Lymngo
Lymngo

Join Lymngo today. Rent cars from trusted local providers.

Log in Sign up

For Renters

Find Your Perfect Ride

Browse vehicles from trusted local providers across Trinidad & Tobago.

  • Wide selection of vehicles
  • Verified providers
  • 24/7 customer support
  • Secure booking & payments
Browse Vehicles

For Providers

Grow Your Fleet Business

Long-term rental and subscription solutions for businesses, teams, and individual fleet owners.

  • Custom vehicle plans to suit your needs
  • Fast and simple onboarding
  • Centralized booking management
  • Flexible funding options
  • Solutions for 1 vehicle to 100+ vehicles
Get Started

Contact Us

Choose how you'd like to get in touch with us.

WhatsApp

Chat with us instantly

Email

[email protected]

Support Center

Browse FAQs and submit tickets
All prices in TTD πŸ‡ΉπŸ‡Ή
← Back to Privacy Hub

Quick Links

PRIVACY POLICY

Last Updated: February 7, 2026

1. INTRODUCTION

This Privacy Policy describes how <strong>Lymngo</strong> ("we," "us," or "the Platform") collects, uses, and shares your personal information. By using our Platform, you agree to the collection and use of information in accordance with this policy. This policy adheres to the Trinidad and Tobago Data Protection Act (2011) and international best practices for data security.

2. INFORMATION WE COLLECT

To facilitate vehicle rentals and ensure trust between users, we collect the following categories of data:

A. Identity Verification Data (The "KYC" Check)

  • Government ID: A digital scan or photo of your Driver's License and/or National ID/Passport.
  • Selfie: A live photo to match against your ID.
  • Purpose: To verify you are a real person, hold a valid license, and meet the age requirements (21+).

B. Vehicle Data (For Owners)

  • Vehicle Registration Certificate (Certified Copy).
  • Insurance Certificate.
  • Photos of the vehicle (Interior/Exterior).

C. Payment Information

  • We do not store full credit card numbers on our servers. All transactions are processed by a third-party payment processor (e.g., WiPay, PayPal) which is PCI-DSS compliant. We only retain the last 4 digits for transaction history.

D. Usage & Location Data

  • IP Address, device type, and login timestamps (used for fraud detection).
  • Note: If a vehicle is equipped with a GPS tracker, the Vehicle Owner may have access to location data. The Platform does not actively monitor vehicle location unless a theft or safety incident is reported.

3. HOW WE USE YOUR DATA

We use your data strictly to operate the marketplace:

  1. Facilitating Bookings: Sharing your Name and Driver's License status (but not the full ID image) with the Vehicle Owner upon booking confirmation.
  2. Safety & Verification: To screen for suspended licenses, previous fraudulent activity, or "PH" (illegal taxi) usage history.
  3. Legal Compliance: To comply with requests from the Trinidad and Tobago Police Service (TTPS) or insurance adjusters in the event of an accident or crime.

4. INTERNATIONAL DATA TRANSFER (The "US Server" Clause)

⚠️ IMPORTANT: YOUR DATA MAY BE STORED OUTSIDE TRINIDAD AND TOBAGO

  • Storage Location: You acknowledge that our servers and database providers (e.g., Amazon Web Services, Cloudflare) are located in the United States and other jurisdictions.
  • Consent: By using the Platform, you explicitly consent to the transfer of your personal data outside of Trinidad and Tobago.
  • Safeguards: We rely on your consent and standard contractual clauses to ensure your data is treated with the same level of security required by Trinidad and Tobago law.

5. SHARING YOUR INFORMATION

We do not sell your personal data. We only share it in these specific scenarios:

  • With the Vehicle Owner: Once a booking is confirmed, the Owner receives your Full Name, Phone Number, and Driver Verification Status.
  • With Authorities: We will disclose your personal information to the TTPS or Licensing Authority if we are presented with a valid warrant or if we reasonably believe the vehicle is being used for illegal activities (e.g., drug trafficking, robbery).
  • With Insurance Providers: In the event of a claim, relevant rental logs and identity data will be shared with the insurance company to facilitate coverage.

6. DATA SECURITY

We use industry-standard AES-256 Encryption to protect your sensitive documents (like Driver's Licenses) both in transit and at rest. Access to these documents is restricted to authorized personnel only for verification purposes.

7. DATA RETENTION & DELETION

  • Retention: We retain transaction and identity records for seven (7) years as required by Trinidad and Tobago tax and anti-money laundering laws.
  • Deletion Request: You may request the deletion of your account by contacting support. However, if you have rented a vehicle, we must retain the core transaction record for legal liability reasons.

8. YOUR RIGHTS

Under the Data Protection Act, you have the right to:

  • Request access to the personal data we hold about you.
  • Request correction of any inaccurate data.
  • Withdraw your consent for marketing communications.

8.5 RIGHT TO ERASURE & ACCOUNT DELETION

While you may request account deletion and the removal of your personal data, we must retain certain information for legal and operational reasons:

  • Retained Records: Transaction records, booking history, and identity verification records are retained for seven (7) years per Trinidad and Tobago tax and anti-money laundering legal requirements.
  • Insurance Claims: If a vehicle rental resulted in damage claims or disputes, we retain the relevant data until the claim is resolved.
  • Non-Core Data: Account preferences, communication history, and non-essential data will be deleted within 30 days of your deletion request, unless legal holds or ongoing disputes apply.
  • Deletion Process: To request erasure, contact our Data Protection Officer with your account details. We will confirm deletion of non-core data within 30 days.

9. BIOMETRIC DATA HANDLING

Special Protections for Identity Verification Data

Your selfie and government ID documents are classified as biometric personal data and receive heightened protection under Trinidad and Tobago privacy law:

  • Purpose Limitation: Selfies and ID images are used exclusively for automated identity verification to confirm you are a real person and hold a valid driver's license.
  • Processing Method: Your biometric data is matched against your submitted documents using automated facial recognition technology.
  • Access Restrictions: Only authorized verification personnel and system administrators can access biometric data for investigation purposes (e.g., fraud detection). This access is logged and audited.
  • Storage Separation: Biometric data is stored separately from your other personal information with enhanced encryption and access controls.
  • Biometric Data Deletion: Once identity verification is complete and no account disputes exist, biometric data (selfies and ID images) is permanently deleted within 14 days. However, transaction records confirming verification occurred are retained per legal requirements.
  • Requesting Biometric Deletion: You may request immediate deletion of biometric data by contacting our Data Protection Officer at any time, even if your account is active.

10. COOKIES AND TRACKING TECHNOLOGIES

Our platform uses cookies and similar tracking technologies to enhance your experience and protect your account:

  • Session Cookies: Required for login functionality and maintaining your booking progress. These cookies expire when you close your browser or log out.
  • Security Cookies: Used for CSRF (Cross-Site Request Forgery) protection and fraud detection. These are essential for platform security.
  • Analytics: We use Google Analytics (with IP anonymization enabled) to understand platform usage patterns and improve our service. No personally identifiable information is sent to Google.
  • Browser Controls: You can disable cookies through your browser settings; however, this may limit functionality (e.g., you may not be able to complete bookings).

11. AUTOMATED DECISION-MAKING AND PROFILING

We use automated systems and algorithms to make decisions that significantly affect your use of the platform:

  • Booking Eligibility: Automated systems evaluate driver license status, age verification, and fraud risk indicators to approve or deny booking requests.
  • Fraud Detection: IP address flags, device fingerprinting, and behavioral analysis may trigger booking holds or account suspensions.
  • Your Rights: If an automated decision negatively affects you (e.g., booking rejection), you have the right to:
    • Request an explanation of the decision
    • Ask for human review of the decision
    • Challenge the decision if you believe it is inaccurate
  • Requesting Review: Contact our support team with your booking ID or account details to request human review of an automated decision.

12. DATA BREACH NOTIFICATION

We take data security seriously. In the event of a confirmed security breach that compromises your personal information, we will:

  • Notify You: We will contact you via email and/or SMS within 72 hours of confirming a breach.
  • Breach Details: Our notification will include:
    • What data was affected (e.g., email, phone, booking history)
    • Biometric data or government IDs (if compromised)
    • Date range of the breach
    • Steps we are taking to remediate
    • Steps you should take to protect yourself
  • Regulatory Notification: We will notify the Trinidad and Tobago Police Service (TTPS) and relevant authorities within 72 hours if the breach involves criminal activity or national security concerns.
  • Credit Monitoring: If payment card data was exposed, we will offer complimentary credit monitoring services for affected users.
  • Breach Log: We maintain a confidential log of all data breaches and responses for compliance audits.

13. CHILDREN'S PRIVACY PROTECTION

Our platform is intended for persons 21 years of age or older. We do not knowingly collect personal data from minors.

  • Age Verification: During registration, you confirm that you are at least 21 years old. This is verified through government-issued ID.
  • Accidental Collection: If we discover that we have collected personal information from a person under 21 years of age, we will:
    • Immediately cease processing their data
    • Delete all personal information within 30 days
    • Terminate the minor's account
    • Notify the account holder's registered guardian if contact information is available
  • Reporting Minors: If you believe a minor is using our platform, please report this to our support team immediately.

14. POLICE AND LEGAL AUTHORITY DISCLOSURE

We may disclose your personal information to law enforcement and government authorities under specific circumstances:

  • Legal Requirements: We will disclose your information upon presentation of:
    • A valid court order or warrant from the Trinidad and Tobago judiciary
    • A lawful subpoena from the TTPS or other authorized authority
    • A formal request from the Information Commissioner of Trinidad and Tobago
  • Emergency Disclosures: Without prior notice, we may disclose information if we have reasonable grounds to believe that:
    • A vehicle is being used for criminal activity (drug trafficking, robbery, human trafficking)
    • Imminent harm to persons is occurring (kidnapping, assault)
    • The vehicle is stolen or being used in a hit-and-run
  • Disclosure Log: We maintain a confidential log of all law enforcement requests and disclosures, which is reviewed quarterly for compliance.
  • Notification: Unless a court order prohibits notification, we will inform you that your information has been disclosed to authorities within 30 days of disclosure.
  • Transparency Report: We publish a transparency report annually (available upon request) detailing the number and type of government information requests received.

15. DATA PROTECTION OFFICER & COMPLAINTS

For all privacy-related inquiries, complaints, and data access requests:

  • Email: [email protected]
  • Address: Port of Spain, Trinidad and Tobago
  • Response Time: We will respond to all data subject access requests within 30 days.

If you are not satisfied with our response:

  • Office of the Information Commissioner of Trinidad and Tobago
  • Email: [email protected]
  • Telephone: (868) 622-3684
  • Address: Level 3, Riverside Plaza, Besson Street, Saint Clair, Port of Spain, Trinidad and Tobago
  • You have the right to file a complaint with the Information Commissioner if you believe your data rights have been violated and we have not adequately resolved your concern.

16. DATA PROTECTION IMPACT ASSESSMENT (DPIA)

Due to the high-risk nature of processing biometric data (selfies and government IDs), we have completed a Data Protection Impact Assessment in accordance with Trinidad and Tobago privacy regulations. This assessment:

  • Evaluates the necessity and proportionality of collecting and processing biometric data
  • Documents safeguards to minimize privacy risks
  • Identifies data subject rights and mitigation controls
  • Reviews third-party processor security practices

A copy of our DPIA is available upon request for review by authorized personnel and regulators.

17. THIRD-PARTY DATA PROCESSORS

We engage third-party service providers to operate our platform. These processors handle your data on our behalf under strict Data Processing Agreements (DPAs):

  • Cloud Infrastructure: Amazon Web Services (AWS) - servers, database, backups
  • Content Delivery & Security: Cloudflare - DDoS protection, CDN, DNS
  • Payment Processing: WiPay (TTD) and PayPal (USD) - PCI-DSS compliant payment gateways
  • Analytics: Google Analytics - anonymized usage metrics

Data Processing Agreements: Each processor has signed a Data Processing Agreement obligating them to:

  • Process data only on our instruction
  • Maintain appropriate security measures
  • Restrict subprocessing without our approval
  • Facilitate data subject rights (access, deletion, etc.)
  • Delete or return data upon contract termination

For details on processor security practices: Contact our Data Protection Officer.

18. POLICY UPDATES AND CHANGES

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • Notification: We will notify you via email of significant changes at least 30 days before they take effect.
  • Your Consent: Continued use of the platform after the effective date constitutes your acceptance of the updated policy.
  • Version Control: We display the "Last Updated" date at the top of this policy. Check back regularly for updates.

19. CONTACT US

If you have questions about this Privacy Policy, please contact our Data Protection Officer at: