Ridesharing application acquires, collects, stores, and shares personal data of its customers and therefore there has to be a practice on protecting customers' data and a mechanism to ensure that data will not be misused. This research investigates how ridesharing applications in Indonesia protect their customers' personal data. By using self-regulation mechanism and compliance examination with related national regulation, this research is demonstrated to three ridesharing applications in Indonesia through their privacy policies, terms, and conditions. Generally, this research unveils that all core principles of Data Protection have been fully covered by them. It shows that the application operators have established formal commitment to protect their customers' personal data which have been shared after vendor approves the customer's booking. Unfortunately, they cannot ensure that shared information are fully erased from vendor's device after transaction. They also do not expose their compliance to national regulation although most of stipulation have been covered.