Privacy Policy
Last updated: 9th May 2026
1. Introduction
BlueRide ("BlueRide," "we," "us," or "our") provides a school operations platform (the "Service") that supports schools, parents, and guardians with features including dismissal management, attendance tracking, school bus tracking, cashless canteen purchases, appointment management, and in-app messaging.
This Privacy Policy explains what personal data we collect through the Service, how we use it, the legal grounds on which we rely, with whom we share it, how long we keep it, how we protect it, and the rights you have over it. It applies to our website, our mobile applications, and any related services we offer (collectively, the "Service"). Capitalized terms not defined in this Policy have the meanings given in our Terms of Service.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, please do not use the Service.
2. Our Role and the School’s Role
For most personal data processed through the Service, the School is the data controller and determines what personal data is collected and how it is used. BlueRide acts as a data processor on the School’s behalf.
For a limited set of processing activities — including account security, fraud prevention, service analytics, infrastructure operations, payment-related record-keeping, and legal compliance — BlueRide acts as an independent controller. Where we act as a controller, this Policy describes our practices directly. Where we act as a processor, parents and guardians should also consult the School’s own privacy notice.
3. Who This Policy Is About
The Service involves personal data relating to:
• Students such as name, student ID, photograph, class and section, attendance status, dismissal status, location while travelling on a school bus, NFC wristband or QR code identifier, canteen purchase history, and dietary or allergy information provided by the School or a Parent.
• Parents and guardians such as name, relationship to the student, contact details (email, mobile number), national ID where required by the School, payment-related identifiers (held by our payment processor), records of canteen purchases made for or on behalf of their children, appointment details, and messages exchanged through the Service.
• School staff including administrators, teachers, drivers, assistants, security personnel, and canteen staff. Data may include name, role, contact details, employee ID, and activity within the Service (including canteen transactions processed by canteen staff).
4. Information We Collect
4.1 Information Provided by Schools
Schools upload or synchronize information including student rosters, parent and guardian contact details, staff details, class assignments, bus routes and stops, dismissal arrangements, attendance records, canteen menus and price lists, appointment schedules, and any dietary or medical notes the School chooses to record about a student.
4.2 Information Provided by Parents and Staff
Account credentials, profile information, photographs used for identification at dismissal or pickup, messages, appointment requests, canteen purchases made for or on behalf of children, refund or cancellation requests, and any information submitted through customer support channels.
4.3 Feature-Specific Data
• Dismissal: pickup confirmations, time of pickup, identity of the person collecting the student, and (where the School enables it) photographs uploaded to verify authorized pickup persons.
• Attendance: check-in and check-out times, absence reasons, and tardiness records.
• Bus tracking: real-time GPS location of school vehicles during operating hours, route progress, estimated arrival times, and boarding and alighting events for students assigned to a route.
• Cashless canteen: parent payments to fund canteen purchases for their children, the canteen and items or categories selected, transaction records when items are collected at the canteen by the student (including the student identifier, the canteen identifier, the cashier identifier, the amount, the time, and where applicable item-level information), NFC wristband and QR code identifiers issued to students, and settlement records reflecting amounts paid out to each canteen.
• Appointments: requested times, participants (e.g., teacher, parent, administrator), subject of the appointment, and any notes added by participants.
• Messaging: message content, sender and recipient identifiers, timestamps, read receipts, and attachments. Messages are stored on our servers to enable delivery and conversation history. Messages are not end-to-end encrypted, and Schools may have access to messages exchanged on the platform in line with their internal policies and applicable law.
4.4 Cashless Canteen — Data Flow and Payment Information
The cashless canteen feature involves several distinct data flows. We describe them here so you understand what is collected at each step and who handles it:
• Parent payment. When a Parent pays for canteen purchases for their child through the BlueRide app using a debit card, credit card, or Apple Pay, the card transaction is processed by our third-party payment processor (Paymob in Egypt or HyperPay in the Kingdom of Saudi Arabia, depending on the location of the School). The payment processor collects and handles the full card or payment credential and acts as an independent controller for that data. BlueRide receives only limited transaction metadata necessary to confirm and reconcile the payment, such as a transaction reference, amount, currency, status, payment method type, and a tokenized identifier. BlueRide does not collect, process, or store full payment card numbers, CVV codes, or bank account credentials.
• Purchase record. Following a successful payment, BlueRide records the parent’s purchase, including the canteen, the items or categories purchased, the amounts, and any associated dates or redemption parameters defined at the time of purchase. The Parent and the canteen each receive a record of the purchase.
• Canteen redemption. At the school canteen, the cashier uses the BlueRide canteen app and scans the Student’s NFC wristband or QR code to identify the items the student is collecting. BlueRide records a transaction comprising the Student identifier, the canteen identifier, the cashier identifier, the amount, the time, and (where the canteen captures it) item-level information.
• Refunds, Cancellations and Settlements. Where a purchase is cancelled, undelivered, or otherwise eligible for a refund under the Refund Policy and/or Terms of Service, BlueRide processes the refund through the original payment method and retains a record of the request, the decision, and any related communications. Refund requests submitted by Parents (for example, by email with justification) are processed manually and are similarly recorded. Settlement records (including bank account details of the canteen, transfer references, and amounts) are retained for accounting, audit, and legal compliance purposes.
Because canteen purchase, transaction, and settlement records may be subject to tax, accounting, anti-money-laundering, consumer-protection, and (where applicable) financial-services laws, we are required to retain certain records for periods that may exceed the retention applied to other data in the Service. See Section 8.
4.5 Device and Usage Data
When you use the Service, we automatically collect technical information including device type and model, mobile operating system and version, app version, unique device identifiers, IP address, language, time zone, crash logs, and interaction events (such as feature usage and screen views). We use this information to operate, secure, troubleshoot, and improve the Service.
4.6 Location Data
With your permission, the app may access device location to support bus tracking, dismissal proximity alerts, and similar features. Location is collected only while the relevant feature is in use, in accordance with your device permissions. You can disable location access at any time through your device settings; certain features will not function without it.
4.7 Cookies and Similar Technologies
Our website and app use cookies and similar technologies, including:
• Session cookies to operate the Service and keep you signed in.
• Preference cookies to remember your settings and choices.
• Security cookies to detect and prevent fraudulent activity and protect your account.
You can configure your browser to refuse cookies or to indicate when a cookie is being set, but parts of the Service may not function correctly if cookies are disabled.
5. How We Use Personal Data and the Grounds We Rely On
We use personal data for the following purposes:
• Providing and operating the Service, including all features described above.
• Authenticating users and protecting accounts and the Service.
• Operating the cashless canteen feature, including processing parent payments via our payment processor, recording canteen purchases and redemptions, settling amounts to canteens, and handling refund and cancellation requests.
• Sending operational notifications, including attendance alerts, bus arrival updates, dismissal confirmations, appointment reminders, and canteen transaction confirmations.
• Providing customer care and support.
• Detecting, preventing, and investigating fraud, abuse, and security incidents, including transaction monitoring on the canteen feature.
• Conducting analyses, and producing aggregated or anonymized statistics to improve the Service.
• Complying with legal obligations and responding to lawful requests from regulators, courts, or law enforcement.
• Sending optional satisfaction surveys, product updates, or promotional communications, where you have opted in or where local law permits. You may opt out at any time by following the unsubscribe instructions in the relevant message or contacting us.
We do not sell personal data. We do not use student personal data for advertising, profiling, or to build advertising audiences.
6. How We Share Personal Data
We share personal data only as needed to provide the Service or to comply with our legal obligations, and only with the following categories of recipients:
• The School which receives data about its students, parents, and staff as part of the Service. Information provided by Parents may be shared with the School, and information provided by the School may be shared with Parents to the extent authorized by the School. Canteen operators (whether the School itself or a third-party canteen contracted by the School) receive transaction information necessary to operate the canteen and to receive settlements.
• Parents and guardians who receive data about their own children to the extent authorized by the School.
• Service providers (sub-processors) acting on our behalf under contract, including cloud hosting and storage, push notification delivery, mapping and geolocation, payment processing (Paymob and HyperPay), banking partners for settlement, SMS and email delivery, customer support tooling, and analytics. Sub-processors are bound by contractual obligations to handle personal data only on our instructions and to maintain appropriate security measures. A current list of sub-processor categories is available on request.
• Authorities where disclosure is required by law, court order, regulatory request, or to protect the rights, property, or safety of users, the public, or BlueRide. This includes disclosures required under tax, anti-money-laundering, consumer-protection, and (where applicable) financial-services laws applicable to the canteen feature.
• Successors in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business or assets, subject to equivalent privacy commitments by the successor entity.
7. International Data Transfers
BlueRide may process data in the Kingdom of Saudi Arabia, the Arab Republic of Egypt or outside of these jurisdictions. Some of our service providers may process personal data in other countries. Where personal data is transferred across borders, we take steps to ensure an adequate level of protection, which may include relying on the service providers international or local standards for data protection and privacy as well as the recipient country’s adequacy status.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes set out in this Policy or as required by applicable law and the School’s instructions. Indicative retention periods are:
• Account data: for as long as the account is active, then up to 72 months after closure for legal and audit purposes.
• Attendance, dismissal, and bus tracking records: for the academic year plus six additional years, or as required by the School or applicable education or transport regulations.
• Real-time bus location data: retained in detailed form for 500 days, after which it is aggregated or deleted.
• Canteen purchase, transaction, refund, and settlement records: retained for at least 7 years to comply with tax, accounting, anti-money-laundering, consumer-protection, and (where applicable) financial-services obligations applicable in the relevant jurisdiction.
• Refund requests and related correspondence: retained for 7 years.
• Messages and appointments: for 72 months.
• Support communications: for 72 months after resolution of the request.
• Backup copies: retained for up to 60 days after deletion from primary systems.
When the applicable retention period ends, we securely delete or anonymize the personal data so that it can no longer be associated with an identifiable individual.
9. Security of Data
The security of personal data is important to us. We maintain administrative, technical, and physical safeguards designed to protect personal data, including:
• Encryption of personal data in transit using industry-standard protocols (TLS).
• Encryption at rest of databases and backups.
• Role-based access controls and the principle of least privilege.
• Logging, monitoring, and alerting for suspicious activity, including transaction monitoring.
• Vendor due diligence and contractual security commitments from sub-processors.
• Periodic security assessments and staff training on data protection.
No system can be guaranteed to be perfectly secure. In the event of a personal data breach that is likely to result in a risk to the rights of affected individuals, we will notify the relevant Schools and, where required by law, the competent authority and the affected individuals within the timeframes mandated by applicable law.
10. Your Rights
Subject to applicable law, you have the right to:
• Request the correction of inaccurate or incomplete data.
• Request the deletion of your personal data, subject to legal retention obligations (including those described in Section 8 in respect of canteen records).
• Withdraw consent at any time, where processing is based on consent (without affecting the lawfulness of processing carried out before withdrawal).
Because the School is the controller of most data in the Service, requests relating to student or School-managed data should be addressed to the School in the first instance. You may also contact us at info@blueride.co and we will assist you or route your request to the appropriate School. We may need to verify your identity before responding to a request and will respond within reasonable timeframes or those set by applicable law.
11. Children’s Privacy
The Service is designed to be used by Schools and by Parents or guardians on behalf of their children. We do not knowingly create direct, independent accounts for children. We rely on the School to obtain any consent required from parents or guardians for the processing of children’s personal data through the Service, in accordance with applicable law. Parents and guardians may, at any time:
• Request access to or correction of their child’s personal data.
• Request that further collection or use of their child’s personal data cease.
• Request deletion of their child’s personal data, subject to the School’s legal and regulatory obligations and the retention requirements described in Section 8.
Such requests should be directed to the School in the first instance, or to BlueRide at info@blueride.co. We will not use student personal data for marketing or advertising purposes.
12. Links to Other Sites
The Service may contain links to websites or services that are not operated by BlueRide. If you click on a third-party link, you will be directed to that third party’s site or service. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you through the BlueRide website, or Service or by email when such changes take effect. The "Last updated" date at the top of this Policy indicates when it was most recently revised. Your continued use of the Service after the effective date of an updated Policy constitutes your acknowledgement of the updated terms.
14. How to Contact Us
If you have questions, requests, or complaints regarding this Privacy Policy or our handling of your personal data, please contact us via email at info@blueride.co
Links to Third Party Sites or Apps
The Site may contain links to websites & apps operated and maintained by third parties, over which we have no control. Privacy policies on linked sites may be different from our Privacy Policy. You access such linked sites at your own risk. You should always read the privacy policy of a linked site before disclosing any information to such site