← Back to Home
Privacy Policy
Aman — Smart Bus Management System
Last updated: February 23, 2026
1. Introduction
Aman ("we", "our", or "us") operates the Aman mobile application (the "App"), a smart bus
management system serving passengers, drivers, and administrators in Oman. This Privacy Policy
explains how we collect, use, store, and share your personal information when you use our App.
2. Information We Collect
We collect the following types of information:
a) Information you provide directly:
- Account information: Name, email address, and phone number when you sign in via Google or Apple. After social login, you are required to verify your phone number via a one-time verification code (OTP) sent by SMS or WhatsApp. Your phone number is also used by trip administrators to contact you regarding trip coordination (see Section 3).
- Verification data: During phone verification, a temporary 6-digit OTP code is generated and sent to your phone. These codes expire after 5 minutes and are automatically deleted after verification or expiry. We do not store OTP codes long-term.
- Profile information: Profile picture (from your Google or Apple account), gender, and date of birth if provided.
- Booking information: Pickup and drop-off locations that you select on the map when booking a trip, along with any reference images you attach to help the driver identify your location.
b) Information collected automatically:
- Location data: With your explicit permission, we access your device's location solely to center the map on your current position when you are selecting a pickup or drop-off point during the booking process. We do not track your location in the background, and we do not collect or store continuous location data. Location access occurs only while the App is in the foreground and only when you open the location picker.
- Device information: Device type, operating system version, and a unique device token used exclusively for delivering push notifications.
- Usage data: Trip history and booking records necessary for providing the service.
c) Information from third-party services:
- Google Sign-In: We receive your name, email address, and profile picture from Google when you authenticate. We use Google's OAuth 2.0 API solely for authentication purposes.
- Apple Sign-In: We receive your name and email address from Apple when you authenticate.
- Firebase: We use Firebase Authentication for secure login (including SMS-based phone verification), and Firebase Cloud Messaging for delivering push notifications.
- WhatsApp Business API (Rasil): If SMS verification fails (e.g., due to carrier restrictions or regional limitations), we send the verification code via WhatsApp as a fallback. This is handled by the Rasil messaging service (rasil.io). Only your phone number and the OTP code are shared with Rasil for this purpose.
3. How We Use Your Information
We use your information to:
- Authenticate your identity and verify your phone number via SMS or WhatsApp OTP.
- Provide bus trip booking services, including allowing you to set pickup and drop-off points on a map.
- Display your selected pickup and drop-off locations to the assigned driver so they can serve you.
- Allow trip administrators to contact you via your phone number to confirm your readiness time, verify your pickup point, and coordinate passenger arrangements for the driver.
- Send push notifications about trip updates, booking confirmations, and service alerts.
- Enable administrators to manage trips, buses, and fleet operations.
- Improve app stability and fix bugs through error reporting (Sentry).
- Communicate important service updates.
4. How We Store Your Information
Your data is stored on secure servers hosted on Amazon Web Services (AWS) in the EU (Stockholm) region.
Authentication tokens are stored securely on your device using encrypted storage (Flutter Secure Storage).
We retain your personal data for as long as your account is active. You may request deletion at any time.
5. How We Share Your Information
We do not sell your personal information. We share data only in these circumstances:
- Service providers: Google (authentication, maps display), Apple (authentication), Amazon Web Services (server hosting), Sentry (error reporting), Firebase (authentication, SMS verification, push notifications), Rasil (WhatsApp OTP delivery as SMS fallback).
- Trip-related sharing: Your name, phone number, pickup location, and drop-off location are visible to the trip administrator and the assigned driver. The administrator uses your phone number to confirm your readiness and verify your pickup point so they can organize the passenger list for the driver. Driver names and bus information are visible to passengers who booked the same trip.
- Legal requirements: We may disclose information if required by law or to protect our rights and safety.
6. Google API Services — Limited Use Disclosure
Aman's use and transfer to any other app of information received from Google APIs will adhere to the
Google API Services User Data Policy,
including the Limited Use requirements. We only request the minimum scopes necessary for authentication
(email, profile). We do not use Google user data for advertising, and we do not transfer it to third parties
except as necessary to provide or improve the App's functionality.
7. Location Data — Detailed Disclosure
We want to be fully transparent about how we use location data:
- When: Location permission is requested only when you open the map to select a pickup or drop-off point.
- Why: To center the map on your current position so you can easily choose a nearby location.
- What we store: Only the coordinates of the pickup and drop-off points you explicitly select on the map. These are stored as part of your booking record.
- What we do NOT do: We do not track your movements, we do not collect location data in the background, and we do not share your real-time location with any third party.
- Opt-out: You can deny location permission and manually navigate the map to select your points. The App will function normally without location permission.
8. Your Rights and Choices
You have the right to:
- Access the personal data we hold about you via your profile in the App.
- Update your profile information at any time through the App settings.
- Delete your account and all associated data by contacting us or using the delete account option in the App.
- Revoke Google or Apple access from your Google/Apple account settings at any time.
- Opt out of push notifications through your device settings.
- Deny location permission — the App works without it; you can manually pick locations on the map.
9. Data Security
We implement industry-standard security measures including HTTPS/TLS encryption for all data in transit,
encrypted token storage on devices, and secure server infrastructure with role-based access controls.
However, no method of transmission over the Internet is 100% secure.
10. Children's Privacy
Our App is not intended for children under the age of 13. We do not knowingly collect personal information
from children under 13. If we learn that we have collected such information, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through
the App or via email. Your continued use of the App after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Email: Reda.ali2004@gmail.com