Privacy Policy for IRAS Bus Assistant

Last Updated: January 2025

1. Introduction

Neoneon Technology ("we," "our," or "us") operates the IRAS Bus Assistant mobile application (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information Collection and Use

Types of Data Collected:

Personal Information:

Name
Email address
Phone number
User account information

Location Data:

GPS coordinates (precise location)
Location history
Movement patterns
Geographic location data

Device Information:

Device identifiers
Operating system information
App usage data
Performance data

Usage Data:

App interactions
Feature usage
Error logs
Analytics data

Purpose of Data Collection:

Location Data is collected for:

Real-time bus tracking and monitoring
Emergency alert notifications
Route optimization and analysis
Student safety monitoring
Parent communication
Compliance with school transportation regulations

Personal Information is collected for:

User account creation and management
Communication and notifications
Customer support
Service personalization

Device Information is collected for:

App functionality and performance
Troubleshooting and support
Analytics and improvement
Security monitoring

3. Data Processing Legal Basis

For Location Data:

Consent: Users explicitly consent to location tracking through prominent disclosure
Legitimate Interest: Safety and security of students and transportation services
Contract: Necessary for providing transportation services

For Personal Information:

Consent: User registration and account management
Contract: Service provision
Legitimate Interest: Customer support and communication

4. Data Sharing and Disclosure

We do NOT share personal data with third parties except:

School administration (for safety and transportation purposes)
Emergency services (in case of emergencies)
Legal requirements (when required by law)
Service providers (under strict data protection agreements)

Data Sharing Details:

Location data is shared only with authorized school staff
Emergency data may be shared with emergency services
Analytics data is anonymized before sharing
No data is sold to third parties

5. Data Security

Security Measures:

Encryption in transit (TLS/SSL)
Encryption at rest (AES-256)
Secure server infrastructure
Regular security audits
Access controls and authentication
Data backup and recovery procedures

Data Breach Response:

Immediate notification to affected users
Notification to relevant authorities within 72 hours
Investigation and remediation procedures
Regular security training for staff

6. Data Retention

Retention Periods:

Location data: 90 days (for safety and compliance)
Personal information: Until account deletion
Usage data: 12 months
Emergency data: 2 years (for legal compliance)

Data Deletion:

Automatic deletion after retention period
Manual deletion upon user request
Secure deletion procedures
Verification of deletion completion

7. User Rights

Your Rights Under GDPR/Privacy Laws:

Right to Access:

Request copies of your personal data
Information about data processing
Data portability

Right to Rectification:

Correct inaccurate data
Update personal information
Modify preferences

Right to Erasure:

Delete personal data
Withdraw consent
Request data removal

Right to Restrict Processing:

Limit data processing
Object to certain uses
Suspend data collection

Right to Data Portability:

Export your data
Transfer to another service
Machine-readable format

8. Children's Privacy (COPPA Compliance)

Special Protections for Children:

Minimal data collection for children under 13
Parental consent required
Parental access to child's data
Right to delete child's data
No behavioral advertising to children

Parental Controls:

View child's location data
Modify privacy settings
Delete child's account
Contact us for privacy concerns

9. International Data Transfers

Data Transfer Safeguards:

Adequacy decisions where applicable
Standard contractual clauses
Binding corporate rules
User consent for transfers
Data localization requirements

10. Cookies and Tracking

Types of Cookies Used:

Essential cookies (app functionality)
Analytics cookies (usage statistics)
Preference cookies (user settings)

Cookie Management:

User control over cookies
Clear cookie policies
Third-party cookie disclosure
Cookie consent mechanisms

11. Third-Party Services

Third-Party Integrations:

Google Maps (location services)
Firebase (analytics and notifications)
School management systems

Third-Party Data Sharing:

Limited to necessary service provision
Data protection agreements
User consent for sharing
Regular third-party audits

12. Changes to Privacy Policy

Policy Updates:

Notification of material changes
User consent for significant changes
Version control and history
Clear communication of updates

13. Contact Information

Privacy Inquiries:

Email: [email protected]
Phone: +971 042999003
Address: IT Plaza, Silicon Oasis, Dubai UAE
Privacy Officer: Available through main contact

Data Protection Officer:

Contact: [email protected]
Response time: Within 30 days
Free of charge for reasonable requests

14. Compliance and Certifications

Compliance Standards:

GDPR (General Data Protection Regulation)
COPPA (Children's Online Privacy Protection Act)
Local privacy laws
Industry best practices

Certifications:

ISO 27001 (Information Security Management)
SOC 2 Type II (Security and Availability)
Regular compliance audits

15. Additional Provisions

Emergency Situations:

Data sharing for safety emergencies
Law enforcement cooperation
Public safety requirements
Legal compliance obligations

Service-Specific Terms:

Background location tracking consent
Emergency alert data processing
School transportation compliance
Parent communication protocols

← Back to Home