Privacy Policy
Last Updated: March 14, 2026
Welcome to Fayro. This Privacy Policy explains how we collect, use, strictly protect, and securely delete your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and HM Revenue & Customs (HMRC) regulations.
Fayro is the trading name of Cablink Outsource Limited, registered at Suite 57, Unit 4-5 Lochside Way, Edinburgh Park, Edinburgh, Scotland. We act as a booking agency connecting passengers with drivers.
For any privacy-related inquiries, data requests, or support, please contact us at admin@fayro.co.uk or visit www.fayro.co.uk.
1Information We Collect
To provide a secure and reliable service, we collect the following types of data:
- Personal Identifiable Information (PII): Name, email address, phone number, profile picture, saved locations (home/work), and device tokens for push notifications.
- Payment Information: We store a Stripe customer ID to facilitate seamless payments. (Actual card details are securely stored directly by Stripe, not by Fayro).
- Activity Data: Ride history, live location data during rides, payment transactions, ratings, reviews, and login sessions.
- Communication Data: Call recordings of voice calls between passengers and drivers made through the platform, as well as call metadata (duration, timestamps) and in-app message logs.
- Driver-Specific Data: Vehicle details, driving licence information, insurance documents, earnings, and commission records.
2How We Use Your Information & Legal Basis
We process your data based on legitimate business interests, user consent, and legal obligations:
- Service Delivery & Financial Processing: Because Fayro operates as an agency, we process your booking and handle our commission, while the driver provides the transport and is responsible for the fare receipt. Your data is used to ensure this financial split is accurate and transparent.
- Safety & Dispute Resolution (Call Recordings): To ensure the safety of both passengers and drivers, calls facilitated through our app are recorded. You are notified of this prior to the call. We rely on legitimate interest and user consent to capture these recordings for quality assurance and dispute resolution.
- Legal Compliance: We are required by UK law to retain certain financial and transactional records for tax and accounting purposes.
3Data Retention and Automated Erasure
We believe in keeping your data only for as long as absolutely necessary. Our systems run two parallel automated processes to enforce data minimization.
A. Call Recording Erasure
Voice recordings are strictly temporary. They are automatically and permanently deleted from our servers after a short, configurable retention period (typically one month). Once the audio file is destroyed, the associated call log metadata is anonymized, leaving only a basic record that a call occurred for a specific ride, with no personal identifiers attached.
B. User Account Erasure (The 2-Year Rule)
We track your last activity on the platform (e.g., logging in, completing a ride, or updating your profile). If your account remains inactive for 730 days (2 years), our automated system initiates a permanent data erasure process.
- 30-Day Warning: You will receive an email notifying you of the scheduled erasure date. Logging into your account during this 30-day grace period will cancel the deletion.
- Permanent Erasure: If no action is taken, your Personally Identifiable Information (name, phone, photos, saved addresses, and passwords) is permanently destroyed. We also trigger an API request to delete your customer record directly from Stripe. Your email is converted to an unrecognizable, inactive string.
C. Financial Record Retention (The 7-Year Rule)
To comply with HMRC tax laws and the Companies Act 2006, we must retain financial records (rides, fares, commissions, and invoices) for 7 years. During the GDPR erasure process, all retained financial data is entirely stripped of your personal identity. It is linked to an anonymized ID (e.g., GDPR-ABC123XYZ). This ensures our tax reporting remains legally compliant without retaining any information that could be traced back to you.
4Data Retention Summary
| Data Type | Retention Period | Action After Expiry |
|---|---|---|
| Call Recordings | Limited period (e.g. 1 month) | Permanently deleted |
| User PII (Name, phone, addresses) | 2 Years of Inactivity | Permanently deleted |
| Payment Details (Stripe) | 2 Years of Inactivity | Deleted from Stripe API |
| Call Metadata | Until user erasure or recording deletion | Anonymized |
| Ride History & Telemetry | 7 Years (HMRC Law) | Retained with Anonymized ID |
| Financial Transactions & Invoices | 7 Years (HMRC Law) | Retained with Anonymized ID |
| Compliance Audit Logs | Indefinite | Retained without PII |
5Your Data Privacy Rights
Under the UK GDPR, you have full control over your data. You may exercise the following rights at any time:
- Right to Access: You can view your personal data, ride history, and request access to call recordings (if still within the retention period) directly in the app.
- Right to Rectification: You can update or correct your profile information at any time.
- Right to Erasure: You do not have to wait 2 years for automated deletion. You can contact support to manually trigger an immediate erasure of your personal account data.
- Right to Data Portability: You can request an export of your personal data in a standard, readable format.
- Right to Object: You can contact us to opt out of specific data processing, such as call recording.
Exercise Your Rights
To exercise any of these rights, please email us at:
admin@fayro.co.uk