Privacy Policy

Last Revised: May 23, 2026

Effective Date: May 23, 2026

ZeroCommission LLC and its subsidiaries and affiliates ("Zero," "we," "us," "our") value your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information that identifies or relates to an identifiable individual ("personal information") when you use our websites, mobile applications, and other services that link to this Privacy Policy (collectively, the "Services").

This Privacy Policy does not apply to information we collect or process in the context of employment (e.g., job applicants, employees, contractors, riders, drivers, and any other person who uses the Services), unless otherwise stated.

By accessing or using the Services, you agree to this Privacy Policy.

1. How we Collect, Use, and Share personal information

We collect and use personal information to operate our Services as a TLC-licensed base in New York City, provide dispatch and related features, support riders and drivers, ensure safety and security, comply with legal obligations, and improve the Services.

A. Categories of personal information we collect

Depending on how you interact with us (as a Rider, Driver, visitor, or account holder), we may collect:

1) Identifiers and contact information

• Name, email address, phone number, mailing address

• Account username and authentication credentials (or tokens)

2) Device, usage, and technical data

• IP address, device identifiers, browser/app type and settings

• App interactions, log data, crash reports, timestamps, pages/screens

  viewed

3) Location information

• Precise geolocation (e.g., pickup/drop off, trip route or

  trip-related location) when you enable location services and authorize us to collect such information. For drivers, location services remain on when using the App and in the background when the App is not in use. For Riders location services remain on only when using the App

• Approximate location derived from IP address or device settings

• By using the Services and agreeing to sharing location with us, you

  consent to your data with respect to pickup and drop off locations being anonymized and used for our analysis of our aggregate trip platters.

4) Trip and service information

• Pickup/dropoff locations, route and distance, time and date, wait

  time, trip status

• Service preferences and special instructions you provide (where

  applicable)

5) Communications (in-app call & text masking)

To help Riders and Drivers communicate without revealing personal phone numbers, we use in-app call and text masking/relay. In connection with masked communications, we may collect:

• The fact that a call/text occurred, timestamps, and duration (call)

• Relay identifiers (e.g., masked/relay numbers or messaging IDs)

• Delivery status (e.g., sent/delivered/failed)

• Message content when sent through our in-app messaging features

  (or through relay services), and any attachments you choose to send (if supported)

• Limited device/network info used to deliver messages and prevent

  abuse

Important: Masking is intended to reduce sharing of personal phone numbers between Riders and Drivers; however, users may still voluntarily share personal contact details in messages.

6) Payment and financial information

• Payment method details (typically processed by third-party payment

  processors)

• Transaction history, receipts, refunds, chargebacks

• For Drivers: payout details (e.g., bank account or other payout

  method info)

• Any credit, debit, or prepaid card information collected by us or a

  credit, debit, or prepaid card services provider is processed by us or such provider in compliance with applicable payment card industry standards

7) Driver eligibility and compliance information (Drivers/applicants)

• Driver license/TLC licensing status and related credentials

• Vehicle registration and insurance information

• Identity verification and background check results (as provided by

  vendors)

• Driver profile data and onboarding documentation

8) Safety and support information

• Customer support messages and attachments

• Incident reports, complaints, lost-item reports, safety-related

  notes

• Reports of policy violations or suspected fraud/abuse

9) Inferences

• Inferences drawn from usage patterns (e.g., likely preferences,

  frequently used pickup areas) that may be used to personalize services for you and anticipate your requests.

B. How we collect personal information

We collect personal information:

• Directly from you (e.g., account registration, forms, customer

  support, driver onboarding, in-app messages)

• Automatically via your device (e.g., location, logs,

  cookies/SDKs)

• From third parties (e.g., payment processors, identity

  verification vendors, background check providers, fraud-prevention tools, and---where applicable---public or regulatory sources)

C. How we use personal information

We use personal information for the following business purposes:

1) Provide and operate the Services

• Create and manage accounts

• Enable rider requests, dispatch, trip routing, and trip completion

• Provide receipts, trip history, and account features

2) Communications between Riders and Drivers (masked calling/texting)

• Enable trip-related communications (pickup coordination, ETA,

  locating vehicle)

• Reduce the need to share personal phone numbers

• Prevent misuse (harassment, spam, fraud)

• Support investigations and customer support inquiries related to

  trips

3) Safety, security, and integrity

• Verify identity (where applicable)

• Prevent fraud and abuse

• Investigate complaints, incidents, and safety concerns

• Enforce our Terms and policies

4) Customer support

• Respond to questions, support requests, and disputes

• Handle lost and found and service issues

5) Compliance and legal obligations

• Meet requirements applicable to TLC-licensed bases and other legal

  obligations

• Maintain business records, accounting, audits, and tax compliance

• Respond to lawful requests from regulators, law enforcement, and

  courts

6) Improve and develop the Services

• Debugging, analytics, feature development, performance monitoring

• Research and internal reporting

7) Communications from Zero

• Send service-related messages (e.g., trip updates, receipts,

  security alerts)

• Send marketing communications where permitted (you may opt out)

8) Access Policy

• Employees, contractors, and third-party vendors may have access to

  your personal information for the purposes provided above.

D. How we disclose/share personal information

We may disclose personal information to the following categories of recipients:

1) Drivers and transportation providers

• To facilitate trips (e.g., pickup location, rider first name,

  destination, trip details)

• Drivers do not receive your full payment credentials

• When using masking/relay, Drivers and Riders generally see

  masked contact details (not personal phone numbers)

2) Service providers (vendors)

We use vendors to perform services such as:

• Payment processing

• Identity verification and background checks

• Cloud hosting and data storage

• Customer support tools

• Analytics and crash reporting

• Fraud and security monitoring

• **Communications providers that power call/text masking and message

  delivery**

These vendors are authorized to process personal information only as needed to provide services to us and under contractual obligations.

3) Legal, regulatory, and safety-related disclosures

We may disclose information when we believe it is necessary to:

• Comply with law or legal process

• Respond to requests from regulators (including the NYC Taxi &

  Limousine Commission), courts, or law enforcement

• Protect the rights, safety, and security of Zero, users, drivers, or

  the public

• Investigate and address fraud, security, or safety incidents

4) Business transfers

If we engage in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, which may be to foreign entities, such that different data protections may apply to you at that time.

5) With your consent or at your direction

We may share information when you ask us to or authorize us to do so.

E. Advertising, analytics, and tracking technologies

We may use cookies, SDKs, pixels, and similar technologies to:

• Remember preferences and maintain sessions

• Understand how the Services are used

• Measure marketing performance

• Improve security and prevent fraud

Targeted advertising / "sale" or "sharing" (where defined by law). Depending on the tools we use and applicable law, certain disclosures for analytics/advertising may be considered a "sale" or "sharing" of personal information. Where required, we provide opt-out rights (see Section 2).

Do Not Track. Because there is no consistent industry standard, we do not respond to "Do Not Track" signals.

Global Privacy Control (GPC). Where required by law, we honor recognized opt-out preference signals such as GPC.

2. Your privacy rights and choices

You are automatically opted out of all data and information sharing for commercial purposes that are not essential for your use of the App, except to the extent necessary to provide credit, debit, and prepaid card services and services for any application that provides for electronic payment, personal information will only be collected and used with such passenger's affirmative express consent and that such personal information will not be used, shared, or disclosed, except for lawful purposes, and you may opt-in to share your data and information for such purposes and other purposes when prompted in the App. Depending on where you live and applicable law, you may have rights to:

• Access: request confirmation of whether we process personal

  information and obtain a copy

• Correction: request correction of inaccurate personal

  information

• Deletion: request deletion of personal information (subject to

  legal exceptions)

• Portability: request a portable copy of certain information

• Opt out: opt out of certain processing, such as targeted

  advertising or profiling (where applicable)

• Non-discrimination: not be discriminated against for exercising

  privacy rights

• Appeal: appeal our decision on a rights request (where required)

A. How to exercise rights

You may submit a privacy request by:

• Emailing us at [Customer Support Email — TBD].

• Using in-app settings (if available) under the Support Page**.**

B. Verification

To protect you, we may need to verify your identity before fulfilling a request. If you have an account, we may verify through account login. If you do not have an account (or cannot access it), we may request additional information to verify your identity.

C. Authorized agents

Where permitted by law, you may use an authorized agent to submit a request on your behalf. We may require proof of authorization and verification of your identity.

D. Marketing preferences

You can opt out of marketing emails by using the "unsubscribe" method provided in those emails or by contacting us. Service-related communications (e.g., receipts, trip updates, security notices) may still be sent.

3. How to contact us

If you have questions or want to exercise your privacy rights, contact:

ZeroCommission LLC

Privacy Email: [Customer Support Email — TBD]

Support Email: [Customer Support Email — TBD]

4. Data Security and Limitations of Liability

We use reasonable administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW:

(A) NO GUARANTEE OF SECURITY: WHILE WE IMPLEMENT REASONABLE ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS TO PROTECT YOUR PERSONAL INFORMATION AND LOCATION DATA, YOU ACKNOWLEDGE AND AGREE THAT NO TRANSMISSION OF DATA OVER THE INTERNET OR MOBILE NETWORKS IS COMPLETELY SECURE. WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US OR THAT IS TRANSMITTED BY US (INCLUDING REAL-TIME LOCATION DATA, RIDE HISTORY, OR PAYMENT DETAILS). ANY TRANSMISSION OF DATA IS AT YOUR OWN RISK.

(B) THIRD-PARTY SERVICES: OUR APPLICATION INTEGRATES WITH THIRD-PARTY SERVICES NECESSARY FOR TRANSPORTATION LOGISTICS, INCLUDING BUT NOT LIMITED TO MAPPING SERVICES, PAYMENT PROCESSORS, AND BACKGROUND CHECK PROVIDERS. WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES, DATA SECURITY MEASURES, OR CONTENT OF THESE THIRD PARTIES. WE SHALL NOT BE LIABLE FOR ANY DAMAGES OR LOSSES ARISING FROM YOUR USE OF OR RELIANCE ON SUCH THIRD-PARTY SERVICES OR THE UNAUTHORIZED ACCESS OR MISUSE OF YOUR DATA BY SUCH PARTIES.

(C) EXCLUSION OF DAMAGES: IN NO EVENT SHALL ZERO, ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF DATA, LOSS OF PROFITS, LOSS OF USE, OR THEFT OF IDENTITY, ARISING OUT OF OR IN CONNECTION WITH:

• YOUR USE OF OR INABILITY TO USE THE SERVICE;

• ANY UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR

  DATA;

• THE INTERCEPTION OF LOCATION DATA BY UNAUTHORIZED PARTIES; OR

• ANY BREACH OF SECURITY OR DATA LEAK INCIDENT, UNLESS CAUSED BY OUR

  GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.

(D) LIMITATION OF LIABILITY CAP: IN THE EVENT THAT WE ARE FOUND LIABLE TO YOU FOR ANY DATA-RELATED DAMAGES DESPITE THE FOREGOING EXCLUSIONS, OUR AGGREGATE LIABILITY SHALL NOT EXCEED THE LESSER OF: (I) THE TOTAL AMOUNT PAID BY YOU TO USE THE SERVICE IN THE SIX (6) MONTHS PRIOR TO THE INCIDENT; OR (II) ONE HUNDRED U.S. DOLLARS ($100.00).

IN THE EVENT OF A DATA BREACH THE TLC, AMONG OTHER AUTHORITIES, WILL BE NOTIFIED PURSUANT TO SECTION 899-aa OF NEW YORK'S GENERAL BUSINESS LAW.

5. Data Retention

We retain personal information for a period of (7) years the purposes described in this Policy, including:

• providing the Services,

• maintaining business records,

• resolving disputes,

• enforcing agreements, and

• complying with legal obligations.

In-app masked communications retention. We may retain records of masked calls and texts (such as timestamps, duration, delivery status, and relay identifiers), and where applicable, message content sent through in-app messaging/relay, for purposes including safety, fraud prevention, customer support, dispute resolution, and legal compliance. Retention periods vary depending on the type of data and our legal/regulatory obligations.

6. Children's Privacy

The Services are not directed to individuals under 18, and we do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a child under 18, we will take steps to delete it.

7. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Revised" date above. If changes are material, we will provide additional notice as appropriate (such as an in-app notice). Your use of the Services constitutes acceptance of any changes to the Privacy Policy. If any time you do not agree with the terms and conditions associated with your use of the Services, you may stop using the Services and delete your account.