Uber vs Bolt

Uber collects approximate location and can collect precise location during ride/order use and while the app is open on screen if permitted. For a transport app this may be expected, but it still creates a highly detailed movement history.

Uber shares user data with drivers, merchants, affiliates, service providers, advertisers, authorities, insurers, and others tied to disputes or business transfers. This broad sharing increases the number of parties that may receive your personal information.

Uber shares identifiers and related data with ad intermediaries and marketing partners for ad targeting and measurement. Even with opt-outs, this is a meaningful commercial use of personal data.

Uber says some data is kept for the life of the account, and many categories may be retained up to 7 years. Retention may also continue after deletion requests for fraud, safety, legal, or dispute reasons.

The provided terms do not require mandatory arbitration for ordinary user disputes. Consumers may use free mediation, and the terms say mediation is not a required prerequisite to going to court.

Uber says it will notify users of terms changes in advance and that changes bind you only once accepted. That is more user-protective than a pure unilateral-change clause based only on continued use.

Users can access their account data and download a copy of commonly requested information. This improves portability and makes it easier to review what Uber holds about you.

Uber provides in-app and website deletion routes and says it generally deletes data within 90 days after a deletion request. This is a fairly clear user-facing deletion process.

Uber uses automated systems for matching, pricing, and fraud detection, and may limit access or require identity verification based on suspected fraud. That can affect service access without a fully manual first review.

The terms expressly say they do not alter consumer rights, and for EU residents more favorable local consumer protections can still apply despite Dutch-law wording. That helps limit the impact of choice-of-law language.

For certain transport services booked in France through the app, Uber says it is jointly responsible for proper performance with the third-party provider. This gives riders more protection than a pure marketplace disclaimer.

Uber emphasizes that many services are provided by independent third-party providers and disputes about those services are mainly between you and the provider. Users should know Uber is often acting as an intermediary rather than the direct service operator.

Bolt collects a broad set of data including trip history, precise location, device identifiers, messages, ratings, and information from partners or public sources. This creates a detailed profile of rider behavior and movements.

Identity checks may involve selfies, ID documents, facial recognition, and facial measurements, with suspension possible during verification. Even with consent and manual review, this is sensitive processing with real service consequences.

Bolt shares data with group companies, drivers, business clients, insurers, service providers, authorities, and during corporate changes. That broad sharing increases the number of entities handling rider data.

Users can request access, correction, deletion, restriction, portability, and objection, and can withdraw consent and complain to regulators. This gives riders meaningful control under data protection law.

Drivers can view your name, phone number in some cases, pickup and destination, and your average rating, and some details remain visible after the ride. This is operationally useful but increases exposure of personal information to individual drivers.

Bolt uses cookies, SDKs, analytics tools, pixels, and advertising IDs, and may share data for personalised ads and campaign measurement. Users should expect marketing profiling unless they opt out where available.

Some personal data may be retained for long periods, including 10 years for tax records and 3 years for support data. That limits how quickly users can expect complete erasure of their records.

Background location, calendar access, some analytics, and some marketing features require consent, and that consent can later be withdrawn. This is better than bundling all tracking into mandatory use.

If asked to verify identity with selfie and facial recognition, users can request manual review instead. That reduces the risk of being forced into fully automated biometric verification.

Bolt says it may transfer personal data outside the user’s country using adequacy decisions, standard contractual clauses, or legal exceptions, while storing service data in EEA data centers. This is common, but still relevant for users concerned about jurisdictional exposure.

Bolt gives concrete examples of retention periods, which improves predictability for users. Specific timelines are disclosed for tax, support, messages, and audio data rather than using only vague language.