English

This is a translation provided for convenience; the Macedonian version is the authoritative, legally binding text.

Privacy Policy

Last updated: 9 June 2026

Version: 2.0

This Privacy Policy explains how iSplit collects, processes, stores and protects your personal data when you use the iSplit app and website to book and share taxi rides. The Policy has been drawn up in accordance with the Personal Data Protection Act of the Republic of North Macedonia and the EU General Data Protection Regulation (GDPR), where applicable.

1. Personal data controller

The controller of your personal data is the legal entity that operates the iSplit service:

  • Company name: Isplit
  • Address: Zborsko 2b
  • Unique registration number (EMBS): xxxxxx
  • Contact for privacy enquiries: info@isplit.mk

2. Data protection officer

For all questions related to the processing of your personal data or to exercise your rights, you can contact our Data Protection Officer: info@isplit.mk

3. What data we collect

  • Phone number — collected at registration via Firebase Phone Authentication to verify your identity and create an account.
  • Location data — collected in real time while you use the app, to connect passengers with nearby drivers, calculate routes and enable navigation.
  • Device tokens (FCM) — Firebase Cloud Messaging tokens are stored so we can send you ride status notifications.
  • Ride history — pickup and drop-off locations, timestamps, fare amounts and ride status, to provide you with a record of your trips.
  • Role and profile — whether you are a passenger or a driver, and related profile data, such as vehicle details for drivers.
  • Support communication — messages, requests and correspondence you send us through the support channels.
  • Technical data — IP address, device type and error logs, which are processed for security and diagnostics.

4. Purposes and legal bases for processing

Each processing activity has a precisely defined legal basis:

  • Account creation and management (phone number, role, profile) — performance of a contract.
  • Connecting passengers and drivers and navigation (real-time location) — performance of a contract and your consent to access the device's location.
  • Sending ride notifications (FCM tokens) — performance of a contract; marketing notifications only with your consent.
  • Ride history and dispute resolution — performance of a contract and legitimate interest in keeping records.
  • Security, fraud prevention and diagnostics (technical data) — legitimate interest in protecting the service and its users.
  • Fulfilment of legal obligations — compliance with tax, accounting and other regulations.

5. Retention periods

We keep your personal data only for as long as is necessary for the purposes for which it was collected:

  • Account data — for the duration of the active account, plus a reasonable period after its deletion due to legal obligations.
  • Ride history — kept for the period prescribed by tax and accounting regulations, after which it is deleted or anonymised.
  • Real-time location data — kept only for the duration of the ride and a short period afterwards for support and disputes.
  • FCM tokens — deleted when notifications are revoked or the account becomes inactive.
  • Support communication — kept for as long as is necessary to resolve the request and any subsequent queries.

6. Third parties — processors

We share certain data with carefully selected processors who act on our instructions and under a processing agreement:

  • Firebase (Google) — for phone authentication and push notifications. See the Firebase Privacy Policy.
  • OSRM / OpenStreetMap — for route calculation and map display. No data that directly identifies you is sent to them.
  • Sentry — for error tracking and app stability; configured to strip personal data from the logs.
  • Hosting provider — the server infrastructure on which the service's data is stored and processed.

7. Transfer of data outside the country

Some of our processors (for example Firebase/Google) process data on servers outside North Macedonia and the European Economic Area. When such a transfer takes place, we ensure appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions, in accordance with the applicable regulations.

8. Your rights and how to exercise them

As a data subject, you have the right to:

  • Access the personal data we hold about you.
  • Correction of inaccurate or incomplete data.
  • Erasure of your account and related personal data (the "right to be forgotten").
  • Restriction of processing in certain cases.
  • Portability of your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdrawing consent at any time, without affecting the lawfulness of prior processing.

To exercise any right, contact us at the privacy contact provided. We will respond to your request within 30 days at the latest. You can also withdraw consent for location tracking by disabling location permissions on your device (this will limit the app's functionality).

9. Children

iSplit is not intended for persons under 16 years of age. We do not knowingly collect personal data from children below this age. If we learn that we have collected a child's data, it will be deleted without delay.

10. Cookies

We use cookies and similar technologies to operate the service, remember your preferences and measure usage. A more detailed explanation is available in our Cookie Policy.

11. Automated decision-making

The system for matching passengers with drivers and for calculating prices uses automated processing to suggest nearby vehicles and display the relevant fares. This processing does not produce legal effects that significantly affect you in the sense of profiling. If you believe the result is incorrect, you can request a human review through our support contact.

12. Data security

We apply technical and organizational measures to protect your data, including HTTPS encryption in transit, access control and restricting access to authorized personnel only.

13. Security breach notification

In the event of a personal data security breach that poses a risk to your rights and freedoms, we will notify the competent Personal Data Protection Agency within 72 hours of detection, and you directly where required by law.

14. Right to complaint

If you believe your rights have been violated, you have the right to lodge a complaint with the Personal Data Protection Agency of the Republic of North Macedonia, regardless of your right to contact us directly.

15. Changes to this policy

We may update this Privacy Policy from time to time. Changes are published on this page with an updated date and version number. Significant changes will be highlighted in a visible place within the app.

16. Governing version

The Macedonian version of this Privacy Policy is official and legally binding. Translations into other languages are provided for convenience only.


← Back to home

An update is available

A new version of the app is ready. Update to get the latest improvements.