Privacy Policy
PART TWO: ACCEPTANCE OF TERMS AND USER ELIGIBILITY
Section 2.1: Full Agreement Acceptance
By using any Trevia service, you confirm that you have:
- Read this complete document from beginning to end
- Understood all terms, conditions, and policy provisions
- Accepted all liability limitations and disclaimers
- Consented to data collection and processing practices described herein
- Agreed to arbitration as the dispute resolution method
This is a binding legal contract between you and Trevia EV Technologies Pvt Ltd. If you do not agree with any provision, you must immediately discontinue use of the services and delete any downloaded applications.
Section 2.2: Age Requirements and Legal Capacity
To use Trevia services, you must meet the minimum age requirements. General services require users to be at least 13 years old, though parental consent is required for users under 18. Payment and financial services require users to be at least 18 years of age. If you represent a business entity, you must be an authorized representative with power to bind that organization to this agreement.
By using Trevia services, you represent and warrant that you meet all applicable age requirements for your jurisdiction and that you have the legal capacity to enter into binding agreements.
PART THREE: PRIVACY POLICY
Section 3.1: Information Collection and Types of Data
Trevia collects various categories of information to provide effective services to users. Understanding what data is collected and why is fundamental to our commitment to transparency.
Section 3.1.1: Information Provided Directly by Users
Account registration requires you to provide your full legal name, email address, and phone number. You may optionally provide additional information including date of birth, profile photograph, gender, and home or mailing address. This information is essential for account creation and communication purposes.
Vehicle information is collected for drivers and fleet users. This includes the vehicle registration number, vehicle make and model, year of manufacture, electric vehicle battery capacity, and the specific charging port type your vehicle uses. This information helps match vehicles with compatible chargers and optimize recommendations.
Location data is collected only when necessary to provide EV charging services. This includes GPS coordinates when searching for nearby chargers, your selected destination charger address, and navigation routes to specific charging stations. Location data is also collected for location verification during active charging sessions. Location data is only accessed with explicit permission from your device.
Trevia does not continuously track users in the background. Location access occurs only during active use of relevant application features such as discovering nearby charging stations, navigating to charging locations, or verifying charging session location.
Payment information is collected to facilitate payment through the Trevia Wallet system. Users provide payment method details and billing address during wallet setup. Trevia does not directly store complete credit card details due to PCI DSS compliance requirements. Card details are encrypted and processed exclusively by Razorpay or Paytm payment gateways.
Communication data includes the content of support tickets, in-app messages, emails to our support team, and feedback provided through user surveys.
Section 3.1.2: Information Collected Automatically
Device information is collected to understand how you access our services. This includes device type, operating system version, device identifiers, IP address, and mobile network information. Technical data encompasses browser details, HTTP log files, crash reports, and performance metrics.
Usage analytics are collected through various tracking mechanisms. This includes which features you use, which pages or screens you view, time spent on different sections, search queries, and booking patterns.
Cookies and tracking technologies are implemented across web and mobile platforms. Session cookies maintain your login status during your current session. Persistent cookies store user preferences and are retained for extended periods. Web beacons and pixel tags track page visits and user interactions. Analytics platforms including Google Analytics and Firebase receive aggregated usage data.
Section 3.1.3: Information from Third Parties
Third-party service providers contribute to our data collection. Google provides OAuth login functionality, location services, and geographic mapping data. Apple provides sign-in services and location permission management. Payment providers Razorpay and Paytm provide transaction confirmations and payment status updates.
Business partners including charging operators, fleet management systems, and fleet operators provide information necessary to deliver services. CPOs provide charger availability, specifications, and real-time status updates. Fleet operators provide vehicle fleet composition and employee assignment information.
Section 3.1.4: Camera Permission and QR Code Scanning
Trevia requests access to your device camera only with your explicit permission and solely for the purpose of scanning QR codes at EV charging stations. This functionality enables users to quickly initiate and authenticate charging sessions by scanning the QR code available on the charger.
Camera access is used only when you actively choose to scan a QR code within the application. Trevia does not access the camera in the background, does not record videos, and does not capture or store images or any visual data from your device.
The camera is activated only during the QR scanning process and is immediately disabled once the scan is completed or cancelled. No camera data is transmitted to our servers or shared with third parties.
You have full control over camera permissions and can enable or disable access at any time through your device settings. However, disabling camera access may limit your ability to scan QR codes and use certain charging features within the application.
Camera access is strictly limited to this feature and is not used for any other purpose.
Section 3.2: Purpose of Data Collection and Use
Data collected by Trevia is used for essential service delivery first and foremost. Your account is created and maintained using personal information. Charging bookings are processed using your account details, vehicle information, and location preferences. Wallet payments are processed through the Trevia internal wallet system and payment gateway integrations to charge your payment method and generate billing records. Real-time charger availability and pricing are displayed based on your location and vehicle type. Booking confirmations and session updates are sent via email or SMS. Customer support is provided based on information in your support tickets.
Beyond core service delivery, your data is used to improve our services. Usage patterns are analyzed to identify which features are valuable and which require enhancement. The application performance is monitored for stability and speed optimization. New features are developed based on identified user needs. User experience testing is conducted to improve interface design. Charger demand is forecasted to optimize expansion priorities.
Analytics and business intelligence use your data in aggregated and anonymized forms. Charger network utilization metrics are calculated. Revenue trends are tracked. Geographic demand patterns are identified. Performance benchmarks are established. Industry insights are generated.
Marketing communications are sent only with your explicit consent. Promotional emails about new chargers and special offers may be sent. In-app notifications notify you about relevant new features. SMS messages provide booking reminders and payment confirmations. Push notifications alert you to charger availability. You can opt out of all non-essential communications at any time.
For safety and legal compliance, your data is used to prevent and detect fraudulent transactions. Unauthorized access attempts are monitored. Payment disputes are investigated. Terms violations are addressed. Legal obligations to government agencies are fulfilled when required by court order. Physical safety concerns are reported to appropriate authorities.
Section 3.3: Data Sharing and Disclosure Practices
Your data is not sold to third parties under any circumstances. We do not engage in data brokerage or provide personal information to marketing agencies or data aggregators.
When you book a charger through our platform, the charging operator must receive certain information to fulfill your request. We share your booking confirmation including name, phone number, and email with the relevant CPO. Session details including duration, energy consumed, and cost are communicated. Vehicle type information is provided for charger compatibility verification. Your rating and feedback are shared with the operator.
We do not share your payment method details with CPOs. Your complete payment history remains private. Your home address is not provided to operators. Detailed location tracking data is not shared.
For fleet users, we provide fleet managers with aggregated usage patterns. This includes how frequently fleet vehicles visit chargers and preferred charging times. Cost analytics per vehicle are provided. Charging location preferences are shared. We do not provide individual employee personal information. Private phone numbers are not shared. Home addresses are withheld.
Analytics providers receive data in aggregated form. Google Analytics receives visitor patterns and usage flows. Firebase receives crash reports and performance data. Mixpanel receives feature usage patterns. All analytics data is anonymized and cannot identify individuals.
Payment processors including Razorpay and Paytm receive transaction information necessary for payment processing. They receive the transaction amount, order identifier, and your email address. They do not receive your complete payment history, vehicle information, or location data. These processors have their own privacy policies that you should review.
When we receive legal requests, we follow proper procedures. Law enforcement requests are honored only with valid court orders. Government agencies must provide legal authorization for any data access. Regulatory compliance requests from tax authorities or licensing agencies are fulfilled when legally required. We always require proper legal process except in genuine emergencies.
Section 3.4: Your Rights Regarding Your Personal Data
You have the fundamental right to know what personal data we maintain about you. To exercise this right, you can access most of your information through the app settings under Account Information. For a comprehensive copy of all data we hold, send an email to privacy@treviaev.in with subject line "Data Access Request." We will provide a complete data file within thirty days of your request.
You have the right to correct any inaccurate or incomplete information. You can edit most profile details directly within the application including name, email address, phone number, vehicle information, and home address. For historical data or other corrections, contact privacy@treviaev.in. We will make corrections within seven days of your request.
The right to delete your personal data is available to you upon request. Through the application, navigate to Settings, select Account, and choose Delete Account to initiate deletion. Alternatively, email privacy@treviaev.in with subject "Delete My Account." Your account will be deleted and personal data removed within thirty days. Please note that payment records must be retained for seven years per Indian tax law. Fraud investigation records are retained for three to five years. Legal dispute records are retained while disputes are active plus three additional years.
Data portability allows you to receive your information in standard formats. Email privacy@treviaev.in with subject "Data Portability Request" to request your data in CSV or JSON format. We will provide this within thirty days of your request.
Marketing communications can be controlled directly by you. Click the unsubscribe link in any marketing email to opt out. In the application, go to Settings, select Notifications, and disable marketing promotions. Email privacy@treviaev.in to opt out of all marketing communications. We will process opt-out requests within ten business days. Note that transactional communications including booking confirmations and payment receipts are not optional.
You can manage location tracking preferences. Go to application Settings, select Privacy, and disable location history. Revoke location permissions in your device settings. Remember that disabling location services limits charger discovery functionality. You remain able to manually select chargers without using location features.
Analytics and cookie tracking can be disabled. In application Settings under Privacy, select the option to disable analytics. Adjust cookie settings in your web browser. Enable Do Not Track if your browser supports this feature.
If you are not satisfied with how we respond to your privacy concerns, you can file complaints with data protection authorities. In India, contact the Office of the Chief Information Commissioner at cic-india.gov.in.
Section 3.5: Data Security Measures
Your data security is a critical priority. We implement comprehensive technical safeguards to protect information from unauthorized access, disclosure, alteration, or destruction.
Encryption technology protects all data in transit using SSL/TLS protocols. All data at rest is encrypted using AES-256 encryption algorithms. HTTPS is used exclusively on all web platforms. Daily encrypted backups protect against data loss.
Authentication mechanisms prevent unauthorized access. Strong password hashing using bcrypt protects account credentials. Two-factor authentication is available for sensitive accounts. Session timeouts occur after thirty minutes of inactivity. Biometric login options using fingerprint or face recognition are supported.
Access controls limit data exposure. Staff access is restricted to necessary information only. Role-based access control systems determine who can view what data. Multi-factor authentication is required for employee system access. All staff access is logged and monitored. Regular security audits verify access controls.
Infrastructure security protects our systems. Trevia services are hosted exclusively on Amazon Web Services (AWS) Asia Pacific (Hyderabad) Region (ap-south-2) with secure cloud infrastructure practices. DDoS protection prevents denial-of-service attacks. Firewalls restrict unauthorized network traffic. Intrusion detection systems monitor for attacks. Security patches are applied promptly. Penetration testing is conducted annually.
Monitoring and incident response procedures address security events. Security incidents are investigated within twenty-four hours. Affected users are notified within forty-eight to seventy-two hours of discovery. We provide details about the incident, steps taken to resolve it, and recommendations for user protection. Relevant authorities are notified when required by law.
You share responsibility for security of your account. Your password must be kept confidential. Do not share your account credentials with anyone. Enable two-factor authentication when available. Logout from shared or public devices. Be cautious of phishing attempts seeking your account information. Keep your application updated to the latest version. Review your account activity regularly.
Section 3.6: Data Retention Policies
Different categories of data are retained for different periods based on legal requirements and business necessity. Account information including name, email, and contact details is retained while your account is active and for ninety days after deletion to allow recovery if needed.
Booking history and session records are retained for three years to address potential disputes and provide historical reference. Payment records are retained for seven years per the Indian tax law requirements for financial reporting and audit purposes. Location data for active charging sessions is retained for ninety days for performance optimization. Historical location patterns are retained in aggregated anonymous form indefinitely.
Customer support communications and ticket histories are retained for two years to address follow-up issues and maintain service history. Marketing preferences are retained until you opt out or delete your account. Technical logs and crash reports are retained for twelve to eighteen months before deletion or anonymization.
To delete your account and associated data, use the in-app deletion feature in Account Settings or email privacy@treviaev.in. Backup copies of deleted data may exist for thirty to ninety days before complete removal.
Section 3.7: Digital Personal Data Protection Act (DPDPA) Compliance
Trevia complies with applicable Indian data protection and privacy laws including the Information Technology Act, 2000 and the Digital Personal Data Protection Act (DPDPA), 2023. Your personal data is processed in accordance with DPDPA requirements regarding consent, purpose limitation, data minimization, and user rights.
Section 3.7.1: Consent Management
Trevia collects personal data only with your explicit consent. Your consent is obtained at the time of account registration and data collection. You have the right to withdraw consent for data processing at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. You may withdraw consent by contacting privacy@treviaev.in with subject "Withdraw Consent."
Section 3.7.2: Data Processing Principles
Trevia operates as a data fiduciary under DPDPA and respects the rights of data principals. We process personal data only for specified, explicit, and legitimate purposes. We collect only the personal data necessary for stated purposes. We implement reasonable security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.
Section 3.7.3: Your Rights Under DPDPA
Under DPDPA, you have the right to access, correct, erase, and port your personal data. You have the right to obtain information about the processing of your personal data. You have the right to restrict processing in certain circumstances. You have the right to lodge a complaint with the Data Protection Board if you believe your rights have been violated.
Section 3.7.4: Grievance Redressal
A grievance officer is available to address data protection and privacy concerns under the DPDPA. Grievances should be submitted to privacy@treviaev.in with subject "Grievance - DPDPA." Your grievance will be acknowledged within 48 hours and resolved within 30 days of receipt.