Privacy Policy

LIVANTO GREEN INFRA PRIVATE LIMITED — Livanto Cab

Effective Date: 01 March 2026  |  Last Updated: 02 March 2026  | Version 1.0

This Privacy Policy is an electronic record under the Information Technology Act, 2000 and is published in compliance with Rule 3(1) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 (DPDP Act). It does not require a physical or digital signature.

1. Introduction

1. Introduction


1.1



1.1


Livanto Green Infra Private Limited ("Company", "we", "us", "our") operates the Livanto Cab mobile application and website at https://www.golivanto.com (collectively, the "Platform").

Livanto Green Infra Private Limited ("Company", "we", "us", "our") operates the Livanto Cab mobile application and website at https://www.golivanto.com (collectively, the "Platform").


1.2



1.2


This Privacy Policy explains how we collect, use, store, share, and protect your Personal Data when you access or use the Platform, and describes your rights in relation to that data.

This Privacy Policy explains how we collect, use, store, share, and protect your Personal Data when you access or use the Platform, and describes your rights in relation to that data.


1.3



1.3


By registering, accessing, or using the Platform, you acknowledge that you have read and understood this Policy and consent to the processing of your Personal Data as described herein. If you do not agree, please discontinue use immediately.

By registering, accessing, or using the Platform, you acknowledge that you have read and understood this Policy and consent to the processing of your Personal Data as described herein. If you do not agree, please discontinue use immediately.


1.4


1.4

This Policy must be read alongside our Terms and Conditions, which govern your use of the Platform. In case of conflict, this Policy shall prevail on all matters relating to data privacy.

This Policy must be read alongside our Terms and Conditions, which govern your use of the Platform. In case of conflict, this Policy shall prevail on all matters relating to data privacy.

2. Definitions

2. Definitions


2.1


In these Terms, the following definitions apply:

In these Terms, the following definitions apply:


"Personal Data"



"Personal Data"


any data about an individual who is identifiable by or in relation to such data, as defined under the Digital Personal Data Protection Act, 2023.

any data about an individual who is identifiable by or in relation to such data, as defined under the Digital Personal Data Protection Act, 2023.


"Data Principal"



"Data Principal"


means you, the individual to whom the Personal Data relates.

means you, the individual to whom the Personal Data relates.


"Data Fiduciary"



"Data Fiduciary"


The Company, which determines the purpose and means of processing Personal Data.

The Company, which determines the purpose and means of processing Personal Data.


"Data Processor"



"Data Processor"


Any third party that processes Personal Data on behalf of the Company.

Any third party that processes Personal Data on behalf of the Company.


"Processing"



"Processing"


Any operation performed on Personal Data, including collection, storage, use, sharing, disclosure, or deletion.


"Consent"



"Consent"


A free, specific, informed, unconditional, and unambiguous indication of the Data Principal's wishes.

3. Data We Collect

3. Data We Collect


3.1


We collect the following categories of Personal Data:

We collect the following categories of Personal Data:

Category

Data Points Collected

Required / Optional

Identity Data

First name, Last name

Required

Contact Data

Mobile number, Email address

Required

Location Data

Real-time GPS location during active Rides; pickup and drop-off coordinates

Optional

Optional

Real-time GPS location during active Rides; pickup and drop-off coordinates

Transaction Data

Ride history, Fare details, Payment transaction IDs, payment method type

Ride history, Fare details, Payment transaction IDs, payment method type

Required

Required

Device Data

Device model, OS version, unique device ID, IP address, app version

Device model, OS version, unique device ID, IP address, app version

Automatic

Automatic

Usage Data

App interaction logs, feature usage, crash reports, session data

App interaction logs, feature usage, crash reports, session data

Automatic

Automatic

Communication Data

Support chat logs, emails, complaint records

When submitted

When submitted

Marketing Preferences

Push notification settings, promotional opt-in/opt-out status

Push notification settings, promotional opt-in/opt-out status

Optional

Optional


3.2


3.2

We do not collect: card numbers, CVV codes, UPI PINs, net banking passwords, Aadhaar numbers, or biometric data. Payment credentials are handled exclusively by our PCI-DSS-compliant payment gateway partners.

We do not collect: card numbers, CVV codes, UPI PINs, net banking passwords, Aadhaar numbers, or biometric data. Payment credentials are handled exclusively by our PCI-DSS-compliant payment gateway partners.


3.3


3.3

We do not collect Sensitive Personal Data or Information (SPDI) as defined under applicable Indian law, unless explicitly required by law and consented to by you.

We do not collect Sensitive Personal Data or Information (SPDI) as defined under applicable Indian law, unless explicitly required by law and consented to by you.

4. How We Collect Data


4.1



4.1


We collect Personal Data through the following means:

  • Direct submission — when you register, book a Ride, contact support, or respond to communications

  • Automated collection — via the Platform as you use it (device data, location, usage logs)

  • Third-party sources — from payment gateways (transaction confirmation), analytics tools, and fraud detection partners

  • Device permissions — location access (foreground during Ride), camera (if used for profile or support), notifications

We collect Personal Data through the following means:

  • Direct submission — when you register, book a Ride, contact support, or respond to communications

  • Automated collection — via the Platform as you use it (device data, location, usage logs)

  • Third-party sources — from payment gateways (transaction confirmation), analytics tools, and fraud detection partners

  • Device permissions — location access (foreground during Ride), camera (if used for profile or support), notifications


4.2



4.2


Location Data (Optional in Version 1): Location access is not collected in the current version of the Platform. In a future version, the Platform may request foreground location access while a Ride is active. This will be communicated clearly to you at the time, and your consent will be sought before any location data is collected. We will never track your location in the background when the app is closed.

Location Data (Optional in Version 1): Location access is not collected in the current version of the Platform. In a future version, the Platform may request foreground location access while a Ride is active. This will be communicated clearly to you at the time, and your consent will be sought before any location data is collected. We will never track your location in the background when the app is closed.

5. Purpose & Legal Basis of Processing


5.1


We process your Personal Data only for specific, lawful purposes. The table below sets out our processing activities and their legal basis under the DPDP Act, 2023:

Purpose

Purpose

Data Points Collected

Data Points Collected

Required / Optional

Required / Optional

Account creation and management

Identity, Contact

Consent; Contract performance

Booking and fulfilling Rides

Identity, Location, Transaction

Contract performance

Processing payments

Transaction, Contact

Contract performance; Legal obligation

Customer support and dispute resolution

Identity, Communication, Transaction

Contract performance; Legitimate interest

Safety monitoring and fraud prevention

Device, Location, Usage

Legitimate interest; Legal obligation

Regulatory and legal compliance

All categories as required

Legal obligation

Platform improvement and analytics

Usage, Device

Legitimate interest

Marketing and promotions

Contact, Marketing Preferences

Consent (separate, withdrawable)


5.2


5.2

We will not use your Personal Data for any purpose not listed above without obtaining fresh consent or as otherwise required by law.

We will not use your Personal Data for any purpose not listed above without obtaining fresh consent or as otherwise required by law.

6. Data Sharing & Disclosure


6.1



6.1


We do not sell your Personal Data to any third party for commercial gain.

We do not sell your Personal Data to any third party for commercial gain.


6.2



6.2


We may share your Personal Data with the following categories of recipients, strictly on a need-to-know basis:

  • Company-employed Drivers — name and pickup/drop-off location for Ride fulfilment only

  • Payment Gateway Partners (e.g. Razorpay) — for transaction processing; governed by their own privacy policies

  • Fleet & Operations Management Systems — for vehicle dispatch and monitoring

  • Analytics & Crash Reporting Tools — for app performance improvement (data is aggregated or pseudonymised where possible)

  • Emergency Services — if you activate the SOS feature or there is a safety emergency requiring disclosure

  • Law Enforcement & Regulatory Authorities — when required by applicable law, court order, or government directive

  • Professional Advisers — lawyers, auditors, and insurers, subject to confidentiality obligations

  • Business Successors — in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections

We may share your Personal Data with the following categories of recipients, strictly on a need-to-know basis:

  • Company-employed Drivers — name and pickup/drop-off location for Ride fulfilment only

  • Payment Gateway Partners (e.g. Razorpay) — for transaction processing; governed by their own privacy policies

  • Fleet & Operations Management Systems — for vehicle dispatch and monitoring

  • Analytics & Crash Reporting Tools — for app performance improvement (data is aggregated or pseudonymised where possible)

  • Emergency Services — if you activate the SOS feature or there is a safety emergency requiring disclosure

  • Law Enforcement & Regulatory Authorities — when required by applicable law, court order, or government directive

  • Professional Advisers — lawyers, auditors, and insurers, subject to confidentiality obligations

  • Business Successors — in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections


6.3



6.3


All third-party Data Processors are contractually bound to process Personal Data only on our instructions, maintain appropriate security standards, and not use data for their own independent purposes.

All third-party Data Processors are contractually bound to process Personal Data only on our instructions, maintain appropriate security standards, and not use data for their own independent purposes.


6.4



6.4


Driver-facing information is limited to what is strictly necessary for Ride completion. Drivers do not receive payment instrument details, full email addresses, or Account history.

Driver-facing information is limited to what is strictly necessary for Ride completion. Drivers do not receive payment instrument details, full email addresses, or Account history.

7. Cross-Border Data Transfers


7.1



7.1


Your Personal Data is primarily stored and processed within India. Where any data is transferred outside India (for example, through cloud infrastructure or analytics services operated by foreign entities), such transfers shall be made only:

  • To countries notified by the Central Government as providing adequate data protection under the DPDP Act, 2023; or

  • Subject to contractual safeguards equivalent to those required under Indian law; or

  • As permitted by applicable Indian law

Your Personal Data is primarily stored and processed within India. Where any data is transferred outside India (for example, through cloud infrastructure or analytics services operated by foreign entities), such transfers shall be made only:

  • To countries notified by the Central Government as providing adequate data protection under the DPDP Act, 2023; or

  • Subject to contractual safeguards equivalent to those required under Indian law; or

  • As permitted by applicable Indian law


7.2


7.2

You may contact our Grievance Officer (Section 18) to request information about the countries to which your data may be transferred.

You may contact our Grievance Officer (Section 18) to request information about the countries to which your data may be transferred.

8. Data Retention


8.1


We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, subject to the following:

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, subject to the following:

Purpose

Data Points Collected

Required / Optional

Account & Identity Data

Duration of Account + 2 years post-deletion

Dispute resolution; Legal obligation

Ride & Transaction Records

7 years from transaction date

GST / Tax compliance (Indian law)

Communication & Support Logs

3 years from last interaction

Dispute resolution

Location Data

Not collected in Version 1. If collected in future versions: 2 years from Ride date

Safety investigations; Legal compliance

Safety monitoring and fraud prevention

Device, Location, Usage

Legitimate interest; Legal obligation

Device & Usage Logs

1 year (aggregated thereafter)

Fraud detection; Platform analytics

Marketing Consent Records

Duration of consent + 3 years

Proof of consent (DPDP Act)


8.2


8.2

After the applicable retention period, Personal Data will be securely deleted or irreversibly anonymised. Anonymised data may be retained indefinitely for aggregate analytics purposes.

9. Your Rights as a Data Principal

9. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights in relation to your Personal Data.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights in relation to your Personal Data.


9.1


9.1

Right to Access Information (Section 11, DPDP Act): You have the right to obtain from us: (a) a summary of the Personal Data we hold about you; (b) the identities of Data Processors and other fiduciaries with whom your data has been shared; and (c) any other information prescribed by law.

Right to Access Information (Section 11, DPDP Act): You have the right to obtain from us: (a) a summary of the Personal Data we hold about you; (b) the identities of Data Processors and other fiduciaries with whom your data has been shared; and (c) any other information prescribed by law.


9.2


9.2

Right to Correction & Erasure (Section 12, DPDP Act): You have the right to request: (a) correction of inaccurate or misleading Personal Data; (b) completion of incomplete Personal Data; (c) updating of Personal Data; and (d) erasure of Personal Data that is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.

Right to Correction & Erasure (Section 12, DPDP Act): You have the right to request: (a) correction of inaccurate or misleading Personal Data; (b) completion of incomplete Personal Data; (c) updating of Personal Data; and (d) erasure of Personal Data that is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.


9.3


9.3

Right to Grievance Redressal (Section 13, DPDP Act): You have the right to have your grievance redressed within the timeframes specified in Section 18 of this Policy. If unsatisfied, you may approach the Data Protection Board of India.

Right to Grievance Redressal (Section 13, DPDP Act): You have the right to have your grievance redressed within the timeframes specified in Section 18 of this Policy. If unsatisfied, you may approach the Data Protection Board of India.


9.4


9.4

Right to Nominate (Section 14, DPDP Act): You may nominate another individual to exercise your rights in the event of your death or incapacity. Nominations must be submitted in writing to [email protected].

Right to Nominate (Section 14, DPDP Act): You may nominate another individual to exercise your rights in the event of your death or incapacity. Nominations must be submitted in writing to [email protected].


9.5


9.5

Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time by contacting us at [email protected] or via app settings. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Withdrawal may affect your ability to use certain features of the Platform.

Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time by contacting us at [email protected] or via app settings. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Withdrawal may affect your ability to use certain features of the Platform.


9.6


9.6

How to Exercise Your Rights: Submit a written request to [email protected] with your registered name, mobile number, and a clear description of the right you wish to exercise. We will acknowledge your request within 72 hours and respond substantively within 30 days.

How to Exercise Your Rights: Submit a written request to [email protected] with your registered name, mobile number, and a clear description of the right you wish to exercise. We will acknowledge your request within 72 hours and respond substantively within 30 days.


9.7


9.7

We may need to verify your identity before processing any rights request to prevent unauthorised access to your data.

We may need to verify your identity before processing any rights request to prevent unauthorised access to your data.

10. Cookies & Tracking Technologies

10. Cookies & Tracking Technologies


10.1


10.1

Our website at https://www.golivanto.com may use cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and improve our services.

Our website at https://www.golivanto.com may use cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and improve our services.


10.2


10.2

We use the following types of cookies:

  • Strictly Necessary Cookies — essential for the website to function; cannot be disabled

  • Analytics Cookies — help us understand how visitors interact with the website (e.g. Google Analytics); may be disabled

  • Preference Cookies — remember your settings and preferences; may be disabled

We use the following types of cookies:

  • Strictly Necessary Cookies — essential for the website to function; cannot be disabled

  • Analytics Cookies — help us understand how visitors interact with the website (e.g. Google Analytics); may be disabled

  • Preference Cookies — remember your settings and preferences; may be disabled


10.3


10.3

You may control cookie settings through your browser preferences. Disabling non-essential cookies will not affect your ability to use the Platform.

You may control cookie settings through your browser preferences. Disabling non-essential cookies will not affect your ability to use the Platform.


10.4


10.4

The mobile application does not use browser cookies. It may use equivalent technologies (such as device identifiers and analytics SDKs) for the purposes described in Section 5.

The mobile application does not use browser cookies. It may use equivalent technologies (such as device identifiers and analytics SDKs) for the purposes described in Section 5.

11. Children's Privacy

11. Children's Privacy


11.1



11.1


The Platform is not intended for use by persons under 18 years of age. We do not knowingly collect Personal Data from children.

The Platform is not intended for use by persons under 18 years of age. We do not knowingly collect Personal Data from children.


11.2



11.2


If we become aware that we have inadvertently collected Personal Data from a child under 18 without verifiable parental consent, we will take immediate steps to delete such data from our records.

If we become aware that we have inadvertently collected Personal Data from a child under 18 without verifiable parental consent, we will take immediate steps to delete such data from our records.


11.3



11.3


If you believe a minor has provided us with their Personal Data, please contact us immediately at [email protected].

12. Security Measures

12. Security Measures


12.1



12.1


We implement appropriate technical and organisational security measures to protect your Personal Data against unauthorised access, loss, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit using TLS/SSL protocols

  • Encryption of data at rest using industry-standard algorithms

  • Role-based access controls limiting internal access to Personal Data

  • Regular security assessments and penetration testing

  • PCI-DSS-compliant payment processing through third-party gateways

  • Secure OTP-based authentication for all User logins

We implement appropriate technical and organisational security measures to protect your Personal Data against unauthorised access, loss, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit using TLS/SSL protocols

  • Encryption of data at rest using industry-standard algorithms

  • Role-based access controls limiting internal access to Personal Data

  • Regular security assessments and penetration testing

  • PCI-DSS-compliant payment processing through third-party gateways

  • Secure OTP-based authentication for all User logins


12.2



12.2


Notwithstanding the above, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security and disclaim liability for breaches caused by factors beyond our reasonable control, including cyberattacks by sophisticated threat actors.

Notwithstanding the above, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security and disclaim liability for breaches caused by factors beyond our reasonable control, including cyberattacks by sophisticated threat actors.


12.3


12.3

You are responsible for maintaining the security of your Account credentials. Do not share your OTP, password, or login details with any person, including those claiming to represent the Company. Our staff will never ask for your OTP.

You are responsible for maintaining the security of your Account credentials. Do not share your OTP, password, or login details with any person, including those claiming to represent the Company. Our staff will never ask for your OTP.

13. Third-Party Links & Services

13. Third-Party Links & Services


13.1



13.1


The Platform may contain links to third-party websites, payment interfaces, or integrated services (such as maps or analytics tools). This Privacy Policy does not apply to those third-party services.

The Platform may contain links to third-party websites, payment interfaces, or integrated services (such as maps or analytics tools). This Privacy Policy does not apply to those third-party services.


13.2


13.2

We encourage you to review the privacy policies of any third-party service you interact with. The Company accepts no responsibility or liability for the privacy practices of third-party services.

We encourage you to review the privacy policies of any third-party service you interact with. The Company accepts no responsibility or liability for the privacy practices of third-party services.

14. Marketing Communications

14. Marketing Communications


14.1



14.1


With your separate, explicit consent, we may send you promotional and marketing communications via push notifications, SMS, and email, including information about offers, new services, and Platform updates.

With your separate, explicit consent, we may send you promotional and marketing communications via push notifications, SMS, and email, including information about offers, new services, and Platform updates.


14.2


14.2

You may opt out of marketing communications at any time by:

  • Adjusting notification settings within the Livanto Cab app

  • Clicking the "Unsubscribe" link in any marketing email

  • Sending a written opt-out request to [email protected]

You may opt out of marketing communications at any time by:

  • Adjusting notification settings within the Livanto Cab app

  • Clicking the "Unsubscribe" link in any marketing email

  • Sending a written opt-out request to [email protected]


14.3



14.3


Opting out of marketing communications will not affect transactional notifications (e.g. booking confirmations, ride updates, receipts), which are necessary for the provision of Services.

Opting out of marketing communications will not affect transactional notifications (e.g. booking confirmations, ride updates, receipts), which are necessary for the provision of Services.


14.4



14.4


We will process opt-out requests within 7 (seven) business days. You may continue to receive communications already in processing at the time of your request.

We will process opt-out requests within 7 (seven) business days. You may continue to receive communications already in processing at the time of your request.

15. Automated Decision-Making

15. Automated Decision-Making


15.1


15.1

The Platform uses automated systems, including AI-assisted tools, to perform certain functions that may affect you, including:

  • Fraud detection and risk scoring

  • Account suspension for suspicious behaviour

  • Driver matching and allocation

  • Fare calculation


15.2


15.2

Where an automated decision significantly affects your Account (such as suspension), you have the right to request human review of that decision within 14 days by contacting the Grievance Officer at [email protected].


15.3


15.3

We do not use your Personal Data for profiling based on race, religion, caste, political opinion, or other sensitive characteristics.

16. Data Breach Response

16. Data Breach Response


16.1


16.1

In the event of a Personal Data breach that is likely to result in risk to the rights of Data Principals, we will:

  • Notify the Data Protection Board of India within the timeframe prescribed under the DPDP Act, 2023

  • Notify affected Users in the manner specified by the Board or as soon as reasonably practicable

  • Take immediate steps to contain and remediate the breach


16.2


16.2

Breach notifications to Users will be sent to the registered email address and/or mobile number on your Account and will include: the nature of the breach, data categories affected, likely consequences, and steps taken or proposed.

17. Changes to This Policy


17.1



17.1


We may update this Privacy Policy from time to time to reflect changes in law, our data practices, or our services. Material changes will be communicated to you via the Platform (push notification or in-app notice) at least 7 (seven) days before they take effect.


17.2



17.2


Your continued use of the Platform after the effective date of any updated Policy constitutes your acceptance of the revised terms. The current version of this Policy will always be available at https://www.golivanto.com and within the app settings.


17.3


17.3

If changes require fresh consent (e.g. a new processing purpose), we will obtain such consent before processing your data for the new purpose.

18. Grievance Officer & Contact

18. Grievance Officer & Contact

In compliance with Rule 3(2) of the IT (Intermediary Guidelines) Rules, 2021 and Section 13 of the DPDP Act, 2023, we have appointed a Grievance Officer to receive and address complaints relating to this Policy and your Personal Data.


18.1


Grievance Officer Contact Details:

Name

Name

Ashwani Kumar Dixit

Ashwani Kumar Dixit

Designation

Designation

Grievance Officer — Livanto Green Infra Private Limited

Grievance Officer — Livanto Green Infra Private Limited

Email

Email

[email protected]

Privacy Queries

Privacy Queries

[email protected]

Phone

Phone

9810403508

Address

Address

G08-B, Gulmohar Greens, Mohan Nagar, Loni Bhopura Road, Ghaziabad, Uttar Pradesh – 201005

G08-B, Gulmohar Greens, Mohan Nagar, Loni Bhopura Road, Ghaziabad, Uttar Pradesh – 201005

Office Hours

Office Hours

Monday to Friday, 10:00 AM – 6:00 PM IST (excluding public holidays)

Monday to Friday, 10:00 AM – 6:00 PM IST (excluding public holidays)


18.2


18.2

Response Timelines:

  • Acknowledgement of complaint: within 24 hours of receipt

  • Substantive resolution: within 15 (fifteen) days of receipt

  • Data rights requests (access, correction, erasure): within 30 (thirty) days of receipt

Livango

Professional ride-hailing services available 24/7. Your trusted partner for airport transfers, city rides, and hourly rentals.

Resources

Contact

FAQ

Support

Terms & Conditions