TripGuard – Privacy Policy Last Updated: 25th March, 2026
ThirdTap Technologies Limited (“we”, “our”, “us”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, share, and safeguard information when you use the TripGuard mobile application (the “App”).
TripGuard is operated by ThirdTap Technologies Limited, a company established under the laws of the Republic of Ghana, registered with the Data Protection Commission of Ghana.
By creating an account or using the App, you acknowledge that you have read and understood this Privacy Policy and agree to the practices described.
“Personal Data” means any information relating to an identified or identifiable natural person, as defined under the Data Protection Act, 2012 (Act 843).
“Data Subject” means the individual to whom Personal Data relates.
“Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
“Verified User” means a user who has created an account and completed identity verification requirements.
2.1 Account Information When you create an account, we may collect:
Full name
Phone number
Email address
Profile photo (optional)
Chosen role (driver or rider)
This information helps us verify users and maintain the integrity of the platform.
Legal Basis: Performance of contract; Legitimate interests (preventing fraud and fake accounts)
2.2 Location Data TripGuard may collect GPS location data when users:
Submit safety reports
Trigger caution alerts
Perform proximity safety checks
Location information helps provide safety features and context for reported incidents.
Location services may be disabled in your device settings, though some safety features may not function properly without them.
Legal Basis: Consent (explicit permission via device settings); Legitimate interests (providing safety features)
2.3 Media and Report Evidence Users may upload supporting evidence when submitting reports, including:
Photos
Videos
Audio recordings
Documents
OCR scans or text extractions
These materials are used to support safety reports and improve the reliability of submitted information.
Legal Basis: Performance of contract; Legitimate interests (ensuring report credibility)
2.4 Device and Usage Data We automatically collect certain technical information, including:
Device identifiers (IDFA, Android ID, IMEI where permitted)
Device model and operating system
App activity logs
Crash reports
Diagnostic data
IP address
Timestamps of activity
This information helps us monitor performance, detect abuse, and improve stability.
Legal Basis: Legitimate interests (platform security and performance)
2.5 Communications and Community Content Users may submit information through:
Safety reports
Comments
Rebuttals (as provided in the Terms of Use)
Messages (if implemented)
Content submitted through these features may be visible to other verified TripGuard users.
Legal Basis: Performance of contract; Legitimate interests (community safety)
2.6 Sensitive Personal Data Under Ghana’s Data Protection Act, 2012 (Act 843), certain categories of data are considered sensitive. TripGuard may collect the following sensitive data only when voluntarily submitted within safety reports:
Allegations of criminal conduct (harassment, assault, robbery)
Information revealing the commission of an offense
Users are expressly warned that submitting such allegations carries legal risks and must be based on good faith and reasonable belief, as set out in the Terms of Use.
Legal Basis: Explicit consent (by voluntarily submitting the report); Substantial public interest (public safety)
Operate, maintain, and improve TripGuard services
Verify user identity and prevent fraudulent accounts
Enable safety alerts and caution systems
Process incident reports and community warnings
Provide customer support
Send safety alerts and important platform notifications
Detect abuse or misuse of the platform
Improve safety algorithms and system reliability
Comply with applicable laws and regulatory requirements in Ghana
Respond to data subject requests
Defend against legal claims
TripGuard does not use personal data for automated decision-making that produces legal effects without human involvement.
Processing Activity Lawful Basis Account creation and management Performance of contract Safety report submission and display Performance of contract; Legitimate interests (public safety) Location-based safety features Consent; Legitimate interests Device and usage analytics Legitimate interests Report rebuttals and disputes Performance of contract; Legitimate interests Compliance with legal requests Legal obligation Detection and prevention of abuse Legitimate interests Where processing is based on legitimate interests, we have balanced those interests against your rights and freedoms. You may object to such processing by contacting us.
5.1 Service Providers We use trusted technology providers to operate TripGuard, including:
Firebase (Authentication, Firestore Database, Cloud Storage, Crashlytics) – Google Ireland Limited
Google Cloud Platform – Google Ireland Limited
Analytics and crash reporting tools
These providers process information only on our behalf and in accordance with written data processing agreements that require them to maintain appropriate security safeguards.
5.2 Community Visibility Certain information intentionally submitted by users may be visible to other verified TripGuard users, including:
Safety reports (vehicle registration numbers, phone numbers, incident descriptions)
Rebuttal statements
Evidence uploaded in support of reports
TripGuard does not publicly display personal user profiles in report lookups. Displayed content reflects text submitted by reporting users.
5.3 Legal Requirements We may disclose information:
When required by the laws of the Republic of Ghana
During criminal investigations by law enforcement
To prevent fraud or threats to public safety
To comply with lawful requests from courts, regulators, or government agencies
To enforce our Terms of Use
5.4 Business Transfers If TripGuard or ThirdTap Technologies Limited is acquired, merged, or undergoes a change of control, user data may be transferred as part of that transaction. Affected users will be notified in accordance with Section 9.
5.5 No Sale of Personal Data TripGuard does not sell, rent, or trade personal information to third parties.
The European Union (Google Cloud servers in [Belgium/Finland/etc.])
The United States
We ensure that such processing follows appropriate data protection safeguards, including:
Data Processing Agreements incorporating Standard Contractual Clauses (SCCs) approved by the European Commission
Ensuring providers maintain equivalent protection to Ghanaian data protection standards
You may request details of these safeguards by contacting us.
Firebase Authentication security controls
Firestore database access rules (row-level security)
Encryption of data in transit (TLS 1.2+)
Encryption of data at rest (AES-256)
Access controls for internal systems
Audit logging and monitoring
Regular security reviews
While we take appropriate security measures, no online system can guarantee absolute security. In the event of a data breach affecting your Personal Data, we will notify affected users and the Data Protection Commission of Ghana as required by law.
Users should avoid sharing sensitive personal information unnecessarily.
Data Category Retention Period Account information Duration of active account + 30 days grace period Reports and supporting evidence 12 months from submission, unless: (a) associated with an ongoing dispute, (b) required for legal proceedings, or (c) requested by law enforcement Rebuttal statements Same as associated report Location data 30 days from collection Device and usage logs 90 days Deleted accounts Data anonymized within 30 days; identifiable data retained only as required by law TripGuard may archive older reports to ensure the platform reflects current safety information. Archived reports may not remain publicly visible indefinitely.
Users may request earlier deletion of their personal data as provided in Section 10.
9.1 Right to Access You may request confirmation of whether we process your Personal Data and, if so, access to that data.
9.2 Right to Rectification You may request correction of inaccurate or incomplete Personal Data.
9.3 Right to Erasure (Right to be Forgotten) You may request deletion of your Personal Data where:
The data is no longer necessary for the purposes for which it was collected
You withdraw consent and no other legal basis exists
The data has been unlawfully processed
Deletion is required to comply with a legal obligation
We may retain data where processing is necessary for legal claims, regulatory compliance, or public safety purposes.
9.4 Right to Restrict Processing You may request restriction of processing where you contest accuracy, object to processing, or require data for legal claims.
9.5 Right to Data Portability You may request a copy of your Personal Data in a structured, commonly used, machine-readable format.
9.6 Right to Object You may object to processing based on legitimate interests, including profiling.
9.7 Right to Withdraw Consent Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect processing before withdrawal.
9.8 Right to Lodge a Complaint You have the right to lodge a complaint with the Data Protection Commission of Ghana at:
Data Protection Commission P.O. Box CT 6056, Cantonments, Accra Telephone: +233 (0) 302 966 203 Email: info@dataprotection.org.gh
9.9 Exercising Your Rights To exercise these rights, contact:
tripguardapp@gmail.com
We may require identity verification before fulfilling certain requests. We will respond within 30 days of receipt. If requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act.
10.1 Notification TripGuard does not automatically notify individuals when they are named in a report. Searched individuals may discover their inclusion by performing a lookup or upon receiving notice through dispute procedures.
10.2 Dispute and Rebuttal As provided in the Terms of Use, individuals who dispute a report may:
Submit a removal request if the report violates these Terms
Submit a rebuttal statement to be displayed alongside the original report
10.3 Correction Individuals may request correction of factual inaccuracies in reports where evidence is provided.
Users under 13 may only use the App under the supervision of a parent or legal guardian. If we become aware that we have collected Personal Data from a child under 13 without parental consent, we will delete that data promptly.
Accounts found to belong to children who do not meet the minimum age requirement may be suspended or removed.
Third-Party Links and Services The App may contain links to third-party websites or services (such as emergency service contacts). This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing any information.
Changes to This Privacy Policy We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or regulatory guidance.
Material changes will be communicated through:
In-app notifications
Email to registered users
A prominent notice within the App
Non-material changes may be posted without direct notification.
The “Last Updated” date at the top of this Privacy Policy will reflect the latest revision. Continued use of TripGuard after updates constitutes acceptance of the revised policy.
ThirdTap Technologies Limited Republic of Ghana Email: tripguardapp@gmail.com
Data Protection Officer (DPO): For data protection-specific inquiries, please use the same email address with the subject line: “ATTN: Data Protection Officer”
END OF PRIVACY POLICY