Log in
Start a Free Trial
Book a Demo

FleetHQ Privacy Policy

Introduction & Scope

FleetHQ, LLC (“FleetHQ,” “we,” “us,” or “our”), a Wyoming-based software company, provides a subscription-based software-as-a-service (SaaS) platform for fleet management to independent car rental businesses. This Privacy Policy explains how we collect, use, share, and protect personal information when you interact with our services, website, and platform (collectively, the “Services”). It also describes the rights and choices you have with respect to your personal information. FleetHQ’s Services are offered on a monthly or annual subscription basis to fleet owners (our business customers).

Important Role Clarification: FleetHQ is not a car rental company and does not engage in rental operations or transactions. Our customers are fleet owners or car rental businesses (“Fleet Owners”) who use our platform to manage their rental operations. If you are an individual renting a vehicle from one of our Fleet Owners (a “Renter” or “End User”), you are not a direct customer of FleetHQ. In those cases, FleetHQ acts as a service provider to the Fleet Owner, processing your data on their behalf. This means the Fleet Owner’s privacy policy and terms govern how your personal data is used in the context of your rental; FleetHQ handles that data only under the Fleet Owner’s instructions and our agreement with them. FleetHQ is a processor of Renter data, while the Fleet Owner is the controller of such data. We are not responsible for the privacy practices or compliance of our Fleet Owner customers, nor for their operational decisions. However, we are committed to protecting all personal data we process and using it solely for the purposes outlined in our contracts and this Policy.

By using FleetHQ’s Services or by providing personal information to us (directly or via a Fleet Owner using our platform), you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services. This Policy applies to information we handle for our own purposes (e.g. information of Fleet Owners and website visitors) as well as personal information we process on behalf of our Fleet Owners (e.g. information about Renters that Fleet Owners collect through our platform). We may provide additional notices about data collection or use in certain circumstances; those notices supplement this Policy.

Information We Collect

We collect personal information in a few different ways: information you or our customers provide to us, information we collect automatically, and information obtained from third parties or integrations. The types of personal information we collect and process include:

  • Fleet Owner Account Information: If you are a Fleet Owner (our direct customer), we collect information to set up and administer your account. This includes business contact details such as your name, business name, email address, phone number, and mailing address; account login credentials; and subscription details. We also collect billing information (like payment method details) when you subscribe to our Services (monthly or annual plan) so we can invoice you and manage payments. This information is used to provide you with access to our platform, support your account, communicate about Service updates, and fulfill our contract with you (e.g. processing your subscription fees).
  • Renter Information (Processed on Behalf of Fleet Owners): We process personal information about Renters only as part of providing our Services to Fleet Owners. This typically includes information that a Renter provides to the Fleet Owner (through our platform) when renting a vehicle. Such data may include identifiers and contact details (e.g. name, email, phone number, address, date of birth), driver’s license details or other identification information, selfie photographs or other images for identity verification, rental transaction details (e.g. vehicle reserved, rental period, payment amounts), and any other information the Fleet Owner chooses to collect about the Renter for rental purposes. Because this data is collected at the direction of the Fleet Owner, FleetHQ processes this information strictly on the Fleet Owner’s behalf and according to their instructions. Renters are encouraged to review the privacy policy of the Fleet Owner’s rental business to understand how that company uses and discloses Renter information. FleetHQ does not use Renter personal information for its own independent purposes (such as marketing to Renters); we use it only as necessary to provide and support the Fleet Owner’s use of our platform or as required by law, as explained in this Policy.
  • Identity Verification Data (Sensitive Personal Data): In certain cases, Renters may be asked to verify their identity or eligibility to rent a vehicle via our platform. This process may involve collecting government-issued identification documents (such as a driver’s license or passport) and biometric information in the form of a photograph or selfie. FleetHQ facilitates this through trusted third-party identity verification providers (e.g., Stripe Identity or Vouched), which capture and authenticate the ID document and match it against the selfie. The personal data collected for verification may include the images of your ID and face, extracted information from the ID (like name and license number), and verification results. Biometric Data: In some instances and only with the user’s consent, our verification partner may generate biometric identifiers (such as a facial geometry template) from the provided images solely to confirm the identity match. FleetHQ does not store the actual biometric identifiers or raw images on our systems beyond the verification process. Such sensitive data is handled by the third-party provider and is subject to stringent protections and timely deletion. For example, Stripe’s identity verification service employs biometric comparison but does not retain the biometric data longer than necessary – typically purging it within minutes (and no later than 48 hours) after completing the verification. FleetHQ receives from these providers the verification outcome and basic extracted information (such as confirmation of name or age), which we pass to the Fleet Owner or use to allow or deny a rental transaction. We treat identity verification data with high security and confidentiality, and we do not use it for any purpose other than fraud prevention and identity confirmation as directed by our customer or as required by law. Important: By submitting to an identity verification check, the individual acknowledges that their ID and selfie will be transmitted to a third-party verification service for processing. Those third-party services may have their own privacy policies governing the handling of that data.
  • Payment and Financial Information: When a Fleet Owner subscribes to FleetHQ or uses paid features, payment information is collected to process the transactions. This can include credit card numbers or bank account details and billing address. FleetHQ uses third-party payment processors (for example, Stripe) to handle payment transactions securely; we do not store full payment card details on our own servers for security. Additionally, if our platform facilitates payments from Renters to Fleet Owners (e.g., rental fees or deposits), those payments are also processed via integrated third-party payment gateways, and the Renter’s payment information (such as cardholder name and card number) is collected for the purpose of completing the transaction. Such Renter payment data is typically received directly by the payment processor and may only pass through our system as needed to integrate the transaction (e.g., a token or transaction ID). We ensure any payment data we handle is protected and used only for payment processing or record-keeping. All payment transactions are encrypted and handled in accordance with PCI-DSS standards by our payment partners.
  • Communications and Support Information: If you contact us (or if a Renter contacts FleetHQ at the direction of a Fleet Owner) for support, inquiries, or feedback, we will collect the information you provide in those communications. This may include your name, contact information, and the content of your correspondence. If we communicate with Renters via SMS or email on behalf of the Fleet Owner (for example, sending a booking confirmation or a verification code), we may collect logs of those communications (such as phone number, time, and message content) for delivery and troubleshooting purposes. We use this information to respond to inquiries, provide customer support, and improve our Services.
  • Device and Usage Information: Like most online services, we automatically collect certain technical information about how the Services are accessed and used. When you (whether a Fleet Owner, Renter, or site visitor) interact with our website or platform, we may collect data such as your device type, browser type, operating system, IP address (which may give a general location such as city or state), unique device identifiers, app version, and other technical data. We also log information about your activity on our Services, for instance: date and time of access, pages or screens viewed, features used, links clicked, search queries within the platform, and other usage analytics. If the FleetHQ platform includes mobile or GPS features (for example, mapping vehicles), we might collect approximate location data of a device or vehicle, but only with appropriate notice or permission (e.g., if a Fleet Owner installs a telematics device that integrates with our system, location data may be processed as part of the Service – such cases would be governed by the Fleet Owner’s arrangement and notices). We may use cookies and similar technologies on our website to collect and store some of this usage information (see “Cookies & Tracking” below). This automatically collected data helps us understand how users engage with our Services, enables us to secure the platform (e.g., detect fraud or unauthorized access), and allows us to optimize user experience and technical performance.
  • Information from Third Parties: In some cases, we receive personal information about you from third-party sources. For example, we might receive updated contact information for Fleet Owners from public databases or marketing partners. If a Fleet Owner uses third-party integrations in conjunction with our Services, those partners might send us certain data (per the Fleet Owner’s direction) – for instance, if a Fleet Owner connects an insurance verification service or a driving record lookup service, we might receive a confirmation of a Renter’s insurance status or license validity. Another example is if you choose a social login or single sign-on to access FleetHQ (if enabled), we would receive the authorized information (like your name or email) from that external account. We treat any information obtained from third parties according to this Privacy Policy and any additional restrictions imposed by the source. However, we are not responsible for any inaccuracies in third-party provided data.

Cookies & Tracking: We and our service providers may use cookies, web beacons, and similar tracking technologies on our website to personalize content, remember preferences, and analyze usage. These technologies collect device and browsing information as described above. You can control cookie settings through your browser. (At this time, we do not respond to “Do Not Track” signals, as there is no industry consensus on DNT responses.)

How We Use Your Information

We use personal information for the following purposes:

  • Providing and Improving the Service: We use all categories of information to operate, maintain, and provide the features and functionalities of our platform. For Fleet Owners, this includes using your information to create and secure your account, provide dashboards and tools for managing your fleet, process your subscription payments, and send you Service-related communications (such as invoices or system alerts). For Renters’ information processed on behalf of Fleet Owners, we use it strictly to enable the Fleet Owner to carry out rental transactions – for example, to generate rental agreements or bookings, to verify identity and driving eligibility, to facilitate payments or deposits, to send pickup instructions, and to otherwise manage the rental process as directed by the Fleet Owner. We may also use data in aggregate or de-identified form to analyze and improve our platform’s performance, to develop new features, and to understand usage trends (e.g., to make the interface more user-friendly or to ensure our infrastructure can handle demand).
  • Identity Verification and Fraud Prevention: We use the sensitive identity verification data (driver’s license scans, selfies, biometric checks) to protect against fraud, unauthorized access, or misuse of our platform. Specifically, this information is used to confirm that a Renter is who they claim to be and meets the Fleet Owner’s requirements (such as holding a valid license and being above a required age). By verifying identities, we help Fleet Owners prevent fraudulent rentals and enhance safety. Biometric or ID information collected via third-party services is used only for the one-time verification process and for security/audit logs thereafter. We may also use and combine information (such as device data and identity data) to detect and prevent suspicious activity or violations of our terms. These uses are both for fulfilling our contract obligations to Fleet Owners (providing a secure service) and for our legitimate interests in maintaining the integrity of the platform and protecting all users from fraud.
  • Communications and Notifications: We use contact information (email, phone number) to communicate with you. For Fleet Owners, this includes sending onboarding emails, Service updates, billing invoices, and responding to support requests. We may also send administrative messages such as security alerts or notices about policy changes. For Renters, FleetHQ may facilitate communications on behalf of the Fleet Owner – for example, sending a text message with a verification code, a booking confirmation or reminder, or an alert about a change in reservation. SMS Communications: If you provide a mobile phone number, you consent to receive SMS/text messages for identity verification, transaction confirmations, and other Service-related communications. We ensure that any such text communications comply with applicable law and that we have appropriate consent. Message frequency will vary based on your interactions (e.g., one-time verification codes or a text receipt for a rental). Opt-Out: You can opt out of receiving text messages at any time. To stop receiving SMS, follow the opt-out instructions provided in the message (such as replying “STOP”) or contact us at any time to revoke consent. Note that opting out of Service-related texts may impact your ability to use certain features (for instance, you might not receive a verification code needed to complete a process). For email communications: Fleet Owners may unsubscribe from marketing or newsletter emails via the provided “unsubscribe” link, and Renters will not receive marketing emails from FleetHQ (since we do not market to Renters directly), though they may receive transactional emails (like electronic rental agreements or receipts) as part of the Service. We will not send you promotional communications if you opt out, and we will not share your phone number or email with third parties for their own marketing.
  • Marketing and Service Updates (Fleet Owners): We may use Fleet Owner contact information to send informational or promotional content about our Service, such as newsletters, product updates, new feature announcements, or events we think may be of interest to you. These communications will be in accordance with applicable law (sent with consent or as otherwise permitted). You can opt out of marketing emails as noted above. We do not use any Renter information for our marketing purposes. We also do not sell any personal data to third parties for marketing or any other purpose (see “No Sale of Personal Information” below for more details).
  • Payments and Subscription Management: We use payment and financial information to charge subscription fees to Fleet Owners, process any authorized charges, and manage billing cycles (e.g., monthly or annual renewals). This may involve sharing necessary information with our payment processors (see Disclosure to Service Providers below). We may also send reminders about upcoming payments or past due accounts. If a Fleet Owner’s subscription is managed through a third-party marketplace or reseller, we may receive and use information from that third party to activate your subscription and track entitlements.
  • Compliance with Legal Obligations: We may process and retain personal information as needed to comply with applicable laws, regulations, and legal obligations. For example, information may be used to fulfill financial record-keeping requirements, to respond to lawful requests by public authorities, or to comply with industry regulations (such as verifying identities to satisfy anti-fraud or KYC (Know Your Customer) requirements). If you submit a data subject access or deletion request (as described in the Your Rights section), we will use your information to verify and fulfill that request as required by law. We also use data to enforce our agreements and policies, to investigate or address potential violations, and to protect the rights and safety of FleetHQ, our users, or others (e.g., detecting and preventing fraud or security incidents).
  • Other Legitimate Business Purposes: We may use personal information for legitimate interests related to operating our business. This includes maintaining the security of our infrastructure, conducting audits and assessments of our Services (e.g., security audits, usage analysis), debugging and fixing errors, research and development (analyzing usage to improve or develop new features), and in connection with potential business transactions (such as due diligence if we consider a merger or acquisition, as permitted by law). If we seek to use your information for a purpose materially different from those listed in this Policy, we will provide you with notice and, if required, obtain your consent.

We always strive to minimize the personal data we use and ensure we have an appropriate legal basis for processing. In many cases, the legal basis will be that the processing is necessary to perform our contract with you (or with the Fleet Owner to provide the service they’ve subscribed to). In other cases, the basis may be our legitimate interests (such as improving security and service functionality), compliance with a legal obligation, or your consent (for example, sending marketing emails or performing biometric identity verification where consent is required).

How We Share or Disclose Information

We understand the importance of keeping personal information secure and private. We do not sell personal data to third parties for profit, and we only share information as needed to provide our Services and as described below. The categories of recipients with whom we may share personal information include:

  • Fleet Owner (Customer): If you are a Renter using a Fleet Owner’s services, the personal information you provide (or that is collected about you) via the FleetHQ platform is made available to that Fleet Owner. Essentially, the Fleet Owner and its authorized personnel have access to the Renter information in their account on our platform – this is a core aspect of delivering the service (for example, the Fleet Owner will see your reservation details, verification status, and communications). The Fleet Owner may download or export data about their Renters from our platform. This sharing is under the Fleet Owner’s control and privacy policy. Similarly, if you are an employee or agent of a Fleet Owner and are given a sub-account to use FleetHQ, certain information (like your name, activity logs, etc.) may be visible to the account administrator of the Fleet Owner’s account.
  • Service Providers (Processors): We share personal information with third-party companies and individuals that provide services to us and act on our behalf (“service providers”). These service providers help us run and support the Services and are bound by contractual obligations to protect the confidentiality and security of the data and to use it only for the purposes of providing their specific services. Key service providers we rely on include:
  • Hosting and Infrastructure: We use cloud hosting providers (primarily Amazon Web Services) to store and process data. Our application and databases are hosted on servers located in the United States. Our cloud infrastructure is secured and includes safeguards like encryption and network firewalls (for example, our environment runs within a private network on AWS, accessible only through secure proxy servers).
  • Payment Processors: We use third-party payment processors (e.g., Stripe) to handle credit card transactions and subscription billing. These processors will have access to billing information to process payments on our behalf. They are PCI-DSS compliant and authorized to use your payment data only as necessary to process payments and comply with law.
  • Identity Verification Services: As noted, we integrate with providers like Stripe Identity and Vouched to verify IDs and documents. For Renters undergoing verification, those providers receive the personal data necessary (ID images, selfies, etc.) to perform the check. They act as our service providers in this context, meaning they are contractually obligated to protect the data and only use it for the verification purpose. We share with them only what is required (and in many cases the Renter provides the data directly through the provider’s module). The provider returns a verification result and related info to us.
  • SMS and Communications Providers: We may use services like Twilio or similar SMS gateways to send text messages, and email delivery services to send emails. These providers process contact information (phone numbers, email addresses) and message content on our behalf to ensure communications reach you. For example, if we send a verification SMS, the content and number will go through our SMS API provider.
  • Analytics and Monitoring: We might employ third-party analytics tools (such as Google Analytics) to understand how our website is used, as well as monitoring services to ensure the stability and security of our platform. These tools might automatically collect usage data (via cookies or scripts) on our site. We configure these tools to avoid collecting any more personal data than necessary (and IP anonymization where applicable). Data shared with analytics providers is typically de-identified or aggregated, focusing on usage patterns. You can opt out of Google Analytics tracking by using browser opt-out plugins if desired.
  • Other Vendors: We may also use other vendors for functions such as marketing communications, customer support ticketing, document storage, or legal/accounting services. In all cases, we only share the information necessary for the vendor to perform their work (for example, sharing your email address with an email newsletter service, or sharing a support inquiry with a customer support platform). These vendors are not permitted to use your data for their own marketing or other purposes outside of what we instruct.
  • Legal Requirements and Safety: We may disclose personal information to third parties (such as courts, law enforcement agencies, regulatory bodies, or other government authorities) if and to the extent we believe such disclosure is reasonably necessary to: (1) comply with any applicable law, regulation, legal process, or enforceable governmental request (such as a subpoena or court order); (2) enforce or investigate potential violations of our Terms of Service or other agreements; (3) detect, prevent, or address fraud, security, or technical issues (for example, preventing someone from misusing our platform); (4) protect the rights, property, or safety of FleetHQ, our users (Fleet Owners, Renters), or the public; or (5) assist in the collection of debt owed by a customer (e.g., sharing information with a collections agency, but only in accordance with the law). If we receive a request for personal information from law enforcement or a government, and if it’s not legally prohibited, we will attempt to notify the affected individual or customer (for example, the Fleet Owner) so they can seek to limit or quash the disclosure, as appropriate.
  • Business Transfers: If FleetHQ engages in or is involved in a merger, acquisition, financing due diligence, restructuring, reorganization, bankruptcy, receivership, sale of company assets, or other business transaction, then personal information may be transferred to or shared with the successor or affiliate as part of that transaction. For example, if another company acquires FleetHQ or all/some of our assets, personal data in our possession (including user information) would likely be one of the assets transferred to that company. In such an event, we will ensure that your personal information remains subject to protections consistent with this Privacy Policy (unless, of course, you are notified otherwise and consent to a new policy). Similarly, if we are involved in a corporate divestiture or reorganization, we may share information with related parties (under confidentiality obligations) as part of the negotiation process.
  • With Your Consent or At Your Direction: We may share your information with other third parties in cases where you have expressly consented or directed us to do so. For instance, if in the future FleetHQ offers an integration with a third-party app and you opt to enable it (allowing that app to access data from your FleetHQ account), we will share data with that app or service at your instruction. Or if a Renter specifically requests that we transfer their data to a new rental platform or service, we would do so with authorization. We will make it clear at the time of obtaining consent what information will be shared and with whom.
  • Aggregated or De-Identified Data: We may share information that has been aggregated (combined with other data so it no longer relates to an identifiable individual) or de-identified (stripped of personal identifiers) with third parties for lawful business purposes. For example, we might publish reports or statistics about industry trends, such as average fleet usage rates or rental durations, that do not contain any personal details. This information cannot be reasonably used to identify you and is not considered personal data.

No Sale of Personal Information: FleetHQ does not sell personal information to third parties. We have not sold anyone’s personal data in the past and have no plans to do so. “Selling” refers to disclosing personal information in exchange for money or other valuable consideration. We also do not share personal information for cross-context behavioral advertising (as defined under certain privacy laws). Any information sharing we do is limited to the purposes described above (primarily to service providers or as necessary for our business operations or legal compliance). Therefore, there is no need for you to opt-out of data sales – we simply don’t engage in that practice. If this stance ever changes, we will update this Policy and provide any required notices or opt-out mechanisms.

Data Security

We take the security of your personal information seriously and implement industry-standard security measures to protect it. FleetHQ employs administrative, technical, and physical safeguards designed to guard against unauthorized access, alteration, disclosure, or destruction of personal data in our custody. Some of the security practices we follow include:

  • Encryption: All communications between your browser/app and our servers are protected using Transport Layer Security (TLS), which encrypts data in transit. Sensitive data (such as passwords and identity documents) is additionally encrypted at rest in our databases or storage. In fact, our entire environment runs with encryption in transit and at rest, to help ensure data is protected both while it’s moving through the network and when stored on disk.
  • Secure Cloud Infrastructure: We host our platform on Amazon Web Services (AWS) data centers in the U.S., which maintain high standards of security and compliance (including SOC 2 certification). Our systems operate within a virtual private cloud (VPC) – an isolated network not directly accessible from the public internet, except through secure application gateways. We utilize firewalls, network segmentation, and monitoring to prevent and detect unauthorized intrusion.
  • Access Controls: Internally, we limit access to personal data strictly to employees, contractors, and service providers who need that information to perform their duties (principle of least privilege). For example, our support staff can only access your data if needed to assist you, and even then, sensitive information like passwords are not visible. All staff are bound by confidentiality obligations and receive training on data privacy and security best practices.
  • Authentication & Account Security: FleetHQ requires strong passwords for user accounts, and we support (or require) multi-factor authentication for administrative access. Passwords are stored hashed and salted for protection. We also employ measures like login attempt throttling and device monitoring to guard against unauthorized account access.
  • Monitoring and Testing: Our systems are continuously monitored for security events. We use intrusion detection and anti-malware tools, and maintain audit logs of key activities. Regular security assessments, vulnerability scans, and penetration tests are conducted to identify and address potential weaknesses. We also keep our software and dependencies up-to-date with security patches.
  • Organizational Policies: We have implemented privacy and security policies at the organizational level, including incident response plans, data handling guidelines, and vendor risk management. If we work with third-party sub-processors, we vet their security measures as well. We also have confidentiality and data protection agreements in place with our employees and contractors.

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, we continually evaluate and update our security measures to follow best practices and reduce risks. In the unlikely event of a data breach that affects your personal information, we will promptly notify you and any applicable regulatory authorities as required by law, including details of the breach and steps we are taking in response. We may notify you via email, account notification, or other direct communication methods. We also commit to investigating and remedying security incidents to prevent future occurrences.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:

  • If you are a Fleet Owner (customer), we will retain your account information for as long as your account is active and as needed to provide you services. If you cancel your subscription or your account is otherwise deactivated, we will delete or anonymize your personal information upon request or within a reasonable period, except to the extent we need to keep it for legitimate business or legal purposes.
  • Renter data that we process on behalf of a Fleet Owner is generally retained as long as the Fleet Owner maintains that data in our platform. We store such data to provide the service to the Fleet Owner. If the Fleet Owner deletes specific Renter records or terminates their relationship with FleetHQ, we will delete or return the Renter data in accordance with our agreement with that customer. In many cases, FleetHQ’s contract requires us to delete a Fleet Owner’s data within a set period after contract termination, except for any data we must retain for legal compliance or internal purposes.
  • In determining retention periods, we consider factors such as: the duration of our relationship with you (or the Fleet Owner) and provision of the Services, the type of data and its sensitivity, the potential risk of harm from unauthorized use or disclosure if retained, the purpose for which it was collected, and applicable legal requirements. For example, we may retain certain transaction records to comply with financial regulations or tax laws, which might require keeping records for a number of years. We may also retain backup copies of data for a limited time for business continuity.
  • We also retain personal information to the extent needed to resolve disputes, enforce our agreements (including this Policy), or pursue legitimate business interests or legal defenses. If data is subject to a legal hold or we are otherwise legally obligated to retain it (e.g., in response to a court order), we will retain it for the period required.
  • When we have no ongoing legitimate need or legal obligation to keep personal information, we will securely dispose of it. This may involve deleting it from our databases, anonymizing it so it can no longer be associated with an individual, and/or segregating and securely storing it until deletion is possible.

If you have any specific questions about our data retention practices (for example, if you want to know if we still have certain information), you can contact us at tech@fleethq.io.

International Data Transfers

FleetHQ is headquartered in the United States, and our Services are primarily operated in the U.S. If you are using our Services from outside the U.S., be aware that your personal information will likely be transferred to, stored in, and processed in the United States (or other jurisdictions where we or our service providers have facilities). Data protection laws in these jurisdictions may be different from those in your country of residence.

For example, information collected within the European Economic Area (EEA), the United Kingdom, or Switzerland may be transferred to countries (like the U.S.) that the European Commission or other authorities have not deemed to have “adequate” data protection. In such cases, we will take appropriate measures to ensure that your personal data receives an adequate level of protection when transferred. These measures might include implementing the European Commission’s Standard Contractual Clauses (SCCs) with the data importer, relying on an individual’s explicit consent to the transfer, or other legal transfer mechanisms. We are committed to protecting the privacy and legal rights of individuals whose personal data is transferred to our systems, regardless of location.

By using the Services or submitting information to us, you understand that your personal data may be transferred to and processed in the United States and other jurisdictions as described. We will handle that information as described in this Privacy Policy. If required by applicable law, we will obtain your consent for such international transfers.

Our primary data storage and processing occurs on AWS servers in the U.S., which means your data will be subject to U.S. laws and possibly accessible to U.S. authorities under certain conditions (e.g., lawful orders). We may also have support or development teams in other countries that access data under strict controls. We ensure that any international access or processing is done in compliance with applicable cross-border data transfer laws.

If you would like more information about cross-border transfers or the safeguards in place, please contact us (see Contact Us section below).

Your Rights and Choices

You have certain rights and choices regarding your personal information. These rights may vary depending on your jurisdiction and whether FleetHQ is acting as a controller or a processor of your data. We are committed to honoring applicable rights requests in a timely manner. Below is a general outline of rights that may be available and how to exercise them:

  • Access and Transparency: You have the right to request access to the personal information we hold about you and to obtain information about how we process it. This includes the right to ask for a copy of the personal data we have collected about you. How to exercise: If you are a Fleet Owner, you can review and update certain information directly by logging into your account. For full access, or if you are a Renter who interacted with a Fleet Owner’s services, you (or the Fleet Owner) may send us a request at our contact point below. We will provide the requested information, provided we can verify your identity (or authority) and doing so is permitted by law.
  • Correction/Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal information about you. We want to ensure your data is accurate. How to exercise: Fleet Owners can update basic account details in their settings, or contact us to request correction of any data that you cannot change yourself. If you are a Renter, you should direct requests for correction to the Fleet Owner (who controls your data in our system), or you can contact us and we will cooperate with the Fleet Owner to make the correction as appropriate. We may need to verify the new information provided.
  • Deletion/Erasure: You have the right to request deletion of your personal information, subject to certain exceptions. This is sometimes called the “right to be forgotten.” How to exercise: You may request that we delete personal data we hold about you by contacting us. For Fleet Owners, if you wish to close your account and have data erased, we will do so except for information we are required or permitted to retain (see Data Retention above). For Renter data that we process for a Fleet Owner, we will forward any deletion request to the relevant Fleet Owner and assist them in fulfilling it (since we cannot delete data from a customer’s account without their instruction). Please note we might retain certain minimal information to record that we honored a deletion request or to comply with legal obligations (for example, notating that an email address should not be contacted).
  • Data Portability: In some cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller (where technically feasible). How to exercise: If applicable, you can request an export of your data. Fleet Owners can export certain data from their account directly (like downloading transaction records). We can also assist by providing your data in CSV or JSON format upon request. This right typically applies to data you provided to us directly and that we process by automated means based on consent or contract.
  • Restriction of Processing: You have the right to request that we restrict the processing of your personal information under certain circumstances (for instance, if you contest the accuracy of the data or if the processing is unlawful but you prefer restriction over deletion). How to exercise: You can contact us with your specific request, and we will evaluate if a restriction is appropriate. During a restriction, we would store your data securely and not use it except as agreed or for legal reasons.
  • Objection to Processing: You have the right to object to our processing of your personal information when such processing is based on our legitimate interests (or those of a third party) or when performed for direct marketing purposes. How to exercise: If you object to our use of your data for marketing, you can opt out as described above (which is immediate). If you object to other processing based on legitimate interest, let us know the specific objection. We will consider your request and whether our legitimate grounds for processing override your rights and freedoms. In cases of direct marketing, your objection will always be honored.
  • Withdraw Consent: Where we rely on your consent to process personal information (for example, consent for biometric processing or for receiving marketing emails), you have the right to withdraw that consent at any time. How to exercise: To withdraw consent for marketing, you can unsubscribe or email us to remove you from communications. To withdraw consent for identity verification/biometric processing, you can contact us or the Fleet Owner prior to completing the verification process (withdrawing after the fact may not undo the processing that has already occurred, but we will ensure no further use of the biometric data and that it is deleted). Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • Non-Discrimination: We will not discriminate against you for exercising any of these rights. For example, if you are a California resident exercising your CCPA rights, we will not deny you our Services, charge you different prices, or provide you a lesser quality of service because of your request. The Services we provide to Fleet Owners are generally uniform and based on contracts, so requests by individuals (like Renters) will be handled without affecting the service provided to the Fleet Owner, other than deleting or modifying the individual’s data as requested.

Please note: certain rights (such as access, correction, deletion, etc.) may be directed in the first instance to the Fleet Owner if you are a Renter, because FleetHQ acts as a data processor for that information. We will assist our Fleet Owners in responding to any such requests they receive. If you contact us directly and it relates to data we process for a Fleet Owner, we may forward your request to the appropriate customer and aid them in responding, or we will inform you how to submit the request to them. We will do our best to fulfill requests as required by applicable law, free of charge (except where requests are manifestly unfounded or excessive, in which case a reasonable fee may be charged or the request refused as permitted by law).

To exercise your privacy rights or if you have any questions about them, please contact us at tech@fleethq.io with the subject line “Privacy Rights Request” and include a description of your request and the email address associated with your use of the Services. We may need to verify your identity before completing certain requests (for example, by confirming ownership of your email or asking for additional information). We will respond to your request within the timeframe required by law (generally within 30-45 days for most rights requests, with the possibility of a reasonable extension if needed).

Additional Disclosures for California Residents

If you are a resident of California, you are entitled to certain disclosures and rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). This section provides the information and rights that apply specifically to California consumers, and it uses terms defined in the CCPA such as “Personal Information,” “Sale,” and “Share” (in the context of cross-context behavioral advertising).

Categories of Personal Information Collected: In the past 12 months, we have collected the following categories of Personal Information (as defined by CCPA) from or about consumers: – Identifiers: e.g. real name, email address, phone number, postal address, IP address, account username, driver’s license number or other ID numbers. – Personal Records Information: e.g. payment information (credit card number or bank details), and account login information. For Renters, this may include information provided for car rental transactions such as driver’s license or passport details, and photographs (which could be considered personal or biometric identifiers). – Protected Classifications: We do not intentionally collect information like race, gender, or health data from consumers as a category, but some identity documents or driver’s licenses may implicitly reveal traits like date of birth (age) or gender. Any such data is only used for verification or legal compliance (e.g., confirming you meet age requirements). – Commercial Information: e.g. records of products or services purchased or considered. For Fleet Owners, this includes subscription purchases of our service. For Renters, this includes details of rental bookings made through our platform (such as rental dates, vehicle, and amount paid). – Internet or Other Electronic Network Activity: e.g. browsing history, usage data, and interactions with our website or app. This includes technical data about a consumer’s device and how they navigated or used our Services (see “Device and Usage Information” above). – Geolocation Data: We collect general location (city, state) from IP address, and possibly more precise location if a feature like GPS tracking is used with consent. However, we do not systematically collect precise geolocation on consumers without consent. – Sensory Information: e.g. audio, visual, or similar information. We might collect photographs (selfies, ID scans) as described, which are visual. Some customer support calls could be recorded with notice, thereby collecting audio (voice) information. – Professional or Employment Information: For Fleet Owners who are sole proprietors or contacts, we may collect business affiliation or title. We generally do not collect detailed employment info about consumers, except what a Fleet Owner might input in our system (e.g. if a Fleet Owner lists their employees as users, that is employment info for those individuals). – Inferences: We do not create complex consumer profiles or inferences for targeted marketing in the way meant by CCPA. We may internally derive preferences or tendencies (e.g., a Fleet Owner’s most used features) to improve service, but we do not profile Renters for marketing.

Categories of Sources: We collect the above categories of Personal Information from the following sources: – Directly from the individual (or their authorized agent). For example, a Fleet Owner provides their information during sign-up; a Renter provides their information when making a booking or completing an identity check. – Indirectly from individuals through their activity (e.g., through automated means like cookies capturing browsing data or logs of actions on our platform). – From Fleet Owners about their Renters (the Fleet Owner inputs or requests info from the Renter, which is then collected in our system). – From third-party service providers or partners (e.g., identity verification results from Stripe/Vouched, or payment confirmation from Stripe, or analytics providers). – Public sources are generally not used for consumer data, except possibly to update business contact info for Fleet Owners.

Business or Commercial Purposes for Collection: We collect and use the Personal Information for the business purposes described in the “How We Use Your Information” section above. In CCPA terms, these purposes include: – Performing services on behalf of the business (ourselves or our Fleet Owner customers), such as maintaining and servicing accounts, providing customer service, processing payments, verifying customer information, and providing analytics services. – Security purposes, including detecting and protecting against fraudulent or illegal activity, identity verification, and debugging errors in our Services. – Short-term, transient use such as contextual customization of ads or content (although we do not share data externally for cross-context ads without consent). – Improving our products and services (internal research, analytics). – Other operational purposes compatible with the context of collection, such as training of machine learning models in a privacy-preserving manner, or aggregation of data. – To fulfill legal obligations and exercise or defend legal claims.

Disclosure of Personal Information: In the last 12 months, we have disclosed the above categories of Personal Information to third parties for our business purposes. Specifically, we have disclosed these categories to the types of recipients listed in “How We Share Information” – including our service providers (cloud hosting, payment processors, SMS/email providers, identity verification services, etc.), Fleet Owners (for Renter data), and, in rare cases, government authorities (when required by law). We do not disclose Personal Information to third parties for them to use for their own marketing or purposes outside of those business purposes.

Sale or Sharing of Personal Information: FleetHQ does not sell Personal Information of California consumers, and we have not sold Personal Information in the preceding 12 months. We also do not “share” Personal Information as defined under CPRA (meaning we do not share it for cross-context behavioral advertising). We do not knowingly sell or share the Personal Information of minors under 16 years of age. Given that we do not sell or share data in this manner, we do not offer an opt-out mechanism for sale/sharing on our website (as it is not applicable). If this ever changes, we will update this Policy and provide a “Do Not Sell or Share My Personal Information” link.

California Consumer Rights: If you are a California resident, you have the following rights under CCPA (in addition to the general rights outlined earlier, many of which overlap):

  1.   Right to Know: You can request that we disclose to you the specific pieces of Personal Information we have collected about you in the last 12 months, as well as additional details such as the categories of Personal Information collected, categories of sources, the business or commercial purpose for collecting, categories of third parties to whom we disclosed it, and if we sold or shared any of it (which we do not). You may request this information for the 12-month period preceding your request, and up to two times in a 12-month span.
  2.   Right to Delete: You can request that we delete Personal Information we collected from you and retained, subject to certain exceptions (for example, if the information is needed to complete a transaction, detect security incidents, comply with a legal obligation, etc., we may deny the deletion request for those specific reasons).
  3.   Right to Correct: You can request correction of inaccurate Personal Information maintained about you.
  4.   Right to Opt-Out of Sale/Sharing: As noted, we do not sell or share personal data for behavioral ads, but you have the right to direct a business that does sell or share your Personal Information to stop doing so. We honor this by not engaging in those practices.
  5.   Right of Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. We will not deny you services, charge you a different price, or provide a different level of quality because you exercised your rights in good faith.

Submitting CCPA Requests: To exercise your California rights to know, delete, or correct, you (or an authorized agent acting on your behalf) may contact us through any of the methods listed in Contact Us below. Please indicate that you are a California resident making a “CCPA request” and specify which right you seek to exercise. We will need to verify your identity to process requests (for example, by matching information you provide with our records, and/or asking for additional confirmation). If an authorized agent submits a request on your behalf, we may require proof of the agent’s registration or your written permission, as well as verification of your identity directly.

We aim to respond to verifiable consumer requests within 45 days as required by CCPA. If we need more time (up to an additional 45 days), we will inform you of the reason and extension in writing. Any disclosures we provide will cover the 12-month period preceding the receipt of the request, unless you request a longer period as permitted by law (note: the CPRA allows requesting information beyond 12 months in certain cases, and we will honor that if applicable and feasible).

For deletion requests, note that we will permanently erase, deidentify, or aggregate the Personal Information in our systems (and direct our service providers to do the same) except for the allowed exceptions. We will specify in our response which, if any, information we could not delete due to an exception.

For more information about our privacy practices or your rights, you can also call us or email us as provided in Contact Us. (If we had a toll-free number for CCPA requests, we would list it here, but as a primarily B2B service provider, we prefer electronic communication.)

California “Shine the Light”: Separate from CCPA, California’s “Shine the Light” law allows residents to ask companies once a year what personal information was shared with third parties for those third parties’ direct marketing purposes. FleetHQ does not disclose personal information to third parties for their own direct marketing purposes without consent. Therefore, we believe we have no disclosures to provide under that law. California users may still contact us at the address below for any questions or to request information, and we will respond in accordance with applicable law.

Users in the European Economic Area (EEA), UK, and Other Regions

While FleetHQ primarily targets U.S. businesses and operates under U.S. law, we intend to align with key privacy principles of the EU’s General Data Protection Regulation (GDPR) and similar laws to the extent applicable. If you are located in the EEA, United Kingdom, Switzerland, or another region with data protection laws that grant you rights beyond those described above, you may have additional or slightly different rights. This section provides additional information for such users:

Legal Bases for Processing: We only process your personal data when we have a legal basis to do so under applicable law. For individuals in the EEA/UK, our legal bases include: – Contract: Processing that is necessary to perform our contract with you as a user (Article 6(1)(b) GDPR) – for example, when you sign up as a Fleet Owner, we must process your data to provide the service you requested. – Legitimate Interests: Processing that is in our legitimate interests (Article 6(1)(f)), as long as those interests are not overridden by your data protection rights. We rely on legitimate interests for things like improving our services, preventing fraud, securing our platform, and communicating with our customers. We have analyzed these activities to ensure they are proportionate and respect your privacy. – Consent: Where we ask for your consent (Article 6(1)(a)), for example for optional identity verification or marketing communications, we will process your data based on that consent. You can withdraw consent at any time as described above, without affecting the lawfulness of processing before withdrawal. – Legal Obligation: If we have a legal duty to process or retain data (Article 6(1)(c)), such as keeping records for tax compliance or responding to lawful requests, we will do so.

EU/UK Data Subject Rights: In addition to the rights already described (access, correction, deletion, etc.), EU and UK individuals have the right to object to processing and request restriction of processing in certain circumstances, as well as the right to data portability. We have addressed these rights in the Your Rights and Choices section. You also have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you; note that FleetHQ does not engage in solely automated decision-making that has such effects without human involvement. If that ever changes (for example, if we used an algorithm to automatically reject a Renter from renting without any human review), we would provide notice and the ability to request human review.

Complaints: If you believe our processing of your personal data is not in line with the GDPR or applicable law, you have the right to lodge a complaint with a supervisory data protection authority. For example, if you are in the EU, you can contact the data protection authority in your country of residence or work, or where the alleged infringement occurred. We would appreciate the chance to address your concerns directly first, so we encourage you to contact us at tech@fleethq.io to discuss any issues.

International Transfers: As noted, if we transfer your personal data outside of the EEA/UK (for instance, to the U.S.), we will ensure appropriate safeguards are in place. We have incorporated EU Commission-approved Standard Contractual Clauses in our data processing agreements where required, and we continually monitor the legal landscape for international data transfers (including any Schrems II developments) to remain compliant. You can request a copy of the relevant clauses or more info on transfer measures by contacting us.

We are continuously evaluating our privacy practices to move toward full GDPR compliance. While we may not currently be required to appoint an EU representative or DPO due to our size and scope, we intend to uphold GDPR principles of transparency, data minimization, and accountability in handling any EU personal data. We will update this section as our compliance posture evolves.

Children’s Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old. We request that individuals under 13 (or the minimum age required by local law, if higher) do not use our Services or submit any personal data to us. FleetHQ is designed to be used by businesses and adult consumers (Renters) in the context of vehicle rentals, and there is no reason for a child to directly use our platform.

If you are a parent or guardian and you believe that your child under 13 (or under the relevant age of consent in your jurisdiction) has provided personal information to us, please contact us immediately at tech@fleethq.io. We will take steps to promptly delete the information and terminate the child’s account or usage, in accordance with the Children’s Online Privacy Protection Act (COPPA) and other applicable laws.

In certain cases, a Fleet Owner could potentially collect information about a minor (for example, if a parent is renting a vehicle for a teenager or adding a minor as an additional driver). Our policy requires that Fleet Owners not use our platform to collect data from minors without proper consent and compliance, and any such data would be under the Fleet Owner’s responsibility. If we become aware that we processed any child’s data in our role as a service provider, we will work with the Fleet Owner to delete that data unless a legal exception applies.

We do not knowingly “sell” or “share” the personal information of minors under 16, as those terms are defined under applicable law.

Data Breach Notification

FleetHQ has implemented a comprehensive incident response plan to address any data security breaches. In the unlikely event of a data breach that results in unauthorized access to or disclosure of personal information, we will promptly take steps to contain and investigate the incident. If the breach is likely to result in a high risk to the rights and freedoms of individuals, or if otherwise required by law, we will notify affected individuals and relevant authorities without undue delay. Notification to you may occur via email, phone, or a prominent notice on our website, and will include information about the nature of the breach, the data affected (to the extent we know), steps we have taken to secure data, and steps you may consider taking to protect yourself. We will also provide contact information for further inquiries. We may not notify if law enforcement requests a delay (for instance, to support an investigation). Rest assured, we treat your data security seriously and will be transparent about any incidents that occur.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or for other operational reasons. If we make material changes to this Policy, we will notify Fleet Owners by email or through an in-app notification, and update the “Last Updated” date at the top. For less significant changes (like minor updates or clarifications), we may simply post the revised Policy on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use the Services after a revised Policy has been posted, it means you accept the changes (to the extent permitted by law). If you do not agree with any update, you should discontinue use of the Services and may request that we delete your data as per your rights.

In case of substantive changes affecting Renters’ data practices, we will also coordinate with our Fleet Owner customers to facilitate any required notices to Renters. We maintain prior versions of this Privacy Policy for reference, which can be requested if needed.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

FleetHQ, LLC
Attn: Privacy Team
30 N Gould St, Ste R
Sheridan, WY 82801, USA

Email: tech@fleethq.io

We will do our best to address your inquiry promptly and thoroughly. Your privacy is important to us, and we welcome your feedback.

By using FleetHQ’s Services, you acknowledge that you have read this Privacy Policy and understand how we handle your personal information. Thank you for trusting FleetHQ with your fleet management needs. We are dedicated to protecting your privacy and ensuring a safe and reliable experience for all our users.

Log in
Start a Free Trial
Book a Demo