Privacy Policy

This Privacy Policy applies to personal data that we collect as a data controller, such as:

• Visitors to our public website.
• Tenants who register for an account and use the Service.
• People who contact us (for example, via email or support forms).

When Tenants use the Service to collect or store information about their own customers (“End Users”), the Tenant is the data controller for that information and éPure acts as a data processor on the Tenant's behalf. End Users with questions about how a Tenant handles their data should contact the Tenant directly.

Account information: name, email address, business name, password hash, and role (for example, admin, staff).

Billing information: subscription plan, invoice history, and the last four digits of your payment card. Full card details are handled by Stripe and are never stored on our servers.

Usage data: pages visited, features used, timestamps, IP address, browser type, device type, and operating system. This data helps us understand how the Service is used and improve it.

Support communications: messages you send us via email, chat, or support forms, along with any attachments.

Cookies & similar technologies: see Section 6 and our Cookie Policy.

Tenants may upload or store information about their End Users via the Service, such as customer names, contact details, driver's license information, rental history, and signed rental agreements.

éPure processes this information solely on the instructions of the Tenant and only as necessary to provide the Service. We do not sell, rent, or use End User data for our own marketing purposes.

If you are an End User and want to exercise a right over your data (access, correction, deletion, etc.), please contact the Tenant that collected your data. We will cooperate with the Tenant to honor valid requests.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process subscriptions, payments, and invoices.
• Send transactional emails (welcome, billing, password reset, support replies, product notices).
• Respond to support requests and troubleshoot issues.
• Monitor usage, prevent abuse, and secure the Service.
• Improve the Service and develop new features.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data. We do not use your data to train third-party AI models.

Where applicable law (such as the EU or UK GDPR) requires us to identify a legal basis, we rely on the following:

• Contract: to provide the Service, process payments, and fulfill our obligations under the Terms of Service.
• Legitimate interests: to secure the Service, prevent fraud, improve our product, and run our business — balanced against your interests and rights.
• Consent: for non-essential cookies and analytics, and for any optional marketing communications.
• Legal obligation: to comply with accounting, tax, and other legal requirements.

We use cookies and similar technologies for the following purposes:

• Essential cookies: required to operate the Service (for example, to keep you signed in). These cannot be disabled.
• Analytics cookies: we use Google Analytics 4 to understand how visitors use our website (pages, sessions, events). Analytics are loaded only after you grant consent via our cookie banner.
• Preference cookies: to remember your preferences (for example, cookie consent choice).

You can manage your cookie preferences at any time through the cookie banner on our website or through your browser settings. For a detailed list of all cookies we use, see our Cookie Policy.

We rely on a small set of trusted third-party providers to operate the Service:

We enter into data processing agreements with each sub-processor and require them to apply appropriate security and confidentiality safeguards.

We do not sell your personal data. We share personal data only in the following limited circumstances:

• With sub-processors listed in Section 7, strictly to operate the Service.
• With your consent — for example, if you explicitly authorize an integration with a third-party tool.
• To comply with legal obligations — such as valid subpoenas, court orders, or government requests.
• To protect rights and safety — for example, to investigate fraud, abuse, or security incidents.
• In a business transfer — if éPure is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to this Privacy Policy.

We retain personal data for as long as necessary to provide the Service and to comply with our legal obligations.

• Account data: retained for the life of the account and for a reasonable period after account closure to allow recovery and to comply with legal/accounting obligations.
• Billing records: retained for at least seven (7) years to comply with US tax and accounting rules.
• Support communications: retained for as long as needed to resolve issues and improve support quality.
• Analytics data: retained in aggregated form; individual records are deleted in line with the analytics provider's retention settings.

You may request deletion of your account and associated data at any time, subject to the legal retention periods above.

We apply technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit (TLS) and at rest.
• Row-level security on the database.
• Authentication, session management, and role-based access control.
• Rate limiting and abuse detection.
• Restricted administrative access on a need-to-know basis.

No system is perfectly secure. If we become aware of a data breach that affects your personal data, we will notify you as required by applicable law.

éPure is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US and other countries where our sub-processors operate. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) to protect your data.

Depending on your location, you may have the following rights over your personal data:

• Access — obtain a copy of the personal data we hold about you.
• Correction — request that inaccurate or incomplete data be corrected.
• Deletion — request that we delete your personal data, subject to legal retention requirements.
• Restriction — request that we limit the processing of your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time.
• Non-discrimination — we will not discriminate against you for exercising any privacy right.

To exercise any of these rights, email us at support@epuredrive.com. We may ask you to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority.

The Service is not directed to children under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or via an in-app notice at least 14 days before they take effect. The “Last updated” date at the top of this page will always reflect the latest revision.

For any questions, concerns, or data requests:

• Business: éPure LLC
• Phone: +1 (561) 546-1461
• Email: support@epuredrive.com

See also our Terms of Service and Cookie Policy.