Legal

Privacy Policy

How we collect, use, store and protect the personal information of passengers, visitors and customers of Goldy Motors.

Last updated: 27 April 2026Effective: 27 April 2026
Quick summary. We collect only the information we need to confirm and operate your bus booking — your name, contact details and payment confirmation. We never sell your data. We only share it with partners who help us run the service (such as our payment gateway) and with authorities where the law requires it. You can ask us to access, correct or delete your data at any time using the contact details in section 19.

1. Introduction

This Privacy Policy ("Policy") explains how Goldy Motors (referred to as "Goldy Bus", "we", "us" or "our") collects, uses, stores, discloses and otherwise processes information that relates to identified or identifiable natural persons ("personal data" or "personal information") in connection with its bus transportation services, its website, its mobile-friendly booking platform and any related digital or offline channels (collectively, the "Services").

We are committed to handling your information lawfully, fairly and transparently. This Policy is published in compliance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the "SPDI Rules"), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and, to the extent applicable, the Digital Personal Data Protection Act, 2023 ("DPDP Act").

By accessing our website, booking a seat over the phone or in person, travelling on our buses, or otherwise providing your personal information to us, you acknowledge that you have read, understood and agree to be bound by this Policy. If you do not agree with any part of this Policy, please discontinue use of our Services.

2. Definitions

The following capitalised terms have the meanings below:

  • "Booking" means a confirmed reservation of one or more seats on a Goldy Bus departure, whether made online, by telephone, through an authorised counter or via an authorised agent.
  • "Passenger" means any natural person who travels, intends to travel or has booked travel on a Goldy Bus service.
  • "Personal Data" means any information that identifies or can reasonably be used to identify you, directly or indirectly.
  • "Sensitive Personal Data" has the meaning given to it under the SPDI Rules and includes, among other categories, financial information such as bank account or payment instrument details and any other information classified as sensitive under applicable law.
  • "Processing" means any operation performed on personal data — including collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, transmission, erasure or destruction.
  • "Platform" means our website, any mobile-optimised version of it, and any future mobile application published under the Goldy Motors brand.

3. Scope & Applicability

This Policy applies to all Personal Data we collect about you when you:

  • visit, browse or interact with our Platform on any device;
  • request a quotation, search for a route, or initiate a Booking (whether the Booking is completed or abandoned);
  • communicate with us by telephone, WhatsApp, SMS, email or in person at any of our boarding points or offices;
  • travel as a Passenger on any Goldy Bus service;
  • participate in any feedback, survey, marketing campaign or promotional offer we run; or
  • apply for a job, supplier engagement, agency arrangement or partnership with us.

This Policy does not apply to information collected by third parties whose websites, applications or services are linked to from our Platform. Their handling of your data is governed by their own privacy notices, which we encourage you to read.

4. Data We Collect

We collect only such categories of Personal Data as are reasonably necessary to operate our Services, fulfil your Booking and meet our legal obligations. Depending on how you interact with us, this may include:

4.1 Identity & Contact Information

  • full name, gender and approximate age (as relevant for seating);
  • mobile telephone number and, where provided, alternate number;
  • email address (optional, used for ticket delivery and receipts);
  • government-issued identification details (only when required for statutory checks at boarding, e.g. Aadhaar number, voter ID, driving licence or passport — recorded by reference, not photocopied or stored beyond the trip);
  • boarding and drop-off points (e.g. Powayan Indian Oil pump, Shahjahanpur Bus Stand, Anand Vihar Counter 54).

4.2 Booking & Travel Information

  • route selected (Powayan ↔ Delhi or any intermediate stop);
  • bus selected and seat or sleeper number(s);
  • date of journey, departure time and return details;
  • co-passenger names where you book on behalf of a group;
  • ticket reference number (PNR), booking history and any cancellation or modification you make.

4.3 Payment Information

  • transaction reference, amount, currency, status and timestamp returned to us by our payment gateway (currently PhonePe);
  • the name shown on the payment instrument and the last four digits of the card or UPI handle (where the gateway shares this with us).

We do not collect or store full card numbers, CVV codes, internet-banking passwords or UPI PINs.All sensitive payment credentials are entered directly on PhonePe's secure environment, which is independently certified to industry standards.

4.4 Technical & Device Information

  • IP address, approximate location derived from IP, and ISP;
  • device type, operating system, browser type and version;
  • screen size and orientation (used to deliver our mobile-optimised layout);
  • referring URL, pages visited, time spent on each page, and clicks / taps on key actions (such as "Search Buses" or "Pay").

4.5 Communications

  • content of WhatsApp, SMS, email, phone or in-person communications you initiate with us, including support requests, complaints, refund requests and feedback;
  • recordings of phone calls to our booking lines, where permitted by law and where we have informed you of the recording at the start of the call.

4.6 CCTV & On-Board Imagery

For the safety of Passengers and crew, our buses, boarding counters and parking yards may be monitored by closed-circuit television cameras ("CCTV"). Recordings are retained for a limited period (see section 11) and are used only for security, incident investigation and legal compliance.

5. How We Collect Data

We collect Personal Data through the following channels:

  • Directly from you — when you complete a Booking, provide your details over the phone, fill out a form on our website or at a counter, communicate with our staff, or board one of our buses;
  • Automatically — when you visit our Platform, through cookies, similar technologies, server logs and analytics tools (see section 10);
  • From authorised partners — including our payment gateway, ticketing aggregators, travel agents and our crew (drivers, conductors and managers);
  • From public or statutory sources — for example, where we are required by law-enforcement or regulatory authorities to verify Passenger identity or assist with an investigation.

6. Purposes of Processing

We process your Personal Data only for clearly defined purposes:

  • Service delivery: to confirm and operate your Booking, allocate seats, dispatch the bus, manage boarding, issue tickets via WhatsApp/SMS, handle on-route incidents and provide customer support;
  • Payments & invoicing: to process fares, refunds and adjustments through our payment gateway, reconcile transactions and issue receipts or invoices;
  • Safety & compliance: to verify Passenger identity where required, comply with motor-vehicle and transport regulations, respond to lawful requests from authorities, and investigate complaints, accidents or losses;
  • Service improvement: to analyse usage of our Platform, monitor on-time performance, plan stops and timings, improve the booking flow and the on-board experience;
  • Communications: to send Booking confirmations, trip reminders, schedule changes, cancellation notices and refund updates;
  • Marketing (only with consent): to send you offers, seasonal schedules or new-route announcements where you have opted in. You can opt out at any time;
  • Legal claims:to establish, exercise or defend against legal claims, and to enforce our Terms & Conditions and Refund Policy.

We rely on one or more of the following legal bases for processing your Personal Data:

  • Performance of a contract — processing necessary to fulfil your Booking, deliver the Service and respond to support requests;
  • Consent — for non-essential communications, certain cookies and analytics, and any optional disclosures you make;
  • Legitimate interests — for fraud prevention, network and information security, basic analytics, and improving our service quality, balanced against your rights and reasonable expectations;
  • Legal obligation — to comply with the Motor Vehicles Act, 1988, taxation laws, the Information Technology Act and other applicable statutes; and
  • Vital interests— to protect a Passenger's life or physical safety in an emergency.

8. Sharing & Disclosure of Personal Data

We do not sell, rent or trade your Personal Data. We share it only with the following categories of recipients, and only to the extent necessary:

  • Our authorised crew and staff — drivers, conductors, counter staff and managers operating the Powayan ↔ Delhi service — who need Passenger lists, contact details and seating to run the trip;
  • Our payment gateway, PhonePe — to authorise, process and reconcile your payments and refunds;
  • Hosting and infrastructure providers — that operate the servers on which our Platform runs;
  • Communications providers — to deliver SMS, WhatsApp messages and emails containing tickets, OTPs and trip updates;
  • Professional advisors — including auditors, lawyers and accountants, bound by professional confidentiality;
  • Government, regulatory or law-enforcement authorities — where disclosure is required by law, court order, lawful investigation, or to protect the safety of any person.

In the event of a corporate restructuring (such as a merger, sale of assets or change of control of Goldy Motors), we may transfer Personal Data to the successor entity, subject to the same protections set out in this Policy.

9. Third-Party Services We Rely On

We use a small number of carefully selected third-party services to operate our Platform and Services. These include, among others:

  • PhonePe Payment Gateway— for processing UPI, card and net-banking payments. Transactions are subject to PhonePe's own privacy policy and terms;
  • Google Maps / map embedding services — to display our boarding points and offices on the Platform;
  • WhatsApp Business / SMS gateways — to send Booking confirmations, OTPs and ticket information.

These third parties are responsible for their own processing of your data in line with the privacy notices that govern their products. We require them, where applicable, to maintain reasonable security practices consistent with the SPDI Rules.

10. Cookies & Tracking Technologies

Our Platform uses a limited set of cookies and similar technologies. Broadly, we use:

  • Strictly necessary cookies — required for the Platform to function (for example, to remember the route you searched, the bus you selected and your form inputs across the booking flow). These cannot be disabled if you wish to continue using the booking flow;
  • Performance & analytics cookies — that help us understand which pages are visited, how long users spend on the booking flow and where they drop off, so we can improve the experience. These are anonymised wherever practical;
  • Functional cookies — that remember preferences such as your last-used boarding point.

You can clear cookies or disable them through your browser settings. Disabling strictly-necessary cookies may impair core functionality of the Platform, including the ability to complete a Booking.

11. Data Retention

We retain Personal Data only for as long as is necessary for the purposes described in this Policy and in accordance with our internal retention schedule. Indicative retention periods include:

  • Booking and trip records: retained for at least three (3) years from the date of travel for tax, accounting and dispute-resolution purposes;
  • Payment transaction records: retained for the period required by applicable tax and financial regulations (typically eight (8) years);
  • Customer-support communications: retained for up to two (2) years from the date of the last communication;
  • CCTV footage at depots and counters: retained for approximately thirty (30) days unless preserved for an investigation;
  • Cookies and analytics events: retained as per the settings configured for the relevant tool, typically not exceeding twenty-six (26) months.

Once the applicable retention period expires and there is no further legal or operational basis to retain the data, we will delete or irreversibly anonymise it.

12. Data Security

We implement reasonable security practices and procedures consistent with the SPDI Rules and recognised industry standards. These include, where appropriate:

  • encrypted transmission of data over our Platform (HTTPS / TLS);
  • access controls limiting Personal Data to authorised personnel on a need-to-know basis;
  • tokenised payment processing, so that sensitive card and UPI credentials never reach our servers;
  • regular review of vendor and infrastructure security;
  • staff training on the basics of data confidentiality, ticketing integrity and complaint handling.

No system can be guaranteed to be perfectly secure. While we take all reasonable steps to protect your information, you acknowledge that transmission of data over the internet involves inherent risks. You are responsible for keeping your account credentials, OTPs and ticket references confidential and for not sharing them with third parties.

13. Your Rights

Subject to applicable law, you have the following rights with respect to your Personal Data:

  • Right to access — to obtain confirmation of whether we hold Personal Data about you and a copy of that data;
  • Right to correction — to have inaccurate or incomplete Personal Data corrected or completed;
  • Right to erasure — to request deletion of your Personal Data, subject to our legal obligation to retain certain records;
  • Right to withdraw consent — to withdraw consent at any time where we rely on consent as the legal basis;
  • Right to object — to object to processing carried out for direct marketing or based on legitimate interests;
  • Right to portability — where technically feasible, to receive a copy of certain data in a structured, commonly used format;
  • Right to grievance redressal — to file a complaint with our Grievance Officer (see section 18).

To exercise any of these rights, please contact us using the details in section 19. We may need to verify your identity before acting on your request, and we will respond within the timeframes prescribed by applicable law.

14. Children's Privacy

Our Services are intended for adults aged eighteen (18) years and above. Minors may travel only when booked by a parent, legal guardian or accompanying adult who has accepted these terms on their behalf.

We do not knowingly collect Personal Data directly from children. If you believe a child has provided us Personal Data without the consent of a parent or guardian, please contact us so we may delete the information.

15. International Transfers

Goldy Motors is based in India and primarily processes Personal Data within India. Some of our service providers (for example, cloud hosting or analytics providers) may store or process data outside India. Where such transfers occur, we take reasonable steps to ensure that the data continues to be protected at a level comparable to that required under Indian law.

Our Platform may contain links to third-party websites, applications or services (for example, map providers or payment gateways). We are not responsible for the privacy practices or the content of such third parties. Please read the privacy notices of any third-party site you visit before submitting your Personal Data.

17. Changes to This Policy

We may update this Policy from time to time to reflect changes in our Services, in our practices, or in applicable law. The "Last updated" date at the top of this page indicates when the Policy was most recently revised. Material changes will be brought to your attention by reasonable means, such as a prominent notice on our Platform or a message to your registered contact details. Your continued use of our Services after an update constitutes acceptance of the revised Policy.

18. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the contact details of our Grievance Officer are set out below. The Grievance Officer is responsible for receiving and addressing complaints concerning this Policy and our processing of your Personal Data.

Grievance Officer — Goldy Motors
Address: Tempo Stand near Durga Hotel, Shahjahanpur, Uttar Pradesh, India
Email: Goldychoudharybusservice@gmail.com
Telephone: +91 8287056421 (Manager)
Hours: 10:00 – 18:00 IST, Monday to Saturday (excluding public holidays).

We endeavour to acknowledge complaints within forty-eight (48) hours and to resolve them within fifteen (15) days of receipt, in line with the timelines under applicable law.

19. Contact Us

For any questions, requests or concerns about this Policy or your Personal Data, please contact us using one of the following channels: