Effective Date: May 4, 2026 | Last Updated: May 4, 2026
This Privacy Policy describes how CoFare ("CoFare," "we," "us," or "our") collects, uses, and shares information about you when you use the CoFare mobile application (the "App") or visit cofare.ai (the "Site," together with the App, the "Service").
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
| Category | Examples | Required? |
|---|---|---|
| Account information | Email address; password (if you sign up by email); or third-party identifier (Sign in with Apple, Sign in with Google) | Yes |
| Profile information | Display name, age, gender, profile photo | Display name, age, and gender are required; photo is optional |
| Phone number | Phone number you choose to provide | Optional |
| Trip information | Pickup and destination locations, scheduled departure time, trip notes, matching preferences | Yes (to use matching) |
| Saved places | Labels and coordinates for places you save (e.g., "Home," "Work") | Optional |
| Messages | Chat messages exchanged with matched users | If you choose to chat |
| Ratings and reviews | Thumbs-up or thumbs-down ratings and any text feedback | Optional |
| Reports | Reports about other users' conduct | If you choose to report |
| Customer support | Information you provide when contacting us | If you contact us |
| Category | Details |
|---|---|
| Location data | Precise device location (GPS, cellular, Wi-Fi). See Section 4 for full details on when and how location is used, including limited background use during active matched trips. |
| Device and technical data | Device model, operating system version, mobile network provider, language, time zone, app version, push notification tokens, crash reports, performance metrics |
| Usage data | Screens viewed, features used, match requests, match outcomes, ride completion events, in-app navigation patterns |
| Identifiers | Internal user identifier; device-generated push tokens |
| Purchase data | In-app purchase transactions and receipts (processed by Apple App Store, Google Play Store, and RevenueCat). We do not collect or store payment card information ourselves. |
If you sign in using a third-party identity provider (Apple or Google), we receive the email address and name associated with your account, and any profile photo if you authorize it. We do not receive your Apple ID or Google account password.
The Service exists to connect you with other users. The information visible to other users depends on the stage of the interaction:
Your real-time location is never shared with other users. Only the trip pickup and destination areas you have chosen are shared, and only with users you have matched with.
We share information with vendors that help us operate the Service. These vendors are bound by contractual obligations to use the data only for our authorized purposes.
| Vendor | Purpose | Data Shared |
|---|---|---|
| Supabase (Amazon Web Services) | Database, authentication, real-time messaging | Account, trip, message, and report data |
| RevenueCat | In-app purchase management and receipt validation | User identifier, purchase transactions |
| Apple Inc. | Sign in with Apple; in-app purchases on iOS; push delivery (APNs) | Auth tokens, purchase receipts, push tokens |
| Google LLC | Sign in with Google; in-app purchases on Android; push delivery (FCM); Maps and Places APIs | Auth tokens, purchase receipts, push tokens, location coordinates for map rendering and address suggestions |
| Expo | Push notification routing | Push tokens, notification content |
| Sentry | Crash reporting and performance monitoring | Anonymized device identifier, crash stack traces, app state at the time of a crash. We do not send chat content, profile photos, or precise location coordinates to Sentry. |
We may disclose information to law enforcement, government authorities, or other parties when we believe in good faith that disclosure is necessary to (a) comply with a valid legal obligation, court order, or subpoena; (b) protect the rights, property, or safety of CoFare, our users, or the public; (c) detect, prevent, or address fraud or security issues; or (d) enforce our Terms of Service.
If CoFare is involved in a merger, acquisition, financing, sale of assets, or bankruptcy, your information may be transferred to the successor entity. We will provide notice through the App or by email if this happens.
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not rent or trade your information to third parties for marketing.
While the App is open and visible, we use your precise location to find nearby trips, suggest meeting points, and let you confirm pickup and destination details.
When you have an active matched trip, the App may use location while it is in the background to confirm that the matched ride actually occurred. This helps us correctly credit a completed ride and avoid charging you a pass when no ride happens. Background location is used only during a limited window around your scheduled departure time and turns itself off automatically after the trip ends. We do not use background location for any other purpose.
Your real-time location is never shared with other users. Only the trip pickup and destination areas you have chosen are shared, and only with users you have matched with. Specific GPS coordinates are not displayed to other users.
You can revoke location permissions at any time through your device's system settings. The Service requires location to function. Without location permission, you will not be able to use most features.
You may grant access to your camera or photo library to set or update your profile photo. We use these permissions only when you actively choose to add a photo. We do not access the camera or photo library in the background. Your profile photo is uploaded to our backend storage and shown only to users you have matched with (and to you).
We use push notifications to inform you of new match requests, accepted matches, chat messages, and ride-related events. You can disable push notifications through your device settings at any time. Disabling push notifications may cause you to miss time-sensitive events. You should not rely solely on push notifications for safety-critical or time-critical information. Push notifications can be delayed, lost, or blocked by your device, network, or operating system.
We retain your information for as long as it is needed to provide the Service and to meet our legal and operational requirements. In general:
If you delete your account, we delete or anonymize your account data on a reasonable schedule, except for information we are required to keep by law or that we need to keep for legitimate business purposes such as fraud prevention, legal claims, or unresolved disputes.
We use commercially reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS/TLS), row-level access controls in our database, secure on-device storage of authentication tokens, and authentication through trusted third-party identity providers.
No security measure is perfect. We cannot guarantee that unauthorized access, theft, or breach will never occur. If a security incident affects your information, we will notify you in accordance with applicable law.
For privacy requests we cannot complete in-app, contact us at support@cofare.ai.
If you are a California resident, you have these rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
To exercise these rights, email support@cofare.ai or use the in-app account deletion feature. We will respond within 45 days. If we cannot complete your request, you may appeal by replying to our denial.
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, Minnesota, Maryland, New Jersey, and others as enacted) have similar rights to access, correct, delete, and obtain a portable copy of their information, and to opt out of certain processing. To exercise these rights, contact us at support@cofare.ai.
Where state law permits, you may designate an authorized agent to make a privacy request on your behalf. We may require verification of identity and a written authorization.
Some browsers transmit "Do Not Track" or "Global Privacy Control" signals. Because there is no industry-wide standard for handling these signals across mobile apps, we currently do not respond to them. You may still exercise your rights as described above.
The Service is intended only for adults 18 years of age and older. We do not knowingly collect personal information from anyone under 13. If we learn that we have collected personal information from a child under 13 without proper consent, we will delete that information promptly. If you believe a child under 13 has provided us with information, please contact us at support@cofare.ai.
The Service is currently intended only for users physically located in the United States. If you access the Service from outside the United States, you do so at your own risk and consent to your information being processed in the United States. United States laws may differ from those in your country and may not provide the same level of protection.
The Service may include links to or interaction with third-party websites or apps (for example, when you launch your preferred ride-hailing app to book a ride). We are not responsible for the privacy practices of those third parties. Their use of your information is governed by their own privacy policies, which you should review.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App or by email. The "Last Updated" date above shows when the most recent revision took effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests about this Privacy Policy or your information: