AdOnAuto — Unstoppable Branding

Legal

Privacy Policy

This Privacy Policy explains how AdOnAuto collects, uses, discloses, and safeguards your information when you use our mobile application and website at adonauto.com.

Last updated: May 30, 2026

AdOnAuto is a transit-advertising service operated by BCreations (“BCreations”, “we”, “our”, or “us”), a company incorporated in India with its registered office at 13-15-1/1, Dibbalapalem, Maharanipeta, Visakhapatnam, Andhra Pradesh 530002, India. The AdOnAuto mobile application, our website at adonauto.com, and related services (together, the “Services”) connect advertisers (“Clients”) with auto-rickshaw drivers (“Promoters”) who display advertisements on their vehicles.

This Privacy Policy explains how BCreations, operating the AdOnAuto Services, collects, uses, discloses, and safeguards your information. By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Services.

1. Information We Collect

a) Information you provide

  • Account details: name, email address, phone number, and password (passwords are stored only as a secure cryptographic hash, never in plain text).
  • Role profile: for advertisers — company name, contact person, GST number, billing address and city; for drivers — full name, city, state, address, and bank account details used for payouts.
  • Verification documents (optional). You may use AdOnAuto without uploading any documents. If you choose to upload them for verification, we may collect documents such as your driving licence, vehicle registration (RC), insurance, permit, a government-issued photo ID (which may include Aadhaar — see below) and advertisement photos. Verification status may affect which campaigns you can be matched with, but uploading documents is not required to create an account or use the app.
  • Aadhaar handling. If you choose to upload your Aadhaar as a government-issued ID, we store it under the protections required by the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016: encrypted at rest, with restricted internal access, never displayed publicly, and used solely for promoter verification. You are not required to upload Aadhaar — you may use any other government-issued photo ID instead, or skip document upload entirely.

b) Information from Google Sign-In

If you choose to sign in with Google, we use Google’s OAuth 2.0 / OpenID Connect service. We request only the basic sign-in scopes (openid, email, and profile) and receive the following from your Google account:

  • your name;
  • your email address and whether it is verified by Google;
  • your profile picture URL; and
  • your Google account identifier (the “sub” claim), which we use to recognise your account on future sign-ins.

We do not request access to your Gmail, Google Drive, Google Contacts, Calendar, or any other Google service, and we do not access any restricted or sensitive Google data. We only use Google Sign-In to authenticate you and to create or link your AdOnAuto account.

c) Location data

For driver (promoter) accounts, when you take a proof-of-display photo from inside the app, we read a single GPS reading (latitude, longitude and accuracy) at the moment of capture and watermark it onto the photo. This lets advertisers verify where their campaign was displayed.

  • We do not track your location continuously, in the background, or outside the camera capture flow.
  • The GPS reading is captured only while you have the app open and have tapped the capture button.
  • You can decline or revoke the location permission in your device settings; the app will still function, but you will not be able to submit geotagged proof photos.

Advertiser accounts are not asked to share GPS location.

d) Information collected automatically

  • Device and usage data: such as device type, operating system, app version, and IP address.
  • Security logs: limited audit logs (for example sign-in events and administrative actions) used to keep accounts secure.

2. How We Use Your Information

  • To create, authenticate and manage your account, including Google Sign-In.
  • To operate the Services — matching campaigns to autos, tracking active shifts, and reporting reach.
  • To calculate driver earnings and process payouts, and to issue advertiser invoices.
  • To verify drivers, vehicles and documents to keep the network trustworthy.
  • To send service notifications about assignments, payments, documents and campaigns.
  • To protect the Services against fraud, abuse and security incidents.
  • To comply with applicable legal and tax obligations.

3. How We Share Information

We do not sell your personal information. We share information only as needed to run the Services:

  • Between advertisers and drivers: advertisers can see live and historical campaign movement (such as the location and distance of autos running their campaign), but not a driver’s bank details or identity documents.
  • Service providers acting as processors on our behalf under written confidentiality and data-protection terms, including:
    • Cloud hosting and storage: [hosting and object-storage provider — e.g., AWS Mumbai]
    • Push notifications: Google Firebase Cloud Messaging — we share your device’s push token with Google so that we can deliver in-app notifications about assignments, payouts and account events.
    • Authentication: Google LLC, for “Continue with Google” sign-in.
    • Payments and payouts: [payment / payout processor — e.g., Razorpay]
  • Legal: where required by law, regulation, or valid legal process, or to protect the rights, safety and property of users and AdOnAuto.

4. Google API Services — Limited Use

AdOnAuto’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data received from Google Sign-In is used solely to provide and improve the authentication feature described above; it is not used for advertising, not sold, and not transferred to others except as necessary to provide the Services, for security, or to comply with applicable law.

5. Data Retention

We keep your information for as long as your account is active and as needed to provide the Services and meet legal, tax and accounting obligations. Where data is no longer required, we delete or anonymise it.

CategoryRetention period
Active account profile (name, email, phone, role)While your account is active
Uploaded verification documents (DL, RC, insurance, ID)5 years after account closure, to support audits and dispute resolution
Banking and payout records, invoices8 years (Income-tax Act recordkeeping)
Proof-of-display photos with embedded GPS readingFor the duration of the campaign + 12 months, to support campaign reports and dispute resolution
Security and audit logs90 days
Crash and performance data30 days

If you delete your account, we delete or anonymise personal data within 30 days, except for records we are required to retain for the periods above. See Section 8 for the deletion process.

6. Data Security

We use reasonable technical and organisational measures to protect your data. Specific safeguards we apply include:

  • All network traffic encrypted in transit using TLS (HTTPS / WSS).
  • User passwords stored only as bcrypt hashes, never in plain text.
  • Backend access tokens are short-lived JWTs; refresh tokens rotate on use and can be revoked server-side.
  • Uploaded documents (including Aadhaar where provided) stored in encrypted object storage with private ACLs and pre-signed, time-limited access URLs.
  • Role-based access controls on the admin console; sensitive actions are recorded in an audit log.
  • Internal access to identity documents and payout data is restricted to authorised verification and finance staff under confidentiality obligations.

No method of transmission or storage is completely secure, but we work to protect your information and to respond promptly to any incident.

7. Your Rights

Depending on your location, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request deletion of your data;
  • withdraw consent (for example, by disconnecting Google Sign-In or disabling location); and
  • object to or restrict certain processing.

To exercise any of these rights, contact us at info@bcreations.in.

8. Deleting Your Account and Data

You can request deletion of your AdOnAuto account and associated personal data at any time. For full instructions, see our Account & Data Deletion page. You can also revoke AdOnAuto’s access to your Google account at any time from your Google Account permissions page.

9. Children’s Privacy

The Services are intended for users aged 18 and over and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

10. International Users

AdOnAuto operates from India and your information is processed and stored in India. By using the Services you understand that your information will be handled as described in this Policy.

11. Changes to This Policy

We may update this Policy from time to time. We will post the revised version on this page and update the “Last updated” date above. Material changes may also be notified in the app.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

  • Email: info@bcreations.in
  • Phone: +91 89776 03054 / +91 79891 54870
  • BCreations, 13-15-1/1, Dibbalapalem, Maharanipeta, Visakhapatnam, Andhra Pradesh 530002, India