RideFly Privacy Policy

Last Updated: 21st of February 2026

This Privacy Policy explains how the RideFly mobile application, operated by Four Seasons LTD (referred to as "we," "us," "our," or "RideFly"), collects, uses, shares, and protects your information. This policy applies to all RideFly clients, including web and mobile applications.

We may periodically update this Privacy Policy to reflect changes in our practices. Any updates will be noted by the revision date at the top of this document, and we may notify you of significant changes via email or in-app notifications. Please review this policy regularly to stay informed.

1. Information We Collect

Personal Information

To enable the use of RideFly's services, we collect specific information from users:

• Contact Information: Full name, preferred language, email, and phone number for registration and communication purposes.
• Delivery and Order Details: Address for service delivery, order history, and any public reviews or ratings submitted within the app.
• Account Information: Login details such as your phone number and password, along with a record of interactions (e.g., bookings, itinerary searches) to facilitate your account experience.
• Attachments (Passport, ID, or Photos): If required for identification or verification purposes, users may upload documents such as passports, national ID cards, or photos.

Location Data

When using certain location-based features, such as finding nearby airports, we may collect location information. This data is controlled through your device settings and can be adjusted as needed.

Payment Information

For transactions, we use third-party payment providers, Switch/Zaincash Ltd/FastPay. They collect and manage your payment information independently of RideFly. We do not store credit card details or other sensitive financial information on our servers.

Payment Tokenization

When you make a payment through Switch, a secure token is initialized and linked to your card. This tokenization process allows for faster and more convenient future payments without requiring you to re-enter your card details each time.

2. Purpose of Information Collection

We use your data to provide and improve the services offered through RideFly, specifically to:

• Facilitate Service Delivery: Enable reliable order fulfillment, track bookings, and manage accounts.
• Support Communications: Notify you of important updates or account-related changes.
• Enhance User Experience: Develop and improve RideFly's services by analyzing aggregated data for quality control.
• Legal Compliance: Meet obligations under applicable laws and regulatory requirements.
• Identity Verification: Use uploaded attachments (passport, ID, or photos) to verify users' identities when required for specific services, ensuring security and compliance.

3. Information Sharing

Your data may be shared under specific circumstances, outlined as follows:

• Payment Processing: Payment information is securely processed by Switch/Zaincash Ltd/FastPay. Please refer to their privacy policies for details on how they handle and protect your payment information.
• Travel and Airline Partners and Visa: For travel and visa bookings, we may share necessary account details with airline partners to complete your reservation.
• Legal and Compliance: We may share information with law enforcement or regulatory bodies to comply with legal requirements or protect the rights and safety of our users and the public.
• Corporate Transactions: In the event of a merger, acquisition, or asset sale involving Four Seasons LTD, your information may be transferred to the acquiring entity. You will be notified of any such changes required by law.

4. Your Rights

Under applicable data protection laws, including GDPR, you have specific rights regarding your personal data:

• Access: Request details about the personal data we hold by contacting us at info@ridefly.com.
• Deletion: Request deletion of your data. Note that doing so will disable access to RideFly services, as your data is essential for account functionality. Uploaded attachments (passport, ID, or photos) are automatically deleted 5 years after submission.
• Correction: If your information needs updating, contact us at info@ridefly.com.
• Data Portability: Request a copy of your personal data in a machine-readable format.
• Restriction of Processing: Request that we limit the processing of your data under certain circumstances.
• Objection to Processing: Object to the processing of your personal data in cases where we rely on legitimate interests.

To exercise any of these rights, please contact us at the email address provided. We will respond within the legally required timeframe.

5. Security of Your Information

We implement industry-standard security measures to protect your information from unauthorized access, alteration, or misuse. However, no online platform can guarantee complete data security.

6. Third-Party Service Providers

Our payment service partners, Switch IQ Ltd., Zaincash Ltd., and Fast Pay, handle all payment transactions for RideFly. Payment transactions will appear under these names on your bank or card statement.

Switch IQ Ltd

Address: Bldg. 161 Str. 45Dist.915, Hey Al-Jamaha, Al Jadria, Baghdad-Iraq
Phone: +9647904100000
Website: https://switch.com.iq/

Zaincash Ltd

Address: Baghdad, Jadirya, district 915, lane 24, 153 Building, 5th floor
Phone: +9647835428888
Website: https://zaincash.iq/

FastPay

Address: Iraq, Baghdad, Al Ameerat Street, Al Mansour District
Phone: 066 231 0000
Email: info@fast-pay.iq
Website: https://www.fast-pay.iq/

7. Use of Email and Phone for Verification and Notification

We use email and phone for account registration, login, and notification.

8. Data Retention Policy

We retain personal data only for as long as necessary to provide services and fulfill legal obligations. Attachments such as passport copies, ID documents, and photos are automatically deleted 5 years after submission.

User-Requested Data Deletion

You have the right to request deletion of your data at any time. Upon receiving a deletion request, we will process and delete your personal data. For users who have placed orders, all order-related data will be retained for five (5) years after the last order for legal, accounting, and regulatory compliance purposes, after which it will be permanently deleted.

Inactive Account Policy

If your account remains inactive for two (2) years (no logins, bookings, or transactions), we will send you a notification via email, SMS, or WhatsApp informing you that your account is scheduled for deletion. You will have a reasonable period to reactivate your account before deletion occurs. If no action is taken, your account and associated personal data will be permanently deleted in accordance with this policy.

9. Contact Us

If you have questions about this Privacy Policy, please contact:

• Four Seasons LTD (Operator of RideFly): info@ridefly.com

We are committed to complying with GDPR and other relevant data protection regulations to ensure the security and privacy of our users.