1. Introduction & controller information

Fleetiqo, LLC ("Fleetiqo", "we", "us", or "our") — a limited liability company organized under the laws of the State of Delaware, United States — is the data controller for personal information collected through the Fleetiqo website (https://fleetiqo.com) and the Fleetiqo dashboard / mobile apps (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard that information.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use the Service.

This Privacy Policy is written to comply with:

European Union — General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the ePrivacy Directive
United Kingdom — UK GDPR & Data Protection Act 2018
California — Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA)
Virginia — Consumer Data Protection Act (VCDPA)
Colorado — Privacy Act (CPA)
Connecticut — Data Privacy Act (CTDPA)
Utah — Consumer Privacy Act (UCPA)
Texas — Data Privacy and Security Act (TDPSA)
Oregon — Consumer Privacy Act (OCPA)
Montana — Consumer Data Privacy Act (MTCDPA)
Iowa — Consumer Data Protection Act
Delaware, Indiana, Tennessee, Florida — applicable consumer privacy acts
Canada — PIPEDA (Personal Information Protection and Electronic Documents Act)
Brazil — LGPD (Lei Geral de Proteção de Dados)
Children's Online Privacy Protection Act (COPPA) — US under-13s
Apple App Store and Google Play store privacy requirements

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

Name
Email address
Phone number
Company name (optional)
Password (encrypted)

Vehicle and Fleet Data:

Vehicle information (make, model, year, VIN, license plate)
Vehicle photos and documents
Maintenance records
Expense records
Rental information
Mileage data
Insurance information

Payment Information:

Credit card information (processed securely by Stripe - we do not store full card numbers)
Billing address
Transaction history
Apple ID payment information (for mobile app subscriptions)

Communications:

Support tickets and correspondence
Feedback and survey responses
Chat messages with support team

2.2 Information Collected Automatically

Device Information:

Device type and model
Operating system and version
Unique device identifiers
Mobile network information
Device settings

Usage Information:

Pages visited and features used
Time spent on pages
Click patterns and navigation paths
Search queries
Error logs and crash reports

Location Information:

IP address
Approximate location (city, state, country)
GPS location (only when you use location-based features and grant permission)

Cookies and Tracking Technologies:

Session cookies
Persistent cookies
Analytics cookies
Local storage

2.3 Information from Third Parties

Payment processors (Stripe, Apple)
Analytics providers
Social media platforms (if you connect your account)
Public databases (for vehicle information verification)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Provide and Maintain the Service

Create and manage your account
Process your transactions and subscriptions
Store and manage your vehicle data
Provide customer support
Send service-related notifications
Backup and secure your data

3.2 Improve and Develop the Service

Analyze usage patterns and trends
Develop new features and functionality
Conduct research and analytics
Test and optimize performance
Fix bugs and technical issues

3.3 Communicate with You

Send account updates and notifications
Respond to your inquiries and support requests
Send marketing communications (with your consent)
Conduct surveys and request feedback
Send important service announcements

3.4 Security and Fraud Prevention

Detect and prevent fraud
Protect against security threats
Monitor for suspicious activity
Enforce our Terms of Service
Comply with legal obligations

3.5 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and court orders
Protect our legal rights
Resolve disputes

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

4.1 Contractual Necessity

Processing is necessary to perform our contract with you (providing the Service).

4.2 Legitimate Interests

Processing is necessary for our legitimate interests, such as:

Improving the Service
Ensuring security
Analyzing usage
Marketing (where permitted)

4.3 Consent

You have given explicit consent for specific processing activities, such as:

Marketing communications
Location tracking
Optional data collection

4.4 Legal Obligation

Processing is necessary to comply with legal obligations.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

Payment processing: Stripe, Inc. and Apple In-App Purchase
Identity verification: Stripe Identity (booking-flow driver-license checks)
File storage: Cloudflare R2 (vehicle photos, documents, support attachments)
Email — outbound marketing: Resend
Email — transactional: customer-supplied SMTP (e.g. Gmail, Postmark)
Integrations: Google Cloud Pub/Sub and Microsoft Graph (Turo email sync only), Tesla Fleet API
Infrastructure: Hostinger (VPS hosting and DNS)

The current, authoritative list of sub-processors — including the data categories processed and processing location — is published at /sub-processors. Each provider is bound by a written data-processing agreement requiring them to protect your information and use it only to deliver the contracted service.

5.2 Co-Hosts and Team Members

If you add co-hosts or team members to your account, they will have access to the vehicle and fleet data you share with them.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5.4 Legal Requirements

We may disclose your information if required by law or in response to:

Court orders or subpoenas
Legal processes
Government requests
Protection of our rights and safety
Investigation of fraud or security issues

5.5 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to:

Provide the Service to you
Comply with legal obligations
Resolve disputes
Enforce our agreements

6.1 Active Accounts

While your account is active, we retain all your data to provide the Service.

6.2 Deleted Accounts

When you delete your account:

Your personal data is deleted within 30 days
Some data may be retained for legal or security purposes
Backup copies may persist for up to 90 days
Anonymized data may be retained for analytics

6.3 Inactive Accounts

Accounts inactive for more than 3 years may be deleted after notice is provided.

7. Your Privacy Rights

7.1 All Users

You have the right to:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate data
Deletion: Request deletion of your account and data
Export: Download your data in a portable format
Opt-Out: Unsubscribe from marketing communications

7.2 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights:

Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion (Right to be Forgotten)
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time
Right to Lodge a Complaint: File a complaint with your supervisory authority

7.3 CCPA/CPRA Rights (California Users)

If you are a California resident, you have the right to:

Know: What personal information we collect and how we use it
Delete: Request deletion of your personal information
Opt-Out: Opt-out of sale of personal information (we do not sell data)
Non-Discrimination: Not be discriminated against for exercising your rights
Correct: Request correction of inaccurate information
Limit: Limit use of sensitive personal information

7.4 How to Exercise Your Rights

To exercise any of these rights:

Email us at: privacy@fleetiqo.com
Use the account settings in the app
Contact support at: support@fleetiqo.com

We will respond to your request within 30 days (or as required by applicable law).

8. Data Security

We implement industry-standard security measures to protect your personal information:

8.1 Technical Measures

Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
Secure Servers: Data stored on secure, monitored servers
Access Controls: Strict access controls and authentication
Firewalls: Network security and firewalls
Regular Backups: Automated backups for data recovery

8.2 Organizational Measures

Employee training on data protection
Confidentiality agreements with staff
Regular security audits and assessments
Incident response procedures
Data protection impact assessments

8.3 Your Responsibility

You are responsible for:

Keeping your password secure
Not sharing your account credentials
Logging out of shared devices
Reporting security incidents

8.4 Data Breach Notification

In the event of a data breach, we will:

Notify affected users within 72 hours (as required by GDPR)
Notify relevant authorities
Take immediate action to secure data
Provide information about the breach and remediation steps

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States.

9.1 EU to US Transfers

For transfers from the EU to the US, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequate safeguards as required by GDPR
Your explicit consent where required

9.2 Data Protection

We ensure that all international transfers comply with applicable data protection laws and that your data receives adequate protection.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Essential Cookies:

Required for the Service to function
Session management and authentication
Cannot be disabled

Analytics Cookies:

Help us understand how you use the Service
Google Analytics
Can be disabled in settings

Functional Cookies:

Remember your preferences
Enhance user experience
Can be disabled in settings

10.2 Managing Cookies

You can control cookies through:

Your browser settings
Our cookie consent banner
Account settings in the app

Note: Disabling essential cookies may affect Service functionality.

10.3 Do Not Track

We currently do not respond to Do Not Track (DNT) signals. We will update this policy if we implement DNT support.

11. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If we discover that we have collected information from a child under 18:

We will delete the information immediately
We will terminate the account
We will notify the parent or guardian if possible

If you believe we have collected information from a child under 18, please contact us at privacy@fleetiqo.com.

12. Third-Party Links and Services

The Service may contain links to third-party websites and services. This Privacy Policy does not apply to those third parties.

We are not responsible for:

Privacy practices of third-party websites
Content on third-party websites
Data collection by third parties

We encourage you to review the privacy policies of any third-party services you use.

13. Marketing Communications

13.1 Types of Communications

We may send you:

Service updates and announcements
New feature notifications
Tips and best practices
Promotional offers (with consent)
Newsletters (with consent)

13.2 Opt-Out

You can opt-out of marketing communications by:

Clicking "unsubscribe" in any email
Updating preferences in account settings
Contacting support@fleetiqo.com

Note: You cannot opt-out of essential service communications (e.g., security alerts, billing notifications).

14. California Shine the Light Law

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes.

To make such a request, contact us at: privacy@fleetiqo.com

Note: We do not share personal information with third parties for their direct marketing purposes.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website
Sending an email to your registered email address
Displaying a notice in the Service
Requesting your consent where required by law

The "Last Updated" date at the top of this policy indicates when it was last revised.

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

16. Data Protection Officer

For questions about data protection and privacy, you can contact our Data Protection Officer:

Email: privacy@fleetiqo.com
Subject Line: Data Protection Inquiry

17. Supervisory Authority

If you are in the European Union and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

You can find your supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

18. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@fleetiqo.com
Support: support@fleetiqo.com
Data Protection Officer: privacy@fleetiqo.com
Website: https://fleetiqo.com

We will respond to your inquiry within 30 days.

19. US state privacy rights — beyond California

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, Indiana, Tennessee, or Florida, you have rights similar to those under CCPA/CPRA — to know what categories of personal information we collect, to access and correct it, to delete it, to obtain a portable copy, and to opt out of certain processing activities including "targeted advertising", "sale" of personal information, and "profiling in furtherance of decisions producing legal or similar effects". We do not sell personal information in the colloquial sense, but the laws above define "sale" broadly to include some forms of sharing with third parties for cross-context behavioral advertising. Out of an abundance of caution we treat all our analytics-cookie sharing as in-scope and honor opt-outs identically.

To exercise any state-law right, email privacy@fleetiqo.com with your name, state of residence, and the right you're exercising. We verify the request by matching the requesting email to an existing account; for non-account holders we may ask for additional information sufficient to confirm identity. Responses are sent within 45 days (extendable once by 45 days if reasonably necessary, with notice). You may also use a recognized opt-out signal such as the Global Privacy Control (GPC) header — our cookie consent system honors GPC as a valid analytics opt-out.

We do not discriminate against any user who exercises a privacy right (no price changes, no service-level changes, no withholding of features).

Authorized agents: if a third party submits a request on your behalf, we will ask for written authorization signed by you and may verify the request directly with you before fulfilling it.

20. EU / UK residents & supervisory authorities

Fleetiqo, LLC is established in the United States and has no offices, employees, or legal establishment in the European Union, United Kingdom, or European Economic Area. The Service is primarily directed at users in the United States and Canada, but is technically accessible from anywhere.

If you reside in the EU, EEA, or UK and use the Service, we will still honor the rights described above (access, rectification, erasure, portability, restriction, objection) on a best-effort basis. Send requests to privacy@fleetiqo.com — we respond within 30 days. We do not currently maintain an Article 27 representative; this is a known gap that we'll close if our EU user base grows materially.

You may also lodge a complaint with the supervisory authority in your country of residence — the EDPB publishes the full list at edpb.europa.eu; UK residents can contact the ICO at ico.org.uk.

21. Sub-processors

We use service providers ("sub-processors") to deliver the Service — payment processors, email senders, cloud storage, and so on. The current list is published at /sub-processors and is also attached as Annex II to our Data Processing Addendum (/dpa). When we add or replace a sub-processor that materially affects how customer personal data is handled, we notify B2B customers on the public-DPA list at least 30 days in advance, per Art. 28(2) GDPR.

22. DMCA / copyright infringement notices

If you believe content hosted through the Service infringes your copyright, send a notice meeting the requirements of 17 U.S.C. § 512(c)(3) to our designated agent:

Designated DMCA agent: Fleetiqo, LLC — Legal
Email: dmca@fleetiqo.com
Postal address: 1130 Ogletown Road, Ste #2, Newark, DE 19711, USA

A valid notice must include: (i) physical or electronic signature of the owner or authorized agent; (ii) identification of the copyrighted work; (iii) identification of the infringing material and its location on the Service; (iv) your contact information; (v) a statement of good-faith belief that use is not authorized; and (vi) a statement under penalty of perjury that the information is accurate and you are authorized to act.

We respond to valid notices by removing or disabling access to the material and notifying the user who posted it. Counter-notifications can be sent to the same address.

23. Personal data breach notification

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities without undue delay — within 72 hours where required by Art. 33 GDPR. The notification will include the nature of the breach, categories and approximate number of records affected, likely consequences, and the measures we've taken or propose to take to address it.

State-specific breach-notification laws (e.g. California Civil Code § 1798.82, NY SHIELD Act, etc.) apply where they require shorter timelines or different content; we follow whichever standard is stricter for residents of that jurisdiction.

24. Acknowledgment

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND AGREE TO ITS TERMS.