Skip to main content

Mostar Privacy Policy:

Privacy Policy for Mostar

Effective Date: December 20, 2025 

Last Updated: December 20, 2025

1. Introduction

Welcome to Mostar (“we,” “our,” or “us”). Mostar is a multi-role transportation and logistics platform that connects Drivers, Customers, and Dispatch personnel to coordinate medical and specialized transportation services. We are committed to protecting your privacy and handling your personal information with care and transparency.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, whether through our mobile application, web portal, or dispatch dashboard (collectively, the “Services”).

By accessing or using Mostar, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

For All Users:

- Account registration information (name, email address, phone number, password)

- Profile information (profile picture, user preferences)

- Communication content (messages sent through our in-app chat system)

- Feedback, ratings, and reviews

For Drivers:

- Driver’s license information and verification documents

- Vehicle selection and fleet assignment

- Performance metrics (trips completed, earnings, on-time rates, miles driven)

- Leaderboard participation and gamification data

- Tag-team assignments and preferences

For Customers:

- Trip creation details (pickup and drop-off locations, contact information)

- Trip number for tracking purposes

- Medical transport details including:

  - Type of trip (wheelchair, stretcher, one-way, round-trip)

  - Patient weight (maximum 250 lbs/113 kg)

  - Isolation status and reasons

  - Stair access information

  - Oxygen requirements (up to 4 liters NLC)

  - Surgery scheduling information

  - Clinical concerns

  - Hospice status

  - Patient unit/room number

  - Requestor information

- Special requests and notes

For Dispatch Personnel:

- User credentials and access permissions

- CSV file uploads and data imports

- Square API integration data

- Fleet management actions

2.2 Information Collected Automatically

Location Data:

- Real-time GPS location of drivers during active trips

- Route tracking and breadcrumb trails

- Geofencing data for pickup and drop-off locations

- Distance calculations between facilities

Device Information:

- Device type, operating system, and version

- Unique device identifiers

- Mobile network information

- IP address

Usage Information:

- Trip statuses and progression

- In-app navigation and feature usage

- Time spent on various screens

- Drag-and-drop assignments and interactions

- Performance analytics and leaderboard rankings

Trip Telemetry:

- Trip start, progress, and completion timestamps

- Driver speed and route adherence

- Safety metrics (hard braking, acceleration patterns)

- Vehicle diagnostics (if integrated with telematics)

2.3 Information from Third Parties

- Payment processing information from Square API

- CSV data imports from external booking systems

- Map and navigation data from Google Maps API or Mapbox

- Communication data from Twilio (SMS fallbacks)

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

- Facilitate trip assignments and routing

- Provide real-time tracking for customers

- Enable communication between drivers, customers, and dispatch

- Process trip-related payments and earnings distribution

- Manage fleet operations and vehicle assignments

- Calculate distance, steps, and route optimization

3.2 Safety and Security

- Verify driver credentials and eligibility

- Monitor trip safety through telemetry data

- Respond to emergency situations and panic button alerts

- Maintain audit logs for medical transport compliance (MEDSTAR trips)

- Detect and prevent fraudulent activities

3.3 Performance and Gamification

- Calculate driver performance metrics and leaderboard rankings

- Award XP, coins, badges, and achievements

- Facilitate tag-team trip assignments and earnings splits

- Generate daily, weekly, and monthly performance recaps

3.4 Communication

- Send trip notifications and status updates

- Enable in-app messaging between users

- Broadcast dispatch alerts to active driver groups

- Send unresponsive driver escalations

- Provide trip receipts and invoices

3.5 Analytics and Improvement

- Analyze usage patterns to improve our Services

- Conduct A/B testing for feature optimization

- Monitor system performance and reliability

- Generate client-specific daily recaps and reporting

- Track fleet health and operational metrics

3.6 Compliance and Legal

- Maintain records for medical transport regulations

- Respond to legal requests and prevent harm

- Enforce our Terms of Service

- Conduct audits and dispute resolution

4. How We Share Your Information

4.1 Within the Mostar Platform

With Drivers:

- Customer names, pickup/drop-off locations, and contact information for assigned trips

- Special medical requirements and trip details

- Trip numbers and status updates

With Customers:

- Driver name, photo, vehicle information, and license plate

- Real-time location during active trips

- Driver ratings and performance badges

With Dispatch:

- Comprehensive trip details, driver locations, and customer information

- Performance metrics for fleet management

- Communication logs and audit trails

4.2 With Third-Party Service Providers

We share information with trusted service providers who assist us in operating our platform:

- Cloud hosting providers (Firebase/Google Cloud)

- Payment processors (Square, Stripe Connect)

- Mapping services (Google Maps, Mapbox)

- Communication services (Twilio for SMS, voice calls)

- Analytics platforms for usage monitoring

- Telematics providers (if integrated) for vehicle data

These providers are contractually obligated to protect your information and use it only for specified purposes.

4.3 For Legal and Safety Reasons

We may disclose information when required by law or when we believe disclosure is necessary to:

- Comply with legal obligations, court orders, or government requests

- Enforce our Terms of Service and other agreements

- Protect the safety, rights, or property of Mostar, our users, or the public

- Investigate fraud, security issues, or technical problems

4.4 Business Transfers

If Mostar is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share information for purposes not described in this policy with your explicit consent.

5. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy:

- Active accounts: Data retained while your account is active

- Trip data: Retained for 90 days in active storage, then archived to cold storage for compliance purposes (trip number and ratings kept longer)

- Communication logs: Chat history deleted 24 hours after trip completion; audit logs retained for 7 years for medical transport compliance

- Performance metrics: Retained for the duration of gamification seasons and leaderboard cycles

- Payment records: Retained per financial regulations (typically 7 years)

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 Access and Portability

- Request a copy of the personal information we hold about you

- Receive your data in a structured, commonly used format

6.2 Correction

- Request correction of inaccurate or incomplete information

- Update your profile information directly in the app

6.3 Deletion

- Request deletion of your personal information (“Right to be Forgotten”)

- Use our one-click “Forget Me” feature (PII deleted; anonymized events preserved)

6.4 Restriction and Objection

- Request restriction of processing in certain circumstances

- Object to processing based on legitimate interests

6.5 Opt-Out

- Disable location tracking when not actively using the Services (drivers must enable for trips)

- Opt out of non-essential communications

- Disable gamification features (leaderboard visibility)

6.6 Data Portability

- Request transfer of your data to another service


To exercise these rights, contact us at  privacy@mostarapp.adars.net or use the in-app settings.


7. Security Measures

We implement industry-standard security measures to protect your information:

- Encryption: Data encrypted in transit (TLS/SSL) and at rest

- Access controls: Role-based access control (RBAC) with field-level security

- Authentication: Secure password requirements and session management

- Monitoring: Real-time security monitoring and incident response

- Audit trails: Comprehensive logging for sensitive operations

- Rate limiting: Protection against abuse and data scraping

- Data minimization: Collection limited to necessary information

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continually work to protect your information.

8. Medical Information and HIPAA Compliance

For medical transport services (MEDSTAR trips), we handle sensitive health information with additional protections:

- Limited access: Only authorized personnel can view medical trip details

- Audit logging: Every view and modification is logged

- Data masking: Phone numbers and PII masked after trip completion

- Secure transmission: End-to-end encryption for medical transport data

- Compliance: We work with covered entities to ensure HIPAA Business Associate Agreement (BAA) compliance where applicable

Note: While we implement HIPAA-aligned practices, users should consult with their healthcare compliance officers to ensure proper handling of Protected Health Information (PHI).

9. Children’s Privacy

Mostar is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will delete it promptly. If you believe we have collected information from a child, please contact us at privacy@mostarapp.adars.net.

10. International Data Transfers

Mostar operates globally, and your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. When we transfer information internationally, we implement appropriate safeguards such as:

- Standard contractual clauses approved by relevant authorities

- Adequacy decisions by regulatory bodies

- Your explicit consent

11. Cookies & Tracking Technologies

We use cookies and similar technologies to:

- Maintain your session and preferences

- Analyze usage patterns and performance

- Provide personalized features (leaderboard, achievements)

- Ensure security and prevent fraud

You can control cookies through your browser settings, but some features may not function properly if disabled.

12. Third-Party Links

Our Services may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

- Posting a notice in the app or on our website

- Sending an email to registered users

- Updating the “Last Updated” date at the top of this policy

Continued use of our Services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mostar Privacy Team

Email:  privacy@mostarapp.adars.net

Support Portal: mostarapp.com/support

Mailing Address: [Your Business Address]

For data protection inquiries in the EU/UK, contact our Data Protection Officer at dpo@mostar.adars.net.

15. Regional-Specific Rights

15.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

- Right to Know: Categories and specific pieces of information collected

- Right to Delete: Request deletion of personal information

- Right to Opt-Out: Opt-out of sale/sharing of personal information

- Right to Non-Discrimination: Equal service regardless of privacy choices

- Right to Correct: Correct inaccurate information

- Right to Limit: Limit use of sensitive personal information

We do not sell your personal information.

To exercise California rights, email privacy@mostarapp.adars.net or call our toll-free number.

15.2 European Residents (GDPR)

 

EU/UK residents have rights under the General Data Protection Regulation:

- Legal basis for processing: Consent, contract performance, legitimate interests, legal obligation

- Data Protection Officer contact: dpo@mostarapp.adars.net

- Right to lodge complaints with supervisory authorities

- Automated decision-making: We use automated systems for trip assignments and driver suggestions; you may request human review

15.3 Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate. Contact us for region-specific information.

Your privacy matters to us. Thank you for trusting Mostar with your information.