Privacy Policy

iCar24 mobile application • Effective date: April 25, 2026

This Privacy Policy describes how iCar24 ("we," "our," or "us") collects, uses, stores, and protects information when you use our mobile application (the "App"). iCar24 connects clients with mobile automotive service providers (technical service, car wash, tire service, battery assistance, evacuator, and additional services configured by the operator).

By creating an account or using the App, you agree to the practices described in this Policy. If you do not agree, please do not use the App.

1. Information We Collect

We collect only the information needed to operate the service.

1.1 Information you provide

Phone number — used as your account identifier and for one-time SMS verification.
Name — displayed to the service provider when you place an order.
City — to show services available in your area.
Profile photo (optional).
Service provider profile (only if you register as a provider): brand name, description, address, vehicle make and model, vehicle color, license plate, and selected services.

1.2 Information collected automatically

Location — when you actively place an order, to find the nearest service provider; while you are an active provider, to share your live location with the assigned client.
Device identifiers — Firebase Cloud Messaging (FCM) push notification token, device platform (iOS / Android), and app version. Used solely to deliver order notifications.
Order history — services requested, address, price, timestamps, and provider rating.
Usage logs — basic technical logs (errors, request IDs) used to operate and debug the service.

1.3 Information we do not collect

We do not collect your contacts, photo library, calendar, or messages.
We do not use third-party advertising trackers.
We do not sell your personal data.

2. How We Use Information

To create and maintain your account.
To match clients with the nearest available service provider.
To deliver real-time order updates and push notifications.
To process payments securely through licensed payment processors.
To enable two-way ratings between clients and providers.
To prevent fraud, abuse, and to comply with legal obligations.
To improve app performance and user experience (aggregated, non-identifying analytics).

3. Legal Basis for Processing

We process your data on the following grounds:

Performance of a contract — to provide the services you have requested.
Consent — for optional features such as location sharing, push notifications, and providing your photo.
Legitimate interests — for security, fraud prevention, and service improvement.
Legal obligation — to comply with applicable law and lawful requests from authorities.

We do not sell your personal information. We share limited data only with the following service providers acting on our behalf and bound by contractual confidentiality:

Firebase (Google LLC) — push notification delivery (FCM). See Firebase Privacy.
Google Maps Platform — to render maps and resolve addresses. See Google Privacy Policy.
Eskiz.uz — to deliver one-time SMS verification codes (your phone number only).
Payme & Click — licensed payment processors in Uzbekistan. We pass only the transaction amount and a payment reference; full card details never reach our servers.
Hosting infrastructure — Railway / Render or equivalent providers operating our backend in compliance with their respective security standards.

We will share data with law enforcement only when required by valid legal process and limited to what is strictly necessary.

5. Location Data

Location is used in two scenarios:

Client side — when you tap the location icon or place an order, we read your current GPS position to suggest the pickup address and find the nearest provider. You may also pick the location manually on the map.
Provider side — while you have an active assigned order, your live location is sent to the client so they can track your arrival. Location sharing stops automatically when the order is completed or cancelled.

You may revoke location permission at any time in your device settings. The App will continue to function but with reduced features.

6. Push Notifications

We use Firebase Cloud Messaging (FCM) to deliver order offers to providers and order status updates to clients. The notification token is stored on our server and tied to your account. You can disable notifications at any time in your device settings; logging out also removes the token from our servers.

7. Payments

Payments are processed by licensed Uzbekistan payment providers (Payme and Click). We do not see, receive, or store your full card number, CVC, or PIN. We retain only the transaction reference, amount, timestamp, and status for accounting and dispute purposes.

8. Data Retention

Account data — retained while your account is active.
Order history — retained for up to 24 months for your reference and for accounting compliance.
Payment transactions — retained for 5 years to comply with financial record-keeping laws.
Push tokens — removed when you log out or when the device is no longer reachable.
Backups — encrypted backups may persist for up to 30 days after deletion.

9. Security

We protect your data with industry-standard measures:

All API traffic is encrypted with TLS (HTTPS).
Authentication tokens (JWT) are stored in the device's secure keychain (iOS Keychain / Android Keystore).
Passwords are never stored — authentication is via SMS one-time code.
Wallet balances and payment records are stored in PostgreSQL with access restricted to authorized server processes.
Service account keys for third parties are stored as encrypted environment variables, never in source code.

No system can be 100% secure. If we become aware of a data breach that affects you, we will notify you and the appropriate authorities without undue delay.

10. Your Rights & Choices

You have the right to:

Access the personal information we hold about you.
Correct inaccurate information directly in the App's profile section.
Delete your account and associated data (see section 11).
Withdraw consent for optional features (location, notifications) via device settings.
Object to processing or request a copy of your data by contacting us.

11. Account & Data Deletion

You can delete your account directly from the App: open the side menu → Profile → Delete account. This action is permanent and irreversible. Upon deletion:

Your profile, photo, brand details, and vehicle information are removed.
Your push notification tokens are removed.
Your past orders are anonymized: the order remains for accounting but is no longer linked to your identity.
Wallet balance, if any, is forfeited unless you request a refund before deletion.

Alternatively, you may request deletion by contacting our support team on Telegram: @icar24_supportbot from the phone number associated with your account.

12. Children's Privacy

iCar24 is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

13. International Data Transfers

Our servers are operated in regions where our hosting provider has data centers (currently Europe / United States). When you use the App from outside those regions, your data may be transferred and processed internationally. We rely on the security and data-processing commitments of our hosting and infrastructure providers.

14. Changes to This Policy

We may update this Policy from time to time. The "Effective date" at the top of the page reflects the latest revision. Material changes will be notified within the App. Continued use of the App after a change indicates your acceptance.

15. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us on Telegram:

Telegram support: @icar24_supportbot

© 2026 iCar24. All rights reserved. This page is also available at the following stable URL for App Store and Google Play submission: https://icar24.uz/privacy (or your hosted backend URL /privacy).