally be processed or stored outside the European Economic Area (EEA), such as in the United States. Whenever such transfers occur, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • The data is transferred to a country deemed by the European Commission to provide an adequate level of protection.

  • We use specific Standard Contractual Clauses (SCCs) approved by the European Commission which give personal data the same protection it has in Europe.

8. Data Retention

We retain your personal data only for as long as your Flyd account remains active or as required to fulfill the purposes outlined in this policy.

  • Account Data: Retained as long as your account exists. If you request account deletion, your data will be deleted or anonymized within 30 days, except where legal obligations require longer retention.

  • Transaction Logs: Financial records are retained for up to 7 years to comply with Finnish accounting and tax laws.

9. Your GDPR Rights

As a resident of Finland and the EU, you possess the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.

  • Right to Rectification: You can request that we correct inaccurate or incomplete data.

  • Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data under certain conditions.

  • Right to Restrict Processing: You can ask us to pause the processing of your data.

  • Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format.

  • Right to Object: You can object to our processing of your data based on legitimate interests or direct marketing.

  • Right to Withdraw Consent: If we rely on your consent to process data (like GPS tracking), you can withdraw it at any time through your device settings.

To exercise any of these rights, please contact us at support@flyd.app.

If you believe we are not processing your data correctly, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu): www.tietosuoja.fi.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy inside the app or via email.

Scroll to Top