APPROVEXAAPPROVEX

FLEET
All-in platform for rental owners

Privacy Policy

Last Updated: November 7, 2025

This Privacy Policy describes how APPROVEX ("we," "our," or "the Platform") collects, uses, and protects your personal information when you use our car rental management platform and services (collectively, the "Service"). The Service is provided through our website at approvex.io and our platform at fleet.approvex.io. By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide to Us

Account Information

  • Name and Email Address: Required for account creation and authentication
  • Password: Encrypted and stored securely (we cannot access your password in plain text)
  • Avatar/Profile Picture: Optional profile image you upload
  • Locale/Language Preference: Your preferred language for the interface
  • Referral Source: If you were referred by another user

Company Information (for Rental Companies)

  • Company Name, Phone, Email, Address: Business contact information
  • Company Logo: Visual branding for your rental business
  • Tax Rate: Business tax configuration
  • Terms and Conditions: Your rental terms text
  • About Text: Company description for public display
  • Website URL: Your company website
  • Location Data: Home base address and coordinates for delivery calculations
  • Delivery Settings: Configuration for delivery fees and options

Customer Information (for End Users)

  • Full Name: Required for booking
  • Phone Number: Contact information
  • Email Address: Required for booking confirmations and communication
  • Delivery Address: When requesting vehicle delivery
  • Location Coordinates: For address-based delivery calculations

Booking Information

  • Pickup and Return Dates: Rental period
  • Vehicle Selection: Chosen vehicle and additional services
  • Payment Information: Processed securely through Stripe (we do not store full card details)
  • Digital Signatures: Contract signatures captured during booking process
  • Check-in/Check-out Data: Odometer, fuel, photos, and notes

Communication Data

  • Chat Messages: Conversations between you and rental companies
  • Support Tickets: Support requests and correspondence
  • Email Correspondence: Communications sent through our system

Review Data

  • Customer Name and Email: For review verification
  • Ratings: Numerical ratings for vehicles/companies
  • Review Comments: Written feedback

Marketing and Analytics

  • Facebook Pixel Data: If companies enable Facebook tracking
  • Google Analytics Data: If companies enable Google Analytics
  • Google Ads Conversion Data: If companies enable conversion tracking
  • IP Address: For security and analytics purposes
  • Browser Information: Device and browser type for optimization

1.2 Information Automatically Collected

  • Usage Data: How you interact with the Service
  • Device Information: Device type, operating system, browser type
  • Log Data: IP addresses, access times, pages viewed
  • Session Cookies: For authentication and session management
  • Location Data: When you provide delivery addresses or use location-based features

1.3 Information from Third Parties

  • Stripe: Payment processing data (we receive confirmation of payments, not full card details)
  • Google Services: OAuth authentication data (if you connect Google Analytics/Ads)
  • Facebook: Advertising analytics data (if companies enable Facebook Pixel)

2. How We Use Your Information

2.1 To Provide Our Services

  • Create and manage your account
  • Process bookings and rental transactions
  • Generate and manage rental contracts with digital signatures
  • Calculate pricing, taxes, and delivery fees
  • Send booking confirmations, reminders, and updates
  • Facilitate communication between rental companies and customers
  • Process payments through Stripe
  • Manage subscriptions for rental companies
  • Provide customer support through tickets and chat

2.2 To Improve Our Services

  • Analyze usage patterns to enhance user experience
  • Optimize platform performance
  • Develop new features based on user needs
  • Conduct security monitoring and fraud prevention

2.3 For Marketing and Analytics

For Rental Companies:

  • Provide analytics dashboards showing booking statistics
  • Enable integration with Facebook Pixel and Google Analytics (if enabled by company)
  • Track conversions and marketing performance (if enabled)

For Platform:

  • Send service-related announcements
  • Administer referral programs
  • Analyze platform usage and trends

2.5 Meta Pixel and Meta Conversions API

To optimize our marketing and understand how people engage with our platform, we use both the Meta Pixel (browser script) and the Meta Conversions API (server-to-server requests) under Pixel ID 1177819904208612. Events sent from the browser and server share the same event_id to allow Meta to deduplicate them. Server requests are sent to https://graph.facebook.com/v17.0/<PIXEL_ID>/events with action_source=website.

  • Authentication: The Conversions API access token is stored securely on our server in the PLATFORM_FACEBOOK_ACCESS_TOKEN environment variable and is never exposed to the client. Events are dispatched only when a valid token is present.
  • Testing: For QA we may set PLATFORM_FACEBOOK_TEST_EVENT_CODE to route traffic to Meta's Test Events tool. This value remains empty in production so that live traffic is not marked as test data.

Browser Events (Meta Pixel)

  • PageView
  • ViewContent
  • Lead
  • InitiateCheckout
  • CompleteRegistration
  • Subscribe
  • Purchase
  • Custom analytics events (for example, TestEvent during QA)

Server Events (Meta Conversions API)

  • CompleteRegistration — after successful account creation
  • Subscribe — when a subscription (including trials) is activated via Stripe Checkout
  • Purchase — when Stripe confirms payment (invoice.payment_succeeded webhook)
  • CancelSubscription — when a subscription is cancelled
  • SubscriptionPaymentFailed — when a payment attempt fails
  • TestEvent — used exclusively when a Meta test event code is provided

User Data Sent to Meta

We follow Meta's requirements and hash all fields that must be hashed with SHA-256 before transmission unless otherwise noted:

  • Hashed: email (em), phone (ph, E.164 format), first and last name (fn, ln), date of birth (db), city (ct), state (st), zip/postal code (zp), country (country), gender (ge), and any company details collected during onboarding to improve match rates.
  • Plain text identifiers: external_id (internal user ID), subscription_id, stripe_subscription_id, lead_id, click_id (fbclid), partner_id, and browser_id when available.
  • Device data: client_ip_address, client_user_agent, and Meta cookies _fbp and _fbc are sent in their original format.

Custom Data Payload

  • Commerce details: currency (default USD), value, content_type (subscription), content_ids (for example, ["subscription_basic"]), and contents arrays with item pricing.
  • Subscription context: subscription_plan, subscription_id, stripe_subscription_id, order_id (Stripe invoice ID), billing_reason, invoice_status, payment_attempt_count, due_date, trial, trial_ends_at, and expires_at.
  • Attribution metadata: referral_code, user_id, company_id, company_slug, locale, and any stored UTM parameters (source, medium, campaign, term, content) from Stripe invoice metadata.

Debugging and Logging

  • Client-side Pixel events are dispatched through helper scripts embedded in our layout.
  • Server-side Conversions API calls are logged in Laravel for monitoring and troubleshooting.
  • If the Conversions API token is missing, the event is skipped and we log the omission.

2.4 Legal and Compliance

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect rights, property, and safety of users
  • Respond to legal requests and prevent harm

3. Data Sharing and Disclosure

3.1 Public Information

When rental companies publish their public rental pages:

  • Company Information: Company name, logo, description, contact details
  • Vehicle Information: Vehicle listings, photos, descriptions, pricing
  • Reviews: Published reviews with customer names (if approved)

3.2 Service Providers

We share information with trusted third-party service providers:

  • Stripe: Payment processing (subject to Stripe's Privacy Policy)
  • Email Service Providers: For sending transactional emails
  • Hosting Providers: Secure data storage and hosting
  • Analytics Providers: Google Analytics, Facebook Pixel (only if enabled by companies)
  • Meta Platforms, Inc.: Receives Meta Pixel and Meta Conversions API events for advertising analytics and conversion tracking

3.3 Between Users

  • Rental Companies: Can see customer information for bookings they receive
  • Customers: Can see company information on public pages
  • Chat Messages: Shared between rental companies and their customers

3.4 Legal Requirements

  • Comply with legal processes
  • Protect our rights and property
  • Prevent fraud or abuse
  • Protect user safety

3.5 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

4. Data Storage and Security

4.1 Data Storage

  • Your data is stored on secure servers
  • We use encryption for sensitive data transmission (HTTPS/TLS)
  • Passwords are hashed using industry-standard encryption
  • Payment information is processed by Stripe and never stored on our servers

4.2 Security Measures

  • Secure authentication using Laravel Sanctum
  • Regular security updates and patches
  • Access controls and authentication requirements
  • Secure session management
  • HTTPS encryption for all communications
  • Hashing personal identifiers with SHA-256 before they are transmitted to Meta or other analytics partners
  • Restricting Meta Conversions API tokens to server-side environment variables

4.3 Data Retention

  • Account Data: Retained while your account is active
  • Booking Data: Retained as required for business and legal purposes
  • Photos and Documents: Retained for the duration of bookings and as legally required
  • Marketing Data: Retained per company settings and legal requirements
  • You may request deletion of your account and associated data (subject to legal retention requirements)

5. Your Rights and Choices

5.1 Access and Updates

  • Access Your Data: View your account information, bookings, and settings
  • Update Your Data: Modify your profile, company information, and preferences
  • Delete Your Account: Request account deletion (some data may be retained for legal compliance)

5.2 Communication Preferences

  • Email Notifications: You can manage email notification preferences
  • Marketing Communications: Opt-out of marketing emails (transactional emails will still be sent)
  • Unsubscribe: Use unsubscribe links in emails

5.3 Data Portability

  • Export your booking data and company information
  • Request a copy of your personal data in a structured format

5.4 Cookie Preferences

  • Most browsers allow you to control cookies through settings
  • Note: Disabling cookies may affect Service functionality

5.5 Tracking and Analytics

  • Rental Companies: Can enable/disable Facebook Pixel and Google Analytics for their public pages
  • Customers: Third-party tracking is controlled by the rental company's settings
  • You can use browser settings or extensions to block tracking cookies

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

Essential Cookies: Required for Service functionality

  • Session cookies for authentication
  • Security cookies for CSRF protection
  • Preference cookies for language and settings

Analytics Cookies: Used by rental companies (if enabled)

  • Meta marketing cookies (_fbp, _fbc)
  • Google Analytics cookies
  • Google Ads cookies

6.2 Third-Party Cookies

  • Facebook Pixel: Tracks page views, leads, purchases, and registrations; we create _fbp if it is missing and populate _fbc from fbclid parameters when needed for attribution
  • Google Analytics: Tracks website usage and analytics
  • Google Ads: Tracks conversions for advertising
  • Stripe: Uses cookies for payment processing

Meta cookies are categorised as marketing/advertising cookies in our banner. They support deduplication between browser and server events.

6.3 Cookie Management

  • You can control cookies through browser settings
  • Disabling cookies may impact Service functionality
  • Some features require cookies to function properly

7. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

8. International Data Transfers

Our Service is currently available only in the United States. Your information is primarily processed and stored within the United States. If you access our Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using our Service, you consent to the transfer of your information to the United States.

8.1 GDPR (European Users)

  • You have additional rights under GDPR
  • Right to access, rectify, erase, restrict processing, data portability
  • Right to object to processing and withdraw consent
  • Right to lodge a complaint with a supervisory authority

9. California Privacy Rights (CCPA)

  • Right to Know: Request information about personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal information)
  • Non-Discrimination: We will not discriminate for exercising your privacy rights

10. Digital Signatures and Contracts

  • Storage: Signatures are stored securely as part of booking records
  • Purpose: To create legally binding rental contracts
  • Retention: Retained for legal and business purposes
  • Access: Accessible to you, the rental company, and authorized platform administrators

11. Payment Information

  • Payment Processing: Handled securely by Stripe
  • Data Storage: We do not store full credit card numbers or CVV codes
  • Stripe's Role: Payment information is subject to Stripe's Privacy Policy
  • Transaction Data: We store transaction IDs, amounts, and payment status for booking records

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and sending email notifications for material changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

  • Email: privacy@approvex.io
  • Website: https://approvex.io
  • Platform: https://fleet.approvex.io
  • Support Tickets: Submit through the platform
  • Address: 5830 E 2nd St, Ste 7000 #18761, Casper, Wyoming 82609 USA

13.1 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at: privacy@approvex.io

14. Rental Company Responsibilities

  • Complying with applicable privacy laws in their jurisdiction
  • Obtaining necessary consents from customers
  • Properly configuring tracking tools (Facebook Pixel, Google Analytics)
  • Protecting customer information they receive
  • Having their own privacy policies if required by law

By using APPROVEX, you acknowledge that you have read, understood, and agree to this Privacy Policy.