Rovora
IntegrationsPricingFAQBlog
Sign inStart free trial
Legal · Privacy

Privacy Policy

Rovora is fleet-management software for taxi and cab operators. This policy explains what personal data we handle, why, how long we keep it, and the rights you have over it.

Last updated 11 June 2026EU-hosted · GDPR-alignedQuestions? privacy@rovora.eu

On this page

Who we areController vs. processor — who is responsibleWhat data we collectLocation data and the driver appWhy we use it, and our legal basisWho we share it withInternational transfersHow long we keep itYour rightsCookiesChildrenChanges to this policy

Who we are

“Rovora”, “we”, “us” means the operator of the Rovora platform at rovora.eu. Rovora provides a dashboard and driver app that taxi and cab fleets use to manage drivers, vehicles, shifts, rosters and weekly settlements.

We are based in the European Union and our service is hosted in the EU. For any privacy matter you can reach our team at privacy@rovora.eu, or by post at [registered business address — to be filled in].

Controller vs. processor — who is responsible

Rovora is used in two distinct ways, and the law treats them differently:

  • Data about a fleet’s drivers, vehicles and operations. When a fleet operator (our customer) adds their drivers, uploads documents, records shifts or runs settlements, the fleet operator is the data controller and Rovora acts as a data processor — we process that data only on the operator’s instructions, to provide the service.
  • Account holders and website visitors. For the personal data of the people who sign up for and administer a Rovora account, and for visitors to our marketing site, Rovora is the data controller.

If you are a driver and want to know how your data is used, your employer or fleet operator is the first point of contact, as they decide what is collected and why.

What data we collect

We only collect data needed to run a fleet. Depending on how Rovora is used, this can include:

CategoryExamplesWhy we hold it
Account & identityName, email address, password (stored only as a salted hash), role and fleet membershipTo create accounts, authenticate users and control access
Driver recordsFull name, phone number, email, employment type, vehicle assignmentsSo operators can manage and contact their drivers
Driver documentsDriving licence, ID card, insurance, logbook and roadworthiness/NCT documents (including front/back images and the identifiers shown on them)To track validity and expiry of legally-required documents
Vehicle dataRegistration, make/model, odometer/mileage readings, service and maintenance history, damage records and diagramsTo schedule servicing and keep a per-vehicle history
Location dataGPS position (latitude/longitude), speed, heading, accuracy and timestamps, collected while a driver has location sharing switched onSo the fleet operator can see live driver positions and shift routes (see Location data)
Operational & financialShifts, rosters, check-in mileage, earnings, settlements (fares, tips, campaigns, fees and tax deductions such as FSS), adjustments and weekly bookkeepingTo run rosters and reconcile each driver’s weekly pay
BillingSubscription plan, billing status and a Stripe customer reference. Card details are entered directly with Stripe — Rovora never sees or stores card numbers.To manage subscriptions and process payments
CommunicationsNotification preferences and the in-app, push and email alerts we send youTo deliver document-expiry, shift and platform notices
Technical & securitySession cookies, audit-log entries, IP address and device/browser information, error diagnostics, and password-reset rate-limit recordsTo keep accounts secure, prevent abuse and diagnose faults

Some driver documents may reveal information that the GDPR treats as sensitive (for example, a date of birth or a photograph on an ID). We only hold these because they are necessary to comply with transport-licensing and employment obligations, and we restrict access to them tightly (see Security).

Location data and the driver app

The Rovora driver app (and the “Share Location” feature of the driver web portal) can collect a driver’s device location — GPS position, speed, heading and accuracy — and share it with their fleet operator. This is how it works:

  • Sharing is always started by the driver. Nothing is collected until the driver taps “Start sharing”, and the driver can stop at any time. The app shows a clear disclosure before the first use and a visible indicator (including a persistent notification on Android) while sharing is active.
  • Background collection. When the driver grants background location permission, the app continues to collect location while it is closed or the screen is off, so the fleet can see the driver’s position throughout the shift. Sharing ends when the driver taps “Stop sharing”.
  • Who can see it. Live positions and route history are visible only to the authorised staff of the driver’s own fleet, inside that fleet’s dashboard. Location data is never sold, never used for advertising, and never shared with other fleets or third parties.
  • Controller and purpose. The fleet operator decides whether and why to use location sharing (typically live operations and duty-of-care during shifts) and is the data controller for it; Rovora processes the data on the operator’s behalf.
  • Retention. The latest position is overwritten continuously; route history is retained as operational data under the fleet’s account (see How long we keep it) and is deleted with it.

Why we use it, and our legal basis

Under the GDPR we rely on the following legal bases:

  • Performance of a contract — to provide the platform to the fleet that has subscribed, and to give drivers and staff their accounts.
  • Legitimate interests — to secure the service, prevent fraud and abuse, diagnose errors, and improve the product. We balance these against your rights.
  • Legal obligation — to retain tax, payroll and licensing records where the law requires it, and to respond to lawful requests.
  • Consent — for optional marketing emails, which you can withdraw at any time. Withdrawing consent does not affect the lawfulness of earlier processing.

We do not sell personal data, and we do not use it for advertising or automated decision-making that produces legal effects.

Who we share it with

We share data only with the service providers (sub-processors) that help us run Rovora. Each is bound by a data-processing agreement and may only use the data to provide their service to us:

  • Supabase — our database, authentication and document storage, hosted in the EU.
  • Stripe — subscription billing and card payment processing.
  • Resend — delivery of transactional and notification emails.
  • Sentry — error and performance monitoring so we can find and fix faults.

We may also disclose data where we are legally required to (for example, to a court or regulator), or to a successor entity in the event of a merger or acquisition, in which case we will notify affected customers.

International transfers

Rovora and its primary database are hosted in the European Union. Where a sub-processor processes data outside the EU/EEA, that transfer is protected by an adequacy decision or by the European Commission’s Standard Contractual Clauses, together with additional safeguards where appropriate.

How long we keep it

We keep personal data only for as long as it is needed for the purpose it was collected:

  • While your fleet’s account is active — operational data is retained so the fleet can run day to day.
  • Financial and tax records — retained for the period required by applicable tax and accounting law, even after a driver leaves or an account closes.
  • After account closure — we delete or anonymise personal data within a reasonable period once it is no longer needed, unless the law requires us to keep it longer.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased, where there is no overriding legal reason to keep it;
  • restrict or object to certain processing;
  • receive your data in a portable, machine-readable format; and
  • withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email privacy@rovora.eu. If you are a driver, note that much of your data is controlled by your fleet operator — we will help route your request to them where needed. We respond within one month.

You also have the right to lodge a complaint with your data-protection authority. In Malta this is the Information and Data Protection Commissioner (IDPC) — idpc.org.mt.

Cookies

We use a small number of strictly-necessary cookies to keep you signed in and to keep the service secure. These are essential to the platform and cannot be turned off without breaking sign-in. We do not use advertising or third-party tracking cookies.

Children

Rovora is a business tool intended for licensed drivers and fleet staff. It is not directed at children and we do not knowingly collect data from anyone under 16.

Changes to this policy

We may update this policy as the product and the law evolve. We will revise the “last updated” date above and, for material changes, notify account administrators by email or in-app.

Rovora

Fleet management for small taxi & cab operators. Drivers, vehicles, shifts and settlements — in one clean dashboard.

Built for taxi & cab fleets of 5–50 vehicles
EU-hosted · data encrypted
Product
FeaturesIntegrationsPricingFAQStart free trialSign in
Features
Vehicle managementMaintenance & servicesDamage & repairsLive driver trackingRosters & shifts
Money & admin
Weekly settlementsFlexible payAdjustmentsFinancials & bookkeepingPlans & billing
Integrations
UberBoltFreeNowStripeRequest an integration
Company
AboutBlogContact usCareersHelp & supportBook a demo

Get fleet tips in your inbox

The occasional product update and operator playbook — no spam.

Subscribe
Free driver appiOS & Android · coming soon
© 2026 Rovora Fleet. All rights reserved.PrivacyTermsSecurityMade for fleets that move.