Bolt offers useful transparency, consent controls for some features, manual review for biometric checks, and standard GDPR-style rights including deletion and portability. But it also collects broad categories of data, uses tracking/marketing technologies, shares rider information with multiple parties, and retains some records for long periods such as 10 years for tax data.
Bolt’s rider privacy notice is relatively detailed about what it collects, why, how long it keeps data, and what rights users have. It collects extensive location, device, trip, communication, rating, and optional biometric data, and shares some rider data with drivers, group companies, business clients, partners, and authorities. The supplied terms are driver-facing rather than rider-facing, so the legal picture for passengers is incomplete.
Points of interest
Bolt collects a broad set of data including trip history, precise location, device identifiers, messages, ratings, and information from partners or public sources. This creates a detailed profile of rider behavior and movements.
"Bolt collects account details, trip data, location, device data, messages, ratings, and some information from partners or public sources."
Identity checks may involve selfies, ID documents, facial recognition, and facial measurements, with suspension possible during verification. Even with consent and manual review, this is sensitive processing with real service consequences.
"we use facial recognition technology... This involves processing your facial measurements... service will be suspended... until the verification process is completed"
Bolt shares data with group companies, drivers, business clients, insurers, service providers, authorities, and during corporate changes. That broad sharing increases the number of entities handling rider data.
"Bolt shares data with group companies, drivers, business clients, referrers, service providers, insurers, authorities, and others during business changes or legal requests."
Users can request access, correction, deletion, restriction, portability, and objection, and can withdraw consent and complain to regulators. This gives riders meaningful control under data protection law.
"You can request access, correction, deletion, restriction, portability, or object to processing, withdraw consent, and complain to data protection authorities."
Drivers can view your name, phone number in some cases, pickup and destination, and your average rating, and some details remain visible after the ride. This is operationally useful but increases exposure of personal information to individual drivers.
"the Driver will see your name, phone number (in many countries the number is masked), pickup, destination and geolocation data"
Bolt uses cookies, SDKs, analytics tools, pixels, and advertising IDs, and may share data for personalised ads and campaign measurement. Users should expect marketing profiling unless they opt out where available.
"We collect information through the use of cookies, tracking pixels, data analytics tools, SDKs, and other third-party technologies like advertising IDs"
Some personal data may be retained for long periods, including 10 years for tax records and 3 years for support data. That limits how quickly users can expect complete erasure of their records.
"including 10 years for tax records, 3 years for support data"
Background location, calendar access, some analytics, and some marketing features require consent, and that consent can later be withdrawn. This is better than bundling all tracking into mandatory use.
"Optional features like background location, calendar access, marketing, and some analytics require consent, which you can withdraw later."
If asked to verify identity with selfie and facial recognition, users can request manual review instead. That reduces the risk of being forced into fully automated biometric verification.
"If you prefer not to use facial recognition technology, you can opt for your identity to be manually verified by a member of our team"
Bolt says it may transfer personal data outside the user’s country using adequacy decisions, standard contractual clauses, or legal exceptions, while storing service data in EEA data centers. This is common, but still relevant for users concerned about jurisdictional exposure.
"Bolt may transfer personal data outside your country using adequacy decisions, standard contractual clauses, or legal exceptions, and stores service data in EEA data centers."
Bolt gives concrete examples of retention periods, which improves predictability for users. Specific timelines are disclosed for tax, support, messages, and audio data rather than using only vague language.
"Bolt keeps data only as long as needed, including 10 years for tax records, 3 years for support data, and shorter periods for messages and audio recordings."
Other Transport services on AIgree
Compare Bolt with…
The 7 clauses that actually matter, the red flags to watch for, in 5 minutes.
Report a problem with this summary
Spot something wrong, missing, or misleading? Tell us — we review every report.
Spot something wrong, missing, or misleading? Tell us — we review every report.
Thanks — your report was submitted and will be reviewed.
Documents
Terms of Service
source ↗- •Bolt connects independent transport providers with customers; it is not a ride provider and is not party to the transport contract.
- •You must keep account, identity, license, insurance, tax, and vehicle information accurate, current, and legally compliant.
- •You may accept or refuse ride requests, but you must use the platform in good faith and not engage in prohibited manipulation or unsafe conduct.
- •If you use designated drivers, you remain fully responsible for their acts, compliance, pay, and information submitted to Bolt.
- •Bolt handles pricing, matching, invoicing, and some payment collection as your agent, and you owe Bolt a commission on amounts due, including cash rides.
- •Bolt may adjust commission rates with 15 days' notice; promotions may reduce commission but do not affect the total promotion value.
- •Payments are usually sent weekly if your balance exceeds 5 euros; negative balances must be repaid by the 15th of the next month.
- •Bolt may suspend access immediately for violations, verification, legal compliance, security risks, or serious reputation harm, and may terminate on 30 days' notice or immediately for serious breaches.
- •You are responsible for taxes, social charges, and indemnifying Bolt for losses caused by your use, while Bolt's liability is capped at 500 euros except where law forbids limits.
Privacy Policy
source ↗- •Bolt collects account details, trip data, location, device data, messages, ratings, and some information from partners or public sources.
- •Bolt uses your data to provide rides, process payments, verify identity, improve the app, offer support, and run safety and fraud checks.
- •Identity verification may use selfies, ID documents, and facial recognition; you can ask for manual review, but service may be suspended during verification.
- •Optional features like background location, calendar access, marketing, and some analytics require consent, which you can withdraw later.
- •Drivers can see your name, masked or unmasked phone number, pickup and drop-off details, and your average rating during and shortly after rides.
- •Bolt shares data with group companies, drivers, business clients, referrers, service providers, insurers, authorities, and others during business changes or legal requests.
- •Bolt may transfer personal data outside your country using adequacy decisions, standard contractual clauses, or legal exceptions, and stores service data in EEA data centers.
- •Bolt keeps data only as long as needed, including 10 years for tax records, 3 years for support data, and shorter periods for messages and audio recordings.
- •You can request access, correction, deletion, restriction, portability, or object to processing, withdraw consent, and complain to data protection authorities.
