Legal
Privacy Policy
Last updated: April 2026 · Nova9 Agency, Mahé, Seychelles
Nova9 Agency (“we”, “us”, or “our”) operates Drivios and is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your personal information.
1. Who We Are
Drivios is operated by Nova9 Agency, a company registered in Mahé, Seychelles. We are the data controller for personal data processed through the Drivios platform.
Contact: marketing@nova9.agency
2. Data We Collect
We collect the following categories of personal and business data:
Account & Business Information
- Full name, email address, and password (hashed)
- Business name, address, and contact details
- Business logo and branding assets
- Billing information (processed and stored by Paddle — we do not store payment card details)
Operational Data
- Vehicle details: make, model, registration plate, daily rate, photos
- Customer records: name, email, phone, nationality, licence and ID documents
- Booking data: dates, amounts, vehicle assignments, payment records
- Contract data: signed digital rental agreements
- Financial records: income entries, expenses, ledger entries
Employee & HR Data
- Employee names, roles, contact details, national ID numbers
- Salary and payroll records
- Start and end dates of employment
Technical Data
- IP address and browser type (collected by our infrastructure providers)
- Usage logs and error reporting
- Cookies and session tokens (see Section 9)
3. How We Use Your Data
We use the data we collect for the following purposes:
- Providing and operating the Drivios platform
- Processing subscription payments via Paddle
- Sending transactional emails (booking confirmations, contract signing links)
- Providing customer support and responding to enquiries
- Improving the Service based on aggregated usage patterns
- Complying with legal obligations applicable in the Seychelles and other jurisdictions
- Preventing fraud and ensuring the security of the platform
We do not sell your personal data to third parties. We do not use your data for advertising purposes.
4. Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide the Service you have subscribed to
- Legitimate interests: Improving the Service, preventing fraud, and maintaining security
- Legal obligation: Complying with applicable laws and regulations
- Consent: For optional communications such as product updates and newsletters
5. Data Storage and Security
Your data is stored using Supabase, a managed PostgreSQL database platform. Data is stored in servers located in the European Union (EU West region), providing strong data protection standards consistent with GDPR requirements.
We implement the following security measures:
- All data is encrypted in transit using TLS/HTTPS
- Database data is encrypted at rest
- Row-level security policies ensure operators can only access their own data
- Authentication is handled via Supabase Auth with hashed passwords
- Access to production infrastructure is restricted to authorised personnel only
No method of transmission over the internet is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security.
6. Third-Party Services
We use the following third-party services to operate Drivios. Each of these services has their own privacy policies and data processing agreements:
- Supabase — Database, authentication, and file storage (supabase.com/privacy)
- Vercel — Hosting and deployment infrastructure (vercel.com/legal/privacy-policy)
- Paddle — Payment processing and subscription management (paddle.com/legal/privacy). Paddle is the merchant of record for your subscription.
- Resend — Transactional email delivery (resend.com/privacy)
- n8n — Workflow automation for booking notifications and integrations
We only share data with these services to the extent necessary to provide the Service.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide you with the Service. Specifically:
- Active account data is retained for the duration of your subscription
- Following account termination or cancellation, we retain your data for up to 90 days before permanent deletion, to allow for recovery if needed
- Financial and billing records may be retained for up to 7 years as required by applicable accounting and tax laws
- You may request earlier deletion of your data by contacting us (see Section 8)
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data (“right to be forgotten”)
- Right to data portability: Request your data in a machine-readable format (JSON or CSV)
- Right to restriction: Request that we restrict processing of your data in certain circumstances
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, email us at marketing@nova9.agency. We will respond within 30 days.
9. Cookies
Drivios uses cookies and similar technologies to operate the platform. The cookies we use include:
- Authentication cookies: Required to keep you logged in to your account. These are essential and cannot be disabled.
- Session cookies: Temporary cookies that expire when you close your browser, used to maintain your session state.
- Preference cookies: Used to remember your settings and preferences within the platform.
We do not use third-party advertising or tracking cookies. You can manage cookies through your browser settings, but disabling essential cookies may prevent you from using the Service.
10. Children's Privacy
Drivios is intended for use by business operators and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. International Data Transfers
Your data may be processed by our third-party service providers in countries outside your own. Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice within the platform. The date at the top of this page indicates when the policy was last revised. Continued use of the Service after any changes constitutes acceptance of the updated policy.
13. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data:
Nova9 Agency
Mahé, Seychelles
Email: marketing@nova9.agency