Privacy Policy

    Last updated: February 15, 2026

    1. Introduction

    Dushi Drive Fleet ("we", "us", "our") operates the Dushi Drive Fleet platform. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our Service.

    We act as a data processor on behalf of our Tenants (the rental agencies who subscribe to our Service). Each Tenant acts as the data controller for the customer data they input into the platform.

    2. Information We Collect

    Account Information

    When you register, we collect your email address, full name, and authentication credentials.

    Tenant-Managed Data

    Tenants may input the following data into the Service on behalf of their business operations:

    • Customer names and phone numbers (for booking records)
    • Vehicle details (make, model, plate numbers, photos)
    • Booking information (dates, locations, flight numbers, references)
    • Partner and employee user accounts

    Automatically Collected Data

    We may collect usage data such as login timestamps, IP addresses, and browser type for security and performance monitoring.

    3. How We Use Information

    We use collected information to:

    • Provide and maintain the Service
    • Authenticate users and enforce access controls
    • Process and display booking and vehicle data within tenant-scoped views
    • Send service-related notifications (e.g., account approval, system updates)
    • Monitor and improve platform security, performance, and reliability
    • Generate anonymized, aggregated analytics for Service improvement

    We do not sell, rent, or share personal data with third parties for marketing purposes.

    4. Data Isolation & Multi-Tenancy

    The Service uses a multi-tenant architecture with strict data isolation. Each Tenant's data is segregated using row-level security policies enforced at the database level. No Tenant can access, view, or modify data belonging to another Tenant.

    5. Third-Party Integrations

    The Service may integrate with third-party services when configured by the Tenant:

    • Gmail API: If enabled, used to parse booking confirmation emails. OAuth credentials are stored securely and scoped to the Tenant.
    • Webhook endpoints: External booking systems may send data via webhooks. Tenants are responsible for securing their webhook integrations.

    We only access third-party services on behalf of Tenants who have explicitly configured and authorized such integrations.

    6. Data Storage & Security

    All data is stored in secured cloud infrastructure with encryption at rest and in transit. We implement industry-standard security measures including:

    • Row-level security (RLS) policies on all data tables
    • Role-based access control (Admin, Employee, Partner roles)
    • Encrypted credential storage for third-party integrations
    • Regular backup functionality for disaster recovery

    7. Data Retention

    We retain Tenant data for as long as the Tenant's account is active. Upon account termination, data is available for export for 30 days, after which it may be permanently deleted. Backup snapshots are retained until manually deleted by a super administrator.

    8. Your Rights

    Depending on your jurisdiction, you may have the right to:

    • Access the personal data we hold about you
    • Request correction of inaccurate data
    • Request deletion of your data ("right to be forgotten")
    • Object to or restrict certain processing of your data
    • Request data portability (export your data in a standard format)

    If you are an end customer whose data was entered by a Tenant, please contact the Tenant directly to exercise your rights. If you are a Tenant user, contact us at the email below.

    9. Cookies

    The Service uses essential cookies and local storage for authentication session management and user preferences (e.g., theme settings). We do not use tracking cookies or third-party analytics cookies.

    10. Children's Privacy

    The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

    12. Contact Us

    For privacy-related inquiries, data requests, or concerns, contact us at dushidrive@gmail.com.