Terms of Service
Effective date: February 16, 2026. These terms govern access to and use of RideVoy products and services.
Acceptable use
Customers must use the platform lawfully and in accordance with healthcare and transport policy obligations.
Service scope
RideVoy provides software workflows for scheduling, dispatch, tracking, and reporting.
Account responsibilities
Customers are responsible for account administration, role governance, and operational policy compliance.
Data breach notification
RideVoy maintains administrative, technical, and physical safeguards designed to protect customer data, including protected health information (PHI), against unauthorized access, use, or disclosure. For purposes of these terms, a “data breach” means the unauthorized acquisition, access, use, or disclosure of unsecured personal or protected health information that compromises its security or privacy.
Upon discovery of a confirmed data breach affecting customer data, RideVoy will notify the affected customer without unreasonable delay and in no event later than sixty (60) calendar days after discovery, consistent with the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414), the applicable Business Associate Agreement, and other applicable data protection laws. Where RideVoy acts as a business associate, it will notify the customer (as covered entity) so the customer can meet its own obligations to notify affected individuals and regulators.
For incidents involving Iowa residents, RideVoy complies with the Iowa Personal Information Security Breach Protection Act (Iowa Code chapter 715C). Consumer notice is provided in the most expeditious manner possible and without unreasonable delay. Where a breach of personal information requires notification of more than five hundred (500) Iowa residents, RideVoy or the responsible data collector will also notify the Director of the Consumer Protection Division of the Iowa Attorney General’s Office within five (5) business days after notifying those residents, as required by Iowa Code § 715C.2. To the extent RideVoy handles protected health information as a HIPAA business associate, compliance with the HIPAA Breach Notification Rule satisfies the corresponding Iowa breach-notification obligations for that information, and the Iowa Consumer Data Protection Act (effective January 1, 2025) likewise excludes protected health information governed by HIPAA.
A breach notification will include, to the extent known at the time and updated as the investigation progresses: a description of the incident and the date of discovery; the categories of data and nature of the information involved; identification of affected individuals where reasonably ascertainable; the steps RideVoy has taken to investigate and mitigate the incident; and recommended measures the customer and affected individuals may take to protect themselves.
RideVoy will promptly investigate each incident, take reasonable steps to contain and remediate it, preserve relevant evidence, and cooperate with the customer’s reasonable requests in connection with required notifications and regulatory inquiries. Customers must promptly report any suspected breach or unauthorized account activity to privacy@getridevoy.com and maintain accurate contact information for breach notifications.
Contact
For legal questions, contact legal@getridevoy.com.