Over the last few years, Uber has made a name for itself by offering free rides to many users. The process is simple—you sign up using a promo code, and your first ride (usually up to $20) is free. Then you get your own unique promo code, which you can pass out to all of your friends, and if they sign up for Uber using your code, you get more free rides. Uber works with other companies in order to help riders get even more free rides. For instance, through June 30, 2015, anyone who signs up for Uber using the promo code CAPITALONE, and also selects a valid Capital One card as their primary form of payment when they sign up, will receive their first two rides (up to $30 each) free.

Free is good—I mean, who doesn’t like free? But Uber has been criticized in the past for its privacy policy and practices, especially the “God View,” which has been accused of violating users’ privacy rights without their permission. This has raised some serious privacy concerns among lawmakers, specifically Al Franken, who has made contact with Uber several times asking for clarification of the company’s privacy policies.

Uber has responded by cutting their privacy policy in half, cutting out a lot of the confusing legal jargon, as well as implementing new statements to their policy. Sounds good, right? Maybe you should read it first.

The new Uber privacy policy, set to go in effect on July 15, 2015, lays out a number of new rules and permissions that users will have to accept in order to use the service.

One such permission allows Uber to access the rider’s location any time that the Uber app is running, even if it’s running in the background. Uber will now have access to a user’s contact list, and can send special offers to the rider’s friends and families. Uber claims it needs access to a user’s contact list for features such as “split fare.”

Other information collected by Uber includes “ride transaction details, information on calls and SMS messages between drivers and users, device information, information on how users and site visitors interact with its services, and login information when using services. It may also collect information from other sources which the rider uses to interact with Uber services, such as linked Facebook and Google Wallet accounts.

The company retains permission to hand over customer data to third parties like vendors, marketing partners and law enforcement officials under certain circumstances.”

The potential for abuse certainly still seems pretty high, although in the past, Uber has stated that the company has a “strict policy prohibiting all employees at every level from accessing a rider or driver’s data. The only exception to this policy is for a limited set of legitimate business purposes.”