Rider Agreement Privacy Refund Service Grievance Home

Privacy Policy

Adris Electric Pvt Ltd ("One Mobility") · Last updated: 16 June 2026

We operate the One Mobility rider application and related services. We are the Data Fiduciary and you are the Data Principal under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules, 2025. This notice is provided in clear and plain language and explains what personal data we process, why, and your rights. We process your data based on your consent for the itemised purposes below, and you may withdraw consent at any time — withdrawal is as easy as giving it.

1. Data we collect and the specific purpose

Name, phone, email, address, date of birth — Account creation, communication, eligibility.
Driving licence; KYC identifiers (via Parivahan / Aadhaar offline verification) — To verify your identity and legal eligibility to rent.
PAN (where required) — Tax/financial compliance and high-value verification.
Selfie / liveness — To confirm the document belongs to you.
Emergency contact ("Bloodline") — Safety/SOS contact in an incident.
GPS & vehicle telematics (during active rental) — Fleet operation, safety, theft prevention, billing, range/efficiency analytics.
Payment data (via Razorpay) — To process rent, deposit and charges. We do not store full card/bank details.
Ride history, app interactions, device info — To provide, secure and improve the Services.

Aadhaar minimisation: We verify identity via Aadhaar offline XML / Parivahan and do not store your full Aadhaar number; we retain only a masked reference and a verification token.

2. Legal basis

We process data based on your consent and, where applicable, for legitimate uses permitted under the DPDP Act and to comply with legal obligations (e.g., Motor Vehicles Act, tax, KYC laws).

3. How we use your data

To verify KYC; assign and manage vehicle rentals; process rent, deposits and charges; provide safety/SOS and anti-theft features; recover dues, fines and e-challans; comply with legal and tax obligations; and improve the Services.

4. Sharing

We share data only with: payment processors (Razorpay), KYC/verification providers, our fleet operators and outlet partners, insurers, and law-enforcement/transport authorities where legally required (including to transfer e-challan liability to you as the actual rider). We do not sell your personal data.

5. Your rights (DPDP Act)

You may: access a summary of your data and how it is processed; correct or update it; request erasure; withdraw consent; nominate a representative; and complain to the Data Protection Board of India. Use the in-app "Manage Privacy / Withdraw Consent" control or contact our Data Protection / Grievance Officer. We will respond within 30 days.

6. Withdrawal of consent

You may withdraw consent at any time via the in-app control. Note that withdrawing consent needed to provide the Services (e.g., KYC, telematics during a rental) may mean we can no longer provide those Services.

7. Data retention & erasure

We retain personal data only as long as needed for the stated purposes and to meet legal/tax obligations, after which it is deleted or anonymised. On withdrawal or fulfilment of purpose, we will erase your data after giving you 48 hours' prior notice, except data we are required to retain under the Motor Vehicles Act, tax, KYC/PMLA, or to establish, exercise or defend legal claims (e.g., pending fines, disputes, fraud records).

8. Personal data breach

In the event of a personal data breach, we will notify the Data Protection Board of India and affected users without delay and within 72 hours, with a plain-language description of the breach, the data involved, and the steps you can take to protect yourself.

9. Security

We implement reasonable security safeguards, including access controls and encryption in transit. However, no method of transmission or storage is fully secure, and we cannot guarantee absolute security.

10. Cross-border transfer

Where any processor stores or processes data outside India, such transfers are made in accordance with the conditions permitted under the DPDP framework.

11. Marketing communications

We send transactional messages via DLT-registered headers. Promotional communications are sent only with your separate, optional consent, which you may withdraw at any time.

12. Children

The Services are not available to anyone under 18. We do not knowingly process children's data; verifiable parental consent provisions of the DPDP Rules apply if this ever changes.

13. Third-party contacts

By providing emergency-contact ("Bloodline") details, you confirm you are authorised to share that person's information with us for safety purposes.

14. Changes

We may update this Policy; material changes will be notified in-app. Continued use after notice constitutes acceptance.

15. Contact

Data Protection / Grievance Officer: Pankaj Chauhan — office@oneelectric.in. See the Contact & Grievance Redressal page.