Last updated: April 8, 2026
Drivehouse ("we", "our", "us") operates a multi-tenant SaaS platform for vehicle rental businesses. This Privacy Policy explains how we collect, use, and protect information when you use our platform, whether as a tenant operator or as an end customer booking through a tenant's storefront.
Tenant operators: Name, email address, business information, Stripe account details, branding assets (logos, images), and platform usage data.
End customers: Name, email address, phone number, and payment information (processed by Stripe). If a tenant requests identity verification, we may also collect driver's license numbers, insurance policy numbers, and photographs of government-issued identification.
Automatically collected: IP addresses, browser type, and general usage analytics to improve the platform.
We use collected information to:
All tenant data is logically isolated within our platform. Each tenant's customer records, bookings, vehicles, and business data are scoped to their account and cannot be accessed by other tenants. We enforce tenant isolation at the application level across all queries and operations.
We use the following third-party services to operate the platform:
Each of these services has their own privacy policy governing their handling of data. We encourage you to review their policies.
We do not store credit card numbers or sensitive payment credentials. All payment processing is handled by Stripe. Payment data is transmitted directly to Stripe's servers and is subject to Stripe's security and privacy practices. We store only Stripe customer IDs and payment intent references for record-keeping.
When a tenant initiates customer identity verification, submitted documents (ID photos, selfies) are stored in a tenant-scoped folder on Cloudinary. Verification tokens are hashed (SHA-256) before storage and are single-use. Only the requesting tenant's administrators can access submitted verification documents.
We retain tenant and customer data for as long as the tenant account is active. Upon account termination, tenants may request data export within 30 days. After this period, data may be deleted from our systems and backups in accordance with our retention schedule.
We implement industry-standard security measures to protect your data, including encryption in transit, secure credential storage, and strict access controls. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
Depending on your jurisdiction, you may have the right to: access, correct, or delete your personal information; object to or restrict processing; and request data portability. End customers should contact the tenant operator (the rental business) for data requests, as they are the data controller for customer information collected through their storefront.
We may update this Privacy Policy from time to time. Material changes will be communicated to tenant operators via email. The "Last updated" date at the top of this page reflects the most recent revision.
For privacy-related questions or data requests, contact us at privacy@drivehouse.io.