Get TransitFare

You are in:  

Privacy Policy

Updated: February 8, 2026

TransitFare & Systems Ltd. (“TransitFare,” “we,” “us,” or “our”) provides this Privacy Policy to describe how we collect, use, and disclose Personal Information through our website (www.transitfare.com), mobile applications (including “UseTransit”), messaging services (email and SMS), and related products (collectively, the “Services”).

Scope and Accountability

Controller Role: TransitFare acts as a Data Controller for the Personal Information collected directly from users of our public-facing Services.

Processor Role: When we process data solely on behalf of a municipal transit agency (“Transit Agency”) via our TF Cloud infrastructure, we act as a Data Processor. In such cases, the Transit Agency is the Controller, and their privacy policy governs your data.

Note to Commercial Customers: If you are a Transit Agency or other entity with a separate Master Services Agreement (“MSA”) with TransitFare, the data privacy and ownership terms in that MSA shall prevail over this policy.

 

Information We Collect

We collect and process the following categories of information:

  • Identifiers: Name, email, phone number, IP address, and account credentials.
  • Commercial Information: Fare products purchased, transaction history, and payment tokenization data.
  • Geolocation Data (Sensitive): Precise GPS location (latitude/longitude), trip origin/destination, and saved locations (e.g., “Home” or “Work”) if you choose to provide them.
  • Internet Activity: Browsing history, app interaction, crash logs, and device OS version.
  • User Preferences: Favorite routes, stops, and travel times.
  • Eligibility Attributes: Status classifications (e.g., “Student,” “Senior”) used for fare calculation. Note: These are strictly based on information you provide or rules configured by your Transit Agency; we do not infer these attributes based on your behavior.

Aggregated and De-Identified Data (Our Data Asset)

We may process your Personal Information to create Aggregated and De-Identified Data. This data is processed in a manner intended to prevent it from reasonably identifying any individual and is treated as non-personal information under applicable privacy laws.

Commitment: We maintain technical and organizational measures designed to prevent re-identification of such data.

Use: We may use, disclose, and retain this de-identified data for any lawful business purpose, including analyzing transit trends and improving our Services.

How We Use Your Information

We use Personal Information only when it is necessary to provide the Services you request, required by law, or when you have given us your consent.

Essential Processing: We process data to process your trip requests, manage your account, process payments, prevent fraud, debug errors, and apply Transit Agency fare rules.

Sensitive Personal Information: We use Sensitive Personal Information (such as Geolocation) solely to provide the services you request (e.g., trip planning). We do not use it to infer characteristics about you or for any other purpose.

Optional Processing (Analytics & Marketing): Optional analytics and marketing technologies are disabled by default and are enabled only after you provide consent. You may withdraw consent or opt out at any time.

Communications (Non-Optional): We may send you administrative messages necessary to operate the Services, such as payment receipts, security notices, updates to our Terms, and critical account alerts. You cannot opt-out of these communications while your account is active.

Communications (Optional): You may choose to receive operational alerts from your Transit Agency (e.g., route delays, arrival times, or service disruptions). These are optional, and you can configure which routes or alerts you wish to receive (or disable them entirely) via your account settings.

“Sale” and “Sharing” of Data

Operational Disclosures Excluded: For clarity, our disclosure of Personal Information to your Transit Agency is not a “Sale” or “Sharing” under applicable privacy laws. This disclosure is strictly necessary to provide the Services you request (such as fare validation and revenue auditing) and occurs in the context of the Transit Agency acting as an independent data controller.

We do not sell Personal Information for money. However, we use third-party analytics providers (e.g., Google Analytics) to improve our Services. Under certain state laws (like California’s CPRA), the disclosure of identifiers (IP address, Cookie ID) to these providers may be considered “Sharing” or “Selling.”

Your Right to Opt-Out: You may opt-out of these analytics disclosures at any time via the “Your Privacy Choices” menu in the app settings. When you enable the Global Privacy Control (GPC) signal on your browser, we automatically treat this as a request to opt-out of “Sale/Sharing.”

How We Disclose Information

We disclose Personal Information to:

  • Transit Agencies: We share Ticket IDs and Ride History with your Transit Agency for revenue audit and regulatory purposes. Once shared, the Agency maintains its own independent record.
  • Service Providers: We share data with trusted vendors (hosting, payment processors, SMS gateways) strictly to provide the Services. They are contractually prohibited from using data for any other purpose.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data (including Aggregated Data) may be transferred to the acquiring entity.
  • Legal & Safety: We may disclose data if required by law or to protect safety.

Automated Decision-Making

We may use automated systems to process your personal information for specific purposes, including:

  • Fraud Detection: Automatically detecting and preventing fraudulent transactions or account activity (which may result in temporary account suspension). If your account is flagged, it may be suspended. This processing is strictly necessary for security. 
  • Fare Calculation: Automatically calculating fare capping or transfer discounts based on your transaction history.
  • Trip Recommendations: Personalizing route suggestions based on your location and preferences.
 

If an automated decision significantly affects you (for example, if your account is blocked due to suspected fraud), you have the right to request a human review of that decision. You may contact us at info@transitfare.com to submit a request for review.

Data Residency & Cross-Border Transfers

We store and process Personal Information in secure facilities located in Canada and the United States.

  • US Agencies: Data associated with a US Transit Agency is hosted in the United States.
  • Canadian & International Agencies: Data associated with a Transit Agency in Canada or other international locations is hosted in Canada.

However, we use third-party service providers for specific functions—such as payment processing, messaging (SMS/Email), analytics, and customer support—who may process Personal Information in other jurisdictions. As a result, some Personal Information may be transferred to or accessible from locations outside your country of residence (including the United States).

We use reasonable contractual, technical, and organizational safeguards to protect Personal Information when it is processed by these service providers, in accordance with applicable law.

Security & Retention

We use reasonable physical, technical, and administrative safeguards (including encryption and access controls) to protect your data. If a breach occurs, we will notify you as required by law.

We retain Personal Information only as long as necessary:

  • Account Profile: Retained while your account is active. We delete this data within 30 days of your deletion request.
  • Financial & Transaction Data: Retained for 7 years from the date of transaction (strictly for tax, audit, and compliance purposes).
  • Location Data: Retained for 90 days, then aggregated or deleted.

Your Privacy Rights

Regardless of where you live, you have the following rights:

  • Access & Portability: Request a copy of your data.
  • Correction & Deletion: Request to fix or delete your data (subject to legal retention requirements).
  • Opt-Out: Opt-out of optional analytics, “Sale/Sharing,” Targeted Advertising, and non-essential profiling.
  • Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights. We will not deny services, charge different prices, or provide a different level of quality solely because you exercised your privacy rights.
  • Withdraw Consent: Revoke consent for secondary uses at any time.
  • Authorized Agents: You may designate an authorized agent to submit a request on your behalf.
 

To Exercise Rights:

Opt-Outs (Sale/Sharing/Targeting): Use the “Your Privacy Choices” menu in the app settings (or enable Global Privacy Control).

Requests (Access/Delete/Correct):

  • Email: info@transitfare.com
  • Phone: 1-888-477-1103
  • In-App: Use the “Your Privacy Choices” form. 

Verification: To protect your privacy, we will verify your identity using reasonable methods (e.g., matching your email or requiring a login) before fulfilling your request. We will respond to verified requests within 45 days. If we deny your request, you have the right to appeal by contacting us.

Children’s Privacy

Our Services are not directed to children under 13. Accounts for minors must be managed by a parent or legal guardian. We treat data from these accounts as the data of the adult holder and we do not use data from known child-directed accounts for behavioral advertising.

Changes to this Policy

We may update this Policy periodically. Material changes will be notified via the Products or our website. Your continued use of the Products constitutes acceptance of the changes.

Contact Us & Privacy Officer

If you have questions, comments, or complaints about this Policy, please contact our Privacy Officer:

TransitFare Privacy Officer
760 Birchmount Road, Unit 42
Toronto, ON M1K 5H8
Email: info@transitfare.com
Phone: 1-888-477-1103