Privacy Policy
Last updated: April 28, 2026
DriveDate (“we”, “us”, or “our”) operates drivedate.com (the “Platform”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. By using the Platform you agree to the practices described here.
1. Information We Collect
Account data
When you register we collect your first name, last name, email address, role (student, instructor, or school owner), and a hashed password if you use email sign-in. Instructors and school owners also provide a business address, geographic coordinates, and Stripe Connect account information.
Booking data
When a student books a driving lesson we store the lesson date and time (UTC), duration, service type, price, and booking status. Both the student's and instructor's contact details are shared with each other after a booking is confirmed so the parties can coordinate.
Payment data
Payment card details are collected and stored exclusively by Stripe. We receive a Stripe payment intent ID, the total amount, fees, and payment status. We never store raw card numbers.
Location and search data
When you search for instructors we collect the location you enter (address or coordinates), preferred radius, date, time, and lesson duration. This data is used to return relevant search results and is not retained beyond the session unless you return to the same browser session.
Calendar data (instructors only)
If an instructor connects Google Calendar, Outlook Calendar, or Apple Calendar we access their calendar events solely to display their availability and to create, update, or delete DriveDate lesson events in a dedicated “DriveDate Schedule” calendar. See Section 4 for full details.
Waitlist data
If no instructors are available in your area and you submit a waitlist request we store your email address, location, and search radius. This information is used only to contact you when coverage expands to your area.
Usage and technical data
We may collect browser type, IP address, device identifiers, pages visited, and session duration through server logs and analytics tools. This helps us diagnose errors and improve the Platform.
2. How We Use Your Information
- Provide, operate, and improve the Platform
- Process bookings and payments
- Send transactional emails (booking confirmations, sign-in links, password resets)
- Sync driving lessons with connected calendars (instructors only)
- Display instructor locations on a map
- Respond to contact form inquiries
- Detect and prevent fraud or misuse
- Comply with legal obligations
We do not sell your personal information to any third party. We do not use your personal information for targeted advertising.
3. Legal Basis for Processing
Where applicable law requires a legal basis, we process your data because (a) it is necessary to perform a contract with you (processing bookings and payments), (b) you have given consent (connecting your calendar), or (c) we have a legitimate interest in operating a safe and functional marketplace.
4. Third-Party Services
We integrate with the following third-party services. Each has its own privacy policy. We encourage you to review those policies.
Google Calendar (Google LLC)
Who it applies to: Instructors who voluntarily connect their Google Calendar.
Purpose: Create, update, and delete driving lesson events in a dedicated “DriveDate Schedule” calendar; read the instructor's busy times to display accurate availability to students.
Data accessed: Calendar event titles, start and end times, attendee names and email addresses for DriveDate lesson events. We do not read, store, or share the content of any other calendar events.
OAuth scope: https://www.googleapis.com/auth/calendar — required to create and subscribe to push notifications on the instructor's calendar.
Data sharing: Lesson event details (instructor name, student name, lesson time) are written to the instructor's Google Calendar as events. No calendar data is shared with any other party or used for advertising.
We do not sell Google user data. We do not use Google user data for advertising purposes.
How to revoke: Disconnect Google Calendar from your DriveDate dashboard settings, or revoke access at myaccount.google.com/permissions.
Microsoft Outlook Calendar (Microsoft Corporation)
Who it applies to: Instructors who voluntarily connect their Microsoft / Outlook account.
Purpose: Create, update, and delete driving lesson events in a dedicated Outlook calendar; read the instructor's busy times.
OAuth scopes: openid profile email offline_access User.Read Calendars.ReadWrite MailboxSettings.Read
Data accessed: User name, email, mailbox timezone setting, and calendar events related to DriveDate lessons only.
How to revoke: Disconnect from DriveDate dashboard settings or visit myapps.microsoft.com to remove app permissions.
Apple Calendar / iCloud CalDAV (Apple Inc.)
Who it applies to: Instructors who voluntarily connect their Apple Calendar using an Apple ID and app-specific password.
Authentication method: CalDAV protocol using an Apple app-specific password (not your main Apple ID password). The app-specific password is stored encrypted in our database.
Purpose: Create, update, and delete driving lesson events in a dedicated “DriveDate Schedule” iCloud calendar; poll the instructor's iCloud calendar periodically to keep availability current.
Data accessed: Calendar event titles and times on the instructor's iCloud account. We do not access any other Apple account data.
How to revoke: Disconnect Apple Calendar from your DriveDate dashboard settings (this removes the stored credentials), or revoke the app-specific password at appleid.apple.com.
Google Maps / Places API (Google LLC)
Purpose: Display interactive maps showing instructor locations; provide address autocomplete in the search bar and onboarding forms.
Data sent to Google: Search queries you type in the location field and coordinates used to geocode instructor addresses. Google's Maps JavaScript API may also collect usage data per Google's own terms.
No OAuth required. Access is via a public API key.
Google Tag Manager (Google LLC)
Purpose: Load and manage analytics and marketing tags on the Platform without code deployments. May be used to load Google Analytics or similar tools.
Data collected: Page views, clicks, and events as configured in the GTM container. This may include your IP address and browser information.
Google Tag Manager is only loaded on the production domain when enabled by our administrators. You can opt out of Google Analytics tracking at tools.google.com/dlpage/gaoptout.
Stripe (Stripe, Inc.)
Purpose: Process student payments and pay instructors and school owners through Stripe Connect.
Data shared with Stripe: Student name, email address, payment amount, and booking reference. Instructors and school owners share business identity information directly with Stripe during Stripe Connect onboarding.
Payment card details are entered directly into Stripe's hosted elements and are never transmitted through our servers.
Stripe Privacy Policy: stripe.com/privacy
Postmark (ActiveCampaign, LLC)
Purpose: Deliver transactional emails — booking confirmations, sign-in magic links, password resets, account invitations, and welcome emails.
Data shared with Postmark: Recipient email addresses, names, lesson details included in the email body.
Postmark Privacy Policy: postmarkapp.com/privacy-policy
5. Cookies and Tracking
We use the following types of cookies and browser storage:
- Session cookies — set by NextAuth to keep you signed in. These are strictly necessary and cannot be disabled without logging you out.
- Local storage — search filters (location, distance, date, time, duration, price) are saved in your browser's local storage so they persist across page reloads.
- Analytics cookies — if Google Tag Manager is active, Google Analytics cookies may be set. You can opt out at tools.google.com/dlpage/gaoptout.
- Third-party cookies — Google Maps and Stripe may set their own cookies as described in their respective privacy policies.
6. Data Retention
We retain your account data for as long as your account is active. Booking and payment records are retained for seven years for accounting and legal purposes. Waitlist entries are retained until coverage is available in your area or you request deletion. Cached calendar events are deleted when the corresponding booking is cancelled or the calendar is disconnected.
7. Your Rights
Depending on your jurisdiction you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Withdraw consent for calendar access at any time (see disconnect instructions above)
- Object to or restrict certain processing
- Data portability (receive your data in a machine-readable format)
To exercise these rights, email us at privacy@drivedate.com.
8. Data Security
We use industry-standard measures to protect your data, including encrypted database connections, encrypted storage of third-party credentials, and HTTPS on all pages. No system is completely secure; please use a strong, unique password and keep your connected accounts secure.
9. Children
The Platform is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and, for material changes, notify you by email or a prominent notice on the Platform.