fleetgrowGet started

Privacy Policy

Last updated: May 28, 2026

1. Introduction

FleetGrow (“FleetGrow,” “we,” “us,” or “our”) operates the website and application at fleetgrow.app (the “Service”). This Privacy Policy describes how we collect, use, disclose, and safeguard information about you when you use the Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information you provide directly

  • Account data: name, email address, and password when you create an account.
  • Fleet data: vehicle records (VIN, make, model, year, photos, license plates), trip logs, maintenance records, and financial entries you input.
  • Documents: files you upload, such as insurance cards, vehicle registrations, or inspection certificates.
  • Settings and preferences: notification preferences, service intervals, and other configuration you set.

2.2 Information collected automatically

  • Usage data: pages visited, features used, actions taken, and timestamps within the application.
  • Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution.
  • Authentication tokens: session cookies and tokens used to keep you signed in.
  • Log data: server logs including request times, error codes, and referrer URLs.

2.3 Information from third parties

  • Google OAuth: if you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.
  • NHTSA vPIC API:when you enter a VIN, we query the U.S. National Highway Traffic Safety Administration public API to decode vehicle information. This query sends the VIN to NHTSA’s public servers.

3. How We Use Your Information

We use collected information to:

  • Create and maintain your account and authenticate your identity.
  • Provide and operate the Service, including storing and displaying your fleet data.
  • Send transactional emails such as email verification, password resets, and renewal reminders.
  • Notify you of expiring documents, maintenance intervals, and other alerts you configure.
  • Analyze usage patterns to improve the Service.
  • Investigate and prevent fraud, abuse, or violations of our terms.
  • Comply with applicable legal obligations.

We do not use your fleet or business data for advertising, and we do not sell or rent your data to third parties.

4. How We Share Your Information

We do not sell your personal information. We share data only in the following limited circumstances:

  • Service providers (sub-processors): we use third-party services that process data on our behalf:
    • Supabase (database, authentication, and file storage) — data is stored on servers we control, hosted on Hetzner infrastructure in the EU.
    • Brevo (formerly Sendinblue) — transactional email delivery (verification, alerts, reminders).
    • Google — OAuth authentication (if used) and Places autocomplete for location inputs.
    • Hetzner / Coolify — server hosting and deployment infrastructure.
  • Legal requirements: we may disclose data when required by law, subpoena, court order, or other governmental demand.
  • Business transfer: if FleetGrow is acquired or merges with another company, your data may be transferred as part of that transaction, subject to equivalent privacy protections.
  • With your consent: we may share data for any other purpose with your explicit consent.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service:

  • Authentication cookies: necessary to keep you signed in across page loads.
  • Preference cookies: to remember your settings between sessions.

We do not currently use advertising cookies, cross-site tracking pixels, or third-party analytics cookies. If this changes, we will update this policy and, where required, obtain your consent.

You can configure your browser to block or delete cookies. Note that blocking authentication cookies will prevent you from signing in.

6. Data Retention

We retain your account and fleet data for as long as your account is active. If you delete your account, we delete your personal data and fleet records within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

Server logs are retained for up to 90 days for security and debugging purposes.

7. Security

We take reasonable technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS).
  • Row-level security (RLS) policies in our database, ensuring users can only access their own data.
  • Secure authentication handled by Supabase Auth, with password hashing and session management.
  • No storage of payment card data (we do not currently process payments).

No system is perfectly secure. We cannot guarantee absolute security of your information. If you suspect unauthorized access to your account, contact us immediately.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: request deletion of personal information we have collected, subject to certain exceptions.
  • Right to correct: request correction of inaccurate personal information we maintain.
  • Right to opt out of sale: we do not sell your personal information. No opt-out is needed.
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 45 days as required by law.

9. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

10. International Data Transfers

FleetGrow is operated in the United States. Your data is stored on servers located in the EU (Hetzner). If you access the Service from outside the United States, your data may be transferred to and processed in countries with different privacy laws than your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top and, for material changes, notify you by email or via a notice within the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

FleetGrow

Email: [email protected]

United States