Voyacar

Privacy Policy

Last updated: 2026-06-01

This Privacy Policy explains how Voyacar, Inc. (Delaware, USA) (“Voyacar”, “we”, “us”) collects, uses, shares and protects your personal data when you use the Voyacar platform. It also explains your rights and how to exercise them. Voyacar is a booking intermediary that connects you with independent rental agencies.

1. Who is responsible for your data

The data controller for the platform is Voyacar, Inc. (Delaware, USA). You can contact us about privacy at [email protected].

Because we offer our service to people in the European Union, the EU General Data Protection Regulation (GDPR) applies to that processing. For users in Morocco, Law 09-08 on the protection of individuals with regard to the processing of personal data applies and the competent authority is the CNDP.

When you book, the rental agency you select becomes a separate, independent data controller for the data it receives, and processes it under its own privacy policy (see Section 6).

2. Scope and minimum age

This policy applies to the Voyacar website, applications and booking services. The platform is intended for people aged 18 or over; we do not knowingly collect data from anyone under 18 and will delete it if we discover it.

3. What personal data we collect

Depending on how you use the platform, we collect:

  • Account and contact data: first and last name, email address, phone number, password (stored hashed), preferred language and currency.
  • Address and location data: postal address, country, and the city you search or book in.
  • Booking data: vehicles, dates, pick-up details, reservation history and status.
  • Driver and identity data: the driver details (and, where required to fulfil the booking, driving-licence and ID information) needed by the agency to provide the rental.
  • Payment data: transaction amounts, currency and status. Card payments are processed by Stripe; we do not store your full card number.
  • Content you provide: reviews and ratings, inspection photos, dispute messages and attachments, and messages you send us.
  • Technical and usage data: IP address, device and browser information, pages viewed, and analytics identifiers (via Google Tag Manager).
  • Third-party sign-in data: where you log in with Google or Facebook, the basic profile information you authorise them to share.

4. How we collect it

We collect data directly from you (when you register, book, pay, review, or contact us), automatically through your use of the platform (technical and usage data, cookies), and from third parties such as your sign-in provider (Google/Facebook) and our payment provider (Stripe).

5. Why we use your data and our legal basis

We use your personal data for the following purposes, each with a legal basis under the GDPR:

  • To create and manage your account — performance of a contract.
  • To process a booking and transmit it to the chosen agency, including the driver details it needs — performance of a contract.
  • To take and manage payment of the Service Fee through Stripe, and to prevent payment fraud — performance of a contract and our legitimate interest in preventing fraud.
  • To provide customer support and handle disputes (messages, attachments, inspection reports) — performance of a contract and our legitimate interest in resolving disputes.
  • To publish and moderate reviews — our legitimate interest in operating a trustworthy marketplace.
  • To keep the platform safe and prevent fraud and abuse — our legitimate interest in security.
  • To measure and improve the platform with analytics — your consent for non-essential cookies and trackers.
  • To send you service messages, and (where you have opted in) marketing — performance of a contract for service messages, and your consent for marketing.
  • To comply with accounting, tax and other legal obligations, and to respond to lawful requests — compliance with a legal obligation.
  • To establish, exercise or defend legal claims — our legitimate interest in protecting our rights.

6. Who we share your data with

We share personal data only as necessary, with:

  • The rental agency you book with — an independent data controller that uses your booking and driver data to provide the rental under its own privacy policy. We recommend you review the agency’s policy before booking.
  • Stripe — our payment provider, which processes your payment and acts both as our processor and, for its own fraud-prevention and regulatory purposes, as an independent controller. See stripe.com/privacy.
  • Service providers that act on our instructions (processors): hosting, email delivery, and analytics. They may only use the data to provide their service to us.
  • Sign-in providers (Google, Facebook) when you choose to log in with them, and analytics/advertising providers where you have consented.
  • Authorities, courts, advisers or auditors where required by law or to protect our rights, and any successor in the event of a reorganisation, merger or sale.

We do not sell your personal data.

7. International data transfers

Voyacar operates from the United States, agencies are located in the countries where they rent vehicles (currently Morocco), and some providers are in the EU. Your data may therefore be transferred across borders, including outside your country.

Where we transfer personal data from the European Economic Area to a country that does not provide an equivalent level of protection, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, or on a derogation permitted by law (for example transfer necessary to perform your booking). For transfers out of Morocco, we comply with Law 09-08 and obtain CNDP authorisation where required. You can ask us for more information about these safeguards at [email protected].

8. How long we keep your data

We keep personal data only as long as necessary for the purposes above, then delete or anonymise it. As a guide:

  • Account data: for the life of your account, then deleted or anonymised after closure.
  • Booking and transaction records: kept for the period required by accounting and tax law (typically several years).
  • Driver and identity data: kept only for as long as needed to fulfil the booking and the dispute/claim window, then deleted; we minimise this data because of its sensitivity.
  • Dispute messages, inspection photos and attachments: for the duration of the dispute and the applicable limitation period for claims.
  • Reviews: while your account is active or until you ask us to remove them.
  • Analytics and usage data: for a limited period aligned with our analytics configuration.
  • Fraud and abuse records: for as long as needed to protect the platform.

9. Cookies and tracking

We use cookies and similar technologies. Strictly necessary cookies make the platform work and do not require consent. Analytics and marketing technologies (loaded through Google Tag Manager) are used only with your consent, which you can give or withdraw at any time through our cookie settings.

10. How we protect your data

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls on a need-to-know basis, hashed passwords, vendor due diligence, and tighter handling of sensitive identity data. No system is completely secure; please use a strong, unique password and keep your credentials confidential.

11. Marketing and your choices

If you have opted in, we may send you marketing about our service. You can unsubscribe at any time using the link in each message or in your account settings. Withdrawing consent does not affect service messages necessary to manage your bookings.

12. Automated decisions

We may use automated checks to help detect fraud and keep the platform safe. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing without human involvement. If this changes, we will update this policy and provide the safeguards the law requires.

13. Your rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you and obtain a copy;
  • rectify inaccurate or incomplete data;
  • erase your data (“right to be forgotten”) where the conditions are met;
  • restrict or object to certain processing, including processing based on our legitimate interests;
  • data portability — receive certain data in a structured, machine-readable format;
  • withdraw consent at any time, without affecting processing already carried out; and
  • lodge a complaint with a supervisory authority.

To exercise your rights, contact [email protected]; some options are also available in your account. We may need to verify your identity. EU users may complain to their local data-protection authority (for example, in France, the CNIL); users in Morocco may complain to the CNDP. If you are a California resident, you also have rights under the CCPA/CPRA, including to know, delete and opt out of any “sale” or “sharing” of personal information — we do not sell your data.

14. Children

The platform is not intended for anyone under 18. We do not knowingly collect their data; if you believe a minor has provided us data, contact [email protected] and we will delete it.

15. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new “last updated” date and, where the change is material, take reasonable steps to notify you before it takes effect.

16. Contact us

For any privacy question or to exercise your rights, contact Voyacar, Inc. or email [email protected].

We use cookies

We use cookies to improve your experience, analyse traffic, and personalise content. Choose which categories you’re comfortable with.

Privacy policy