Privacy Policy

1 Information We Collect

We collect information you provide directly when making a reservation or contacting us:

• Identity: Full name, date of birth.
• Contact: Email address, phone number.
• Driver's License: Issuing state or country, license number.
• Passport: Number and issuing country (international drivers only).
• Payment: Credit or debit card details, processed securely through Stripe. We do not store full card numbers on our servers.
• Booking details: Pick-up/return dates and times, location, vehicle selected, add-ons chosen.
• Communications: Messages sent via WhatsApp, email, or our website contact form.
• Newsletter: Email address, if you voluntarily subscribe to our mailing list.

We also collect the following at the time of vehicle handover:

• Pick-up photos: Photographs of your driver's license, passport (if applicable), and the vehicle's condition are taken at pick-up and retained as part of the rental record.
• Drop-off photos: Photographs of the vehicle's condition are taken upon return to document its state at the end of the rental period.

We also collect limited technical data automatically when you visit our website:

• IP address, browser type, device type, and operating system.
• Pages visited and time spent on our website.
• Referring URL (the page that brought you to our site).

2 Sensitive Information

The following categories of information are considered sensitive and are handled with additional care:

• Driver's license number and issuing state/country — collected solely to verify driving eligibility.
• Passport number and issuing country — collected from international drivers only, solely to verify identity at pick-up.
• Date of birth — collected to verify the renter meets our minimum age requirement and to apply applicable age-related fees.
• Payment card data — transmitted directly to Stripe; we never see or store full card numbers.

We use sensitive information exclusively for processing your rental. It is not used to infer characteristics, preferences, or behavioral profiles, and is not sold or shared with third parties for commercial purposes.

3 Vehicle Telematics & GPS

All vehicles in our fleet are equipped with GPS tracking devices. This data is used exclusively for:

• Stolen vehicle recovery — in the event a vehicle is reported stolen or taken outside agreed boundaries, GPS data is used to locate and recover it.
• Unauthorized use detection — to verify that the vehicle is operated within the agreed rental territory (continental United States).
• Emergency assistance — location data may be shared with emergency services in the event of an accident or distress.

4 How We Use Your Information

We use the information we collect to:

• Process and confirm your vehicle reservation.
• Verify driver eligibility and identity at pick-up.
• Document vehicle condition at pick-up and drop-off.
• Process payments and issue receipts.
• Communicate with you about your booking (confirmations, reminders, updates).
• Send our newsletter, if you have subscribed (you may unsubscribe at any time).
• Respond to your questions or support requests.
• Detect and prevent fraud or unauthorized use of our vehicles.
• Comply with legal obligations, including reporting to law enforcement when required.
• Improve our website and services based on aggregated, anonymized usage data.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5 Third-Party Services

To operate our business, we share limited data with the following trusted service providers, each bound by their own privacy policies:

• Stripe — payment processing. Card data is transmitted directly to Stripe and never stored on our servers. stripe.com/privacy.
• Supabase — secure cloud database hosted in the United States, used to store reservation records.
• Netlify — website hosting and serverless backend functions.
• Google Fonts — web typography; Google may log font requests. Google Privacy Policy.
• WhatsApp / Meta — if you contact us via WhatsApp, your messages are subject to Meta's privacy policy.
• Law enforcement & legal authorities — we may disclose personal information when required by applicable law, court order, or governmental authority, or to protect the rights and safety of our business, customers, or the public.

6 Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Reservation records (including pick-up/drop-off photos) are kept for a minimum of 5 years to comply with accounting, tax, and legal obligations.
• Payment records are retained as required by Stripe and applicable financial regulations.
• GPS/telematics data is retained for the duration of the rental and for up to 90 days thereafter, unless required longer due to an active dispute or legal proceeding.
• Newsletter subscriptions are retained until you unsubscribe. Unsubscribing removes you from future mailings but does not affect reservation records.

When data is no longer required, it is securely deleted or anonymized.

7 Data Security

We implement industry-standard measures to protect your information:

• All data transmitted between your browser and our servers is encrypted via HTTPS (TLS).
• Payment data is handled exclusively by Stripe using PCI-DSS compliant infrastructure.
• Database access is restricted to authorized personnel only, protected by role-based access controls.
• Sensitive credentials (API keys, secret keys) are stored as encrypted environment variables and are never included in source code.
• You are responsible for keeping any login credentials (if applicable) confidential and for notifying us immediately of any unauthorized access.

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

8 Cookies & Analytics

Our website uses a small number of cookies and local storage entries:

• Language preference (epure_lang) — stores your selected language (English or Spanish). No expiry; deleted when you clear browser data.
• Session cookie — if you access the admin panel, a secure session token is stored by Supabase Auth for authentication. It expires automatically on logout or session timeout.

We do not currently use advertising cookies, third-party tracking pixels, or cross-site tracking tools. If we introduce analytics in the future, this policy will be updated before deployment.

Do Not Track (DNT): We respect browser Do Not Track signals. When DNT is enabled, we do not load any optional tracking scripts.

9 Your Privacy Choices

• Newsletter opt-out: Every newsletter email includes an unsubscribe link. You may also contact us directly to be removed from our mailing list.
• Cookies: You can disable cookies through your browser settings. Note that disabling cookies may affect the functionality of our website.
• Do Not Track: Enable the DNT setting in your browser to signal that you do not wish to be tracked. We honor this signal.
• Data access or deletion: You may request a copy of your personal data or ask for its deletion at any time (subject to our legal retention obligations). See Section 10 for how to submit a request.

10 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to our legal retention obligations.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to certain types of processing, including direct marketing.

To exercise any of these rights, contact us via WhatsApp at (786) 209-6770 or by email at route305.rental@gmail.com. We will respond within 30 days.

11 International Users & Data Transfers

éPure Drive is based in Aventura, Florida, United States. We welcome customers from around the world, and we want to be transparent about how your data is handled across borders.

When you make a reservation or contact us from outside the United States, your personal information is transferred to and processed in the United States. Our infrastructure providers (Supabase, Netlify, Stripe) also process data in the United States and, in some cases, other countries.

Data protection laws in the United States may differ from those in your home country — including the EU's General Data Protection Regulation (GDPR), Canada's PIPEDA, or the laws of Latin American countries. By using our services, you acknowledge and consent to this transfer and processing in accordance with this Privacy Policy.

If you have questions about how your data is protected during international transfers, please contact us.

12 External Links

Our website may contain links to third-party websites (such as Stripe, Google, or WhatsApp). These links are provided for your convenience only. We have no control over the content or privacy practices of those sites and are not responsible for their privacy policies.

We encourage you to review the privacy policy of any third-party site you visit through a link on our website.

13 Children's Privacy

Our services are intended for adults only. We do not knowingly collect personal information from anyone under the age of 21. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it promptly.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our services after any changes constitutes your acceptance of the updated policy.

15 Contact Us

For any questions, concerns, or data requests regarding this Privacy Policy, please contact us:

• Business: éPure Drive / Route 305 Rental Car
• Address: 19707 Turnberry Way, Aventura, FL 33180
• WhatsApp: (786) 209-6770
• Email: route305.rental@gmail.com