Privacy Policy
Your privacy is our priority
Table of Contents
1. Introduction
G & G Holdings MT LLC ("Exotiq.ai," "Company," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, products, and services (collectively, the "Services").
Important Notice
By using our Services, you consent to the practices described in this Privacy Policy.
This Privacy Policy should be read in conjunction with our Terms and Conditions, which govern your use of our Services.
2. Information We Collect
2.1 Personal Information You Provide
Account Information:
- Name, email address, phone number
- Business name and address
- Payment information and billing details
- Profile information and preferences
Business Data:
- Fleet and vehicle information
- Rental agreements and booking data
- Customer information you input into our system
- Financial and operational metrics
- Communication records and support tickets
Communications:
- Messages sent through our platform
- Email communications with our team
- Phone call recordings (with consent)
- Feedback and survey responses
2.2 Information We Collect Automatically
| Data Type | Examples | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, time spent | Service improvement and analytics |
| Technical Information | IP address, browser type, device info | Security and platform optimization |
| Performance Data | Response times, API usage, errors | System monitoring and enhancement |
2.3 Information from Third Parties
We may receive information from:
- Integration Partners: Booking platforms, payment processors, calendar systems
- Public Sources: Business directories, industry databases
- Social Media: Profile data when you connect accounts
3. How We Use Your Information
π Service Provision
- Enable platform functionality
- Account management
- Customer support
- Payment processing
π Service Improvement
- Analytics and insights
- Feature development
- Performance optimization
- Bug fixes and maintenance
π’ Communication
- Service updates
- Marketing communications
- Educational content
- Emergency notifications
βοΈ Legal & Compliance
- Legal obligations
- Security measures
- Dispute resolution
- Audit and compliance
4. Legal Basis for Processing (GDPR)
For users in the European Union, we process your personal data based on the following legal grounds:
4.1 Contract Performance
- Account creation and management
- Service delivery and billing
- Customer support provision
4.2 Legitimate Interests
- Platform security and fraud prevention
- Service improvement and analytics
- Direct marketing to existing customers
4.3 Legal Compliance
- Regulatory reporting requirements
- Tax and accounting obligations
- Legal proceedings and investigations
4.4 Consent
- Marketing communications to prospects
- Optional feature usage
- Cookie placement (where required)
5. Information Sharing and Disclosure
π‘οΈ We Do Not Sell Personal Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
5.1 Service Providers
We may share information with trusted third-party service providers:
- Cloud Hosting: AWS, Google Cloud, or similar providers
- Payment Processing: Stripe, PayPal, or other payment processors
- Analytics Services: Google Analytics, Mixpanel, or similar tools
- Communication Tools: Email services, chat systems, phone providers
- Security Services: Fraud detection and prevention tools
5.2 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal process or government requests
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Enforce our Terms and Conditions
6. Data Security
6.1 Security Measures
We implement industry-standard security measures to protect your information:
| Security Layer | Implementation | Description |
|---|---|---|
| Encryption | AES-256 | Data encrypted in transit and at rest |
| Access Controls | Multi-factor Authentication | Role-based access with MFA |
| Network Security | Firewalls & Monitoring | Intrusion detection and prevention |
| Regular Audits | Security Assessments | Vulnerability testing and reviews |
6.2 Data Breach Response
In the event of a data breach, we will:
- Investigate and contain the breach immediately
- Notify affected users within 72 hours where required by law
- Report to relevant authorities as required by GDPR
- Take corrective actions to prevent future breaches
7. Data Retention
7.1 Retention Periods
We retain your information for as long as necessary to provide our Services and comply with legal obligations.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Active account + 3 years | Service provision and support |
| Payment Information | 7 years | Tax and accounting purposes |
| Communications | 3 years after last contact | Customer support and disputes |
| Usage Data | 2 years | Analytics and service improvement |
| Security Logs | 1 year | Security monitoring and incident response |
7.2 Data Deletion
Upon request or at the end of retention periods, we will securely delete your information unless retention is required by law.
8. Your Privacy Rights
π General Rights (All Users)
- Access: Request information about data processing
- Correction: Update inaccurate information
- Deletion: Request data deletion
- Portability: Receive data in structured format
- Objection: Object to certain processing
πͺπΊ GDPR Rights (EU Residents)
- Rectification: Correct inaccurate data
- Erasure: Right to be forgotten
- Restrict Processing: Limit data usage
- Data Portability: Machine-readable format
- Withdraw Consent: Revoke consent anytime
πΊπΈ CCPA Rights (California)
- Know: What data we collect and use
- Delete: Request data deletion
- Opt-Out: Sale of personal info (we don't sell)
- Non-Discrimination: Equal service regardless
π¨π¦ PIPEDA Rights (Canada)
- Access: Request personal information
- Correction: Fix inaccurate data
- Withdraw Consent: Revoke processing consent
- Complaint: File with Privacy Commissioner
9. International Data Transfers
9.1 Cross-Border Transfers
We may transfer your information to countries outside your home country. When we do so, we ensure adequate protection through:
- Adequacy Decisions: Transfers to countries with adequate privacy laws
- Standard Contractual Clauses: EU-approved contract terms
- Privacy Shield: For certified U.S. companies (where applicable)
- Your Consent: Where you have explicitly consented
9.2 Safeguards
We implement appropriate safeguards including contractual obligations and technical measures to protect your information during international transfers.
11. Third-Party Services
11.1 Integration Partners
Our platform integrates with various third-party services, each governed by their own privacy policies:
- Booking Platforms: Airbnb, Turo, Getaround
- Payment Processors: Stripe, PayPal
- Communication Tools: Twilio, SendGrid
- Analytics Services: Google Analytics, Mixpanel
Third-Party Responsibility: We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before use.
12. Children's Privacy
Our Services are not intended for children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it immediately.
13. Changes to This Privacy Policy
13.1 Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Posting the updated policy on our website
- Sending email notifications to registered users
- Displaying prominent notices in our Services
13.2 Continued Use
Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.
14. Contact Information
For questions about this Privacy Policy or to exercise your privacy rights, please contact us:
15. Compliance
We are committed to compliance with applicable privacy laws including GDPR, CCPA, and PIPEDA. We regularly review and update our practices to ensure ongoing compliance.
Contact Information
Address
G & G Holdings MT LLC
1001 S Main St #XXX
Kalispell, MT 59901
Last Updated: January 2025
Version: 1.0
This document represents our complete Privacy Policy for Exotiq.ai. By using our Services, you acknowledge that you have read, understood, and agree to the practices described herein.