BorderMatch Privacy Policy

Effective date: September 10, 2025

This Privacy Policy explains how BorderMatch ("BorderMatch", "we", "us") collects, uses, discloses, and protects your information when you use our websites and services (the "Service"). We are a match-making platform: we introduce riders and drivers for cross-border travel and charge a nominal matching fee to exchange contact details. We do not provide transportation, in-app messaging, or handle ride payments.

If you do not agree with this Policy, please do not use the Service.

1. Who we are & how to contact us

Questions about this Policy or your data rights can be sent to the email above.

2. What we collect

2.1 Information you provide

  • Account & profile: name, date of birth, gender, email, phone, role (driver/rider/both), avatar, consent to share contact details.
  • Border/risk indicators: self-attested status such as NEXUS membership, Canadian/US citizen or U.S. Green Card, visa holder; residency (e.g., Canadian PR); per-trip I-94 validity (if applicable).
  • Trip details: pickup, dropoff, time window, preferences.
  • Ratings & feedback you submit after a match.
  • Support messages and any content you send us.

2.2 Information we receive automatically

  • Usage & device data: IP address, device/browser info, pages viewed, timestamps, referral URLs, and similar event data (via PostHog analytics).
  • Security & performance: logs and telemetry via Cloudflare (e.g., threat detection, CDN/WAF).
  • Meta Pixel tracking: Facebook Meta Pixel collects usage data including page views, IP address, browser information, and user interactions to track conversions and enable advertising optimization.

2.3 Payments

  • Paddle acts as Merchant of Record. We receive payment metadata (amount, currency, status, transaction ID) but not full card details.

3. What we do not collect or host

  • No in-app messaging content. We do not provide chat; after a match, you coordinate off-platform (e.g., phone/SMS/email).
  • No driver background checks or government document verification; all status information is self-reported by members.

4. How we use your information

  • Provide and operate the Service (account creation, onboarding, matching, contact exchange).
  • Process payments for the BorderMatch matching fee (via Paddle).
  • Communicate transactional notices (e.g., match/contact emails) using Oracle email delivery.
  • Improve & secure the Service (analytics, debugging, preventing abuse, WAF/CDN with Cloudflare).
  • Comply with law and enforce our Terms of Service.

Legal bases (where applicable, e.g., GDPR): performance of contract, legitimate interests (security, product improvement), consent (where required), and legal obligations.

5. How matching & contact sharing works

When you request a ride or make an offer, you consent to share your profile details (including name, date of birth, gender, email, phone) with the matched counterparty so you can coordinate off-platform. Once contact details are released, BorderMatch is no longer involved in your communications or arrangements.

6. Cookies & analytics

We use cookies and similar technologies to run the site and understand usage:

  • Essential cookies for login, security, and core features.
  • Analytics via PostHog to measure funnels and improve UX (no cross-site advertising).
  • Meta Pixel tracking for conversion tracking and advertising optimization on Facebook and Instagram platforms.

You can control cookies in your browser. If we offer in-product privacy controls or a cookie banner, your choices there will apply.

7. Sharing your information

We do not sell personal information. We share information only with:

  • Service providers under contract and data-protection terms, including:
    • Oracle (email delivery/SMTP),
    • Cloudflare (CDN, DNS, WAF, DDoS protection),
    • Paddle (payments/Merchant of Record),
    • PostHog (product analytics),
    • Meta/Facebook (conversion tracking and advertising via Meta Pixel),
    • hosting, logging, and support tools as needed.
  • Other members you match with (contact exchange you consent to).
  • Authorities or third parties when required by law, to protect rights, safety, or enforce our Terms.

8. International transfers (including to the United States)

We send and store data in the United States, and our providers may process data in the U.S. or other countries. For residents of the EEA/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) where required. For residents of Canada, transfers to foreign service providers mean your information may be accessible to courts, law enforcement, and national authorities in those jurisdictions.

9. Data retention

We keep information only as long as necessary for the purposes above:

  • Account & profile: for the life of your account and a reasonable period after deletion (e.g., backups/defense).
  • Payment metadata: typically 7 years to meet tax/financial record obligations.
  • Audit/logs & analytics: typically 12–24 months.
  • Email tokens: typically 30–90 days.

Actual periods may vary; we delete or anonymize data when no longer needed.

10. Security

We use reasonable technical and organizational measures (TLS in transit, restricted access, logging, CDN/WAF via Cloudflare, least-privilege credentials). No system is 100% secure; please use strong passwords and do not reuse credentials.

11. Your rights

Your privacy rights depend on where you live:

  • Canada (PIPEDA/ provincial laws): access, correction, and complaint rights.
  • European Economic Area/UK (GDPR/UK GDPR): rights to access, rectification, erasure, restriction, portability, objection, and to withdraw consent (where processing is based on consent).
  • California (CCPA/CPRA): rights to know, correct, delete, and to opt-out of certain sharing/sale (we do not sell personal information).

To exercise rights, email [email protected]. We may request information to verify your identity and will respond within the time required by law.

12. Children

The Service is for adults 18+. We do not knowingly collect personal information from children. If you believe a minor has provided data, contact us to request deletion.

13. Third-party links & off-platform communications

The Service may link to third-party sites or tools (e.g., email, messaging apps). We do not control these services. After contact exchange, your communications occur off-platform and are governed by those providers' terms and privacy policies.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will post the updated Policy with a new Effective date and, where required, provide additional notice. Continued use of the Service means you accept the updated Policy.

15. How to reach us

BorderMatch Privacy
Email: [email protected]

Region-specific disclosures (summary)

  • EEA/UK: BorderMatch is the controller of your personal data. Our legal bases are listed in Section 4. You may lodge a complaint with your local supervisory authority. We use SCCs for transfers where required.
  • California: We do not sell or share personal information for cross-context behavioral advertising. We process the categories described in Sections 2 and 3 (identifiers, internet activity, profile data, geolocation by inference from trip requests, payments metadata). You may submit requests at [email protected]. Authorized agents must provide proof of authority and user verification.
  • Canada: You may request access to, or correction of, your personal information and may file a complaint with the Office of the Privacy Commissioner of Canada. We use service providers outside Canada (see Section 8).

This Privacy Policy supplements our Terms of Service and constitutes part of our agreement with you regarding the Service.