Summary: We collect only what we need to run your rental business, we never sell your data, and we give you full control over your information.
1. Who We Are
Carib Rental Pro ("we," "us," or "our") is a Software-as-a-Service (SaaS) platform that provides rental management tools to vehicle rental operators across the Caribbean. Our registered business address is in Trinidad and Tobago.
This Privacy Policy explains how we handle personal data when you use our platform at caribrentalpro.com and any associated booking pages hosted under our domain.
2. Information We Collect
2.1 Account & Company Information
- Company name, slug, country, currency, and contact details
- Owner and staff names, email addresses, and hashed passwords
- Company logo and branding assets you upload
2.2 Customer Data (entered by your business)
When you use our platform to manage your customers, you enter data including:
- Customer name, email, phone number
- Driver's license number and expiry date
- Driver's license scan images (stored in your account)
- Booking history and payment records
You are the data controller for this information. We process it only on your behalf as a data processor.
2.3 Booking & Transaction Data
- Rental dates, vehicle selections, pricing, add-ons
- Payment amounts, methods, and reference numbers
- Rental agreement signatures (stored as encrypted canvas images)
2.4 Technical Data
- IP addresses and browser/device information (for security logging)
- Session identifiers (stored in cookies, cleared on logout)
- Error logs (no personal data beyond what is necessary to diagnose issues)
2.5 QuickBooks Integration (optional)
If you connect QuickBooks Online, we store OAuth2 access and refresh tokens on your behalf. We never store your QuickBooks username or password. Tokens are encrypted at rest and used only to push data you explicitly sync.
3. How We Use Your Information
- To provide the service — managing your fleet, bookings, customers, and invoices
- To send transactional emails — booking confirmations, reminders, and receipts to your customers on your behalf
- To maintain security — detecting abuse, preventing unauthorized access, and maintaining audit logs
- To improve the platform — aggregate, anonymized usage metrics only; we never profile individual users for advertising
- To comply with law — where required by applicable Caribbean or international law
4. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is shared only in these limited circumstances:
- Service providers — our hosting provider (cPanel/LiteSpeed), email delivery (SMTP), and Intuit (QuickBooks) if you use that integration. Each provider is contractually bound to protect your data.
- Legal requirements — if required by a court order, government authority, or applicable law.
- Business transfer — in the event of a merger or acquisition, you will be notified and your data rights will be preserved.
5. Data Retention
We retain your data for as long as your account is active. If you cancel your account:
- Your data is retained for 30 days (allowing account recovery)
- After 30 days, all company data, bookings, customer records, and uploaded files are permanently deleted
- Anonymized aggregate statistics may be retained indefinitely
6. Security
We take security seriously and employ the following measures:
- All data is transmitted over TLS (HTTPS) — unencrypted connections are rejected
- Passwords are hashed using bcrypt with a cost factor of 12 — we never store plain-text passwords
- CSRF tokens protect all form submissions
- Session data is regenerated on login to prevent fixation attacks
- File uploads are validated and stored outside the web root
- All admin and company actions are written to an audit log
No system is 100% secure. If you discover a security vulnerability, please email us at security@caribrentalpro.com rather than disclosing it publicly.
7. Cookies
We use a single session cookie (rmp_session) to keep you logged in. This cookie:
- Is marked HttpOnly and Secure (not accessible by JavaScript, only sent over HTTPS)
- Expires at the end of your browser session or after 2 hours of inactivity
- Contains no personal data — only a random session identifier
We do not use advertising cookies, tracking pixels, or third-party analytics scripts.
8. Your Rights
You have the right to:
- Access — request a copy of all data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and all associated data
- Portability — request your data in a machine-readable format (CSV/JSON)
- Objection — object to processing in certain circumstances
To exercise any of these rights, email privacy@caribrentalpro.com. We will respond within 30 days.
9. Children's Privacy
Our platform is a business tool intended for adults (18+). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. We will notify active account holders by email at least 14 days before material changes take effect. The "last updated" date at the top of this page reflects the most recent revision.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us: