Privacy Policy
Last updated: May 29, 2026
This Privacy Policy explains how MAYA GROUPE SARL ("MAYA", "we", "us", or "our") collects, uses, shares, stores, and protects personal data when people use MAYA products and services, including Wigo, our car-sharing and mobility product.
This policy applies to MAYA websites, APIs, mobile applications, customer support, administrative tools, and any other product or service that links to this policy. Wigo is currently the product covered by this policy. If MAYA launches additional products, this policy will apply to those products unless a product-specific notice says otherwise.
MAYA GROUPE SARL is the data controller for the processing described in this policy. To exercise privacy rights or ask privacy questions, contact MAYA through the support or contact channel made available in the relevant product or website. MAYA should keep its registered office address, company registration details, and any dedicated privacy contact email up to date in this section.
1. Personal data we collect
We collect personal data that users provide directly, data generated when users use our services, and data received from service providers that help us operate the services.
Account and profile data
We may collect name, username, email address, phone number, profile photo, account credentials, authentication tokens, account status, tester status, and account creation or update dates.
Identity, eligibility, and driving data
For Wigo bookings, driver verification, safety, fraud prevention, or legal compliance, we may collect driver first name and last name, birth date, phone number, driver's license number, issuing country, issue date, expiration date, and driver's license photo. Where required by law, we collect this data with consent or another valid legal basis.
Address and location data
We may collect addresses, city, state or region, postal code, country, latitude, longitude, pickup and drop-off locations, car listing locations, and location search data used to help users find covered service areas or cars.
Car, listing, and host data
For Wigo hosts and cars, we may collect host contact phone number, car make, model, year, VIN, license plate, address, photos, status, visibility, daily price, currency, features, and listing metadata.
Trip and marketplace data
We may collect booking dates and times, trip status, car selected, renter and host relationships, pickup and drop-off addresses, driver details, trip payments, host refund records, reviews, ratings, review details, and communications or support records related to a trip.
Payment and transaction data
Payments are processed through Stripe. MAYA may store Stripe customer identifiers, payment intent identifiers, payment amounts, currency, payment event records, and payment metadata needed to reconcile bookings, refunds, disputes, accounting, and fraud prevention. MAYA does not intentionally store full card numbers or full payment card credentials on its own servers.
Device, notification, and technical data
We may collect mobile push notification tokens, device platform, IP address, request metadata, security logs, error logs, browser or app metadata, and other technical data needed to secure and operate the services. Wigo may use Firebase Cloud Messaging or similar providers to send transactional push notifications, such as booking updates.
Support and communications data
If a user contacts us, we may collect the content of the request, contact details, attachments, and related records needed to respond and maintain service quality.
2. How we use personal data
We use personal data to:
- create, authenticate, maintain, and secure accounts;
- operate Wigo and other MAYA products;
- create and manage car listings, hosts, renters, trips, bookings, reviews, prices, and refunds;
- verify identity, driving eligibility, car information, and transaction integrity;
- process payments, reconcile transactions, manage refunds, and respond to chargebacks or disputes;
- send service messages, transactional emails, push notifications, and support responses;
- detect, prevent, and investigate fraud, abuse, security incidents, policy violations, and unlawful activity;
- improve reliability, debugging, safety, user experience, and operational performance;
- comply with legal, regulatory, accounting, tax, insurance, and law-enforcement obligations;
- enforce our terms, protect our rights, and protect the safety and rights of users, hosts, drivers, MAYA, and the public.
We do not sell personal data.
3. Legal bases for processing
Depending on the applicable law and the context, MAYA processes personal data on one or more of the following legal bases:
- performance of a contract or steps requested before entering into a contract, such as creating an account, booking a car, hosting a car, or processing a trip;
- consent, such as for optional profile photos, certain identity or driving verification data, push notifications, cookies or tracking that require consent, or marketing messages where applicable;
- compliance with legal obligations, including tax, accounting, regulatory, court, law-enforcement, insurance, and safety obligations;
- protection of rights, security, and safety, including fraud prevention, platform integrity, dispute management, and incident response;
- legitimate interests where recognized by applicable law, provided those interests are not overridden by a user's rights and freedoms.
Users may withdraw consent at any time where processing is based on consent. Withdrawal does not affect processing that took place before withdrawal or processing that continues under another valid legal basis.
4. How we share personal data
We share personal data only as needed to operate, secure, and improve the services, or where required by law.
Other Wigo users
For Wigo trips, MAYA may share limited personal data between renters, drivers, hosts, and host assistants when needed to complete a booking, coordinate pickup or drop-off, verify a trip, handle safety issues, resolve a dispute, or comply with platform rules.
Service providers
We may share personal data with vendors and processors that provide hosting, storage, payment processing, location search, push notifications, email, analytics, customer support, security, monitoring, and operational tools. Current service categories include Stripe for payments, Google services for location search and push notifications, and infrastructure providers used to host the MAYA backend and media files.
Authorities, safety, and legal recipients
We may disclose personal data to courts, regulators, law-enforcement authorities, public agencies, insurers, professional advisers, or counterparties where we believe disclosure is required or appropriate to comply with law, protect rights and safety, prevent fraud or abuse, respond to lawful requests, or enforce agreements.
Business transfers
If MAYA is involved in a merger, acquisition, financing, reorganization, asset sale, or similar transaction, personal data may be disclosed or transferred as part of that transaction, subject to appropriate safeguards.
5. International transfers
MAYA may process and store personal data in countries other than the country where a user is located. Service providers may also process data internationally. When personal data is transferred internationally, MAYA uses appropriate safeguards required by applicable law, such as contractual protections, security controls, and transfer mechanisms recognized by relevant regulators.
6. Data retention
We keep personal data only for as long as needed for the purposes described in this policy, unless a longer retention period is required or permitted by law. Retention periods depend on the type of data, the product used, account status, legal requirements, dispute risk, safety needs, and whether the data is needed for accounting, tax, insurance, regulatory, or security purposes.
In general:
- account and profile data is kept while the account remains active and for a reasonable period afterward where needed for legal, security, or operational reasons;
- trip, payment, refund, review, and host records are kept as needed for service history, accounting, tax, insurance, dispute, fraud-prevention, and legal purposes;
- identity, driver's license, car, and listing records are kept as needed to verify eligibility, satisfy safety requirements, resolve disputes, and comply with legal or insurance obligations;
- photos and media are kept while needed for the relevant account, listing, verification, trip, or support purpose;
- technical logs are kept for security, debugging, and operational purposes, then deleted or anonymized unless needed for an investigation, legal claim, or compliance obligation.
When personal data is no longer needed, MAYA deletes it, anonymizes it, or securely archives it according to applicable requirements.
7. Security
MAYA uses technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, authentication, secure transport, logging, monitoring, vendor controls, and operational security practices. No system can be guaranteed to be completely secure, but we work to keep protections appropriate to the nature and risk of the data we process.
8. User choices and privacy rights
Depending on applicable law, users may have rights to:
- access personal data held about them;
- correct inaccurate or incomplete personal data;
- delete personal data;
- restrict or object to certain processing;
- receive a portable copy of certain personal data;
- withdraw consent where processing is based on consent;
- object to direct marketing;
- lodge a complaint with a competent data protection authority.
Some rights may be limited where MAYA must retain or process data to complete transactions, protect safety, prevent fraud, comply with law, establish or defend legal claims, or protect the rights of other users.
To make a request, contact MAYA through the support or contact channel made available in the relevant product or website. We may need to verify the requester's identity before responding.
9. Cookies and similar technologies
MAYA websites and services may use cookies, local storage, mobile identifiers, or similar technologies for authentication, security, preferences, fraud prevention, service operation, analytics, or legally permitted product improvement. Where required by law, MAYA will request consent before using non-essential cookies or similar technologies.
10. Children's privacy
MAYA products, including Wigo, are not intended for children. Users must meet the minimum age and driving eligibility requirements that apply to the product and country where they use the service. MAYA does not knowingly collect personal data from children without appropriate authorization. If you believe a child has provided personal data to MAYA, contact us so we can review and take appropriate action.
11. Product-specific note for Wigo
Wigo is a car-sharing and mobility service. To operate Wigo, MAYA must process information about renters, drivers, hosts, cars, car locations, bookings, payments, reviews, and safety events. Certain data, such as driver's license details, car VIN, license plate, trip status, and payment data, is necessary to provide the service and may be required for safety, legal, insurance, accounting, or dispute-resolution reasons.
Wigo may show car listing information, car photos, approximate or specific pickup locations, host-related details, trip details, and review information to other users where needed to enable the marketplace. Wigo may also send transactional notifications about bookings, payments, and trip activity.
12. Changes to this policy
MAYA may update this Privacy Policy from time to time to reflect changes in products, laws, vendors, or data practices. When we make material changes, we will take reasonable steps to notify users, such as updating the date above, publishing the updated policy, or sending an in-product notice where appropriate.