Skip NavigationSkip Main

Privacy Policy

Last updated: January 19, 2024

Rarestep, Inc. trading as “Fleetio” (“Fleetio”, “we”, “us”, or “our”) has created this privacy policy (“Policy”) to inform you (“you” or “your”) of when and how your Personal Information is collected, used, disclosed and protected when you use our Service .

You acknowledge that this Policy is to be read in conjunction with our Terms of Service (available at or any other agreement entered into between you and us (“Agreement”), and that by accessing and using our websites, our apps, or services (collectively, “Service”) , you agree to be bound by the Agreement as well as this Policy.

We reserve the right to update and change this Policy from time to time and will provide notice to you by changing the “last updated” date above. All changes are prospective only. It is your obligation to be familiar with the most current version of the Policy. Continued use of the Service after any such changes shall constitute your acknowledgment of and consent to such changes. You can review the most current version of the Policy at any time at If we change the Policy in a material way, we will provide appropriate notice to you.

If you are using the Service on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to this Policy, in such event, “You” will refer and apply to that company or other legal entity.


Fleetio is a company incorporated in the United States of America that provides its software as a service which enables its customers to track, analyze and improve their fleet operations.


We collect the categories of Personal Information identified below. As indicated in the chart, some of these categories we “sell” or “share” (as such terms are defined in California law) for marketing purposes to business partners and third parties, such as data analytics providers, advertising technology vendors, and social media platforms as described in this Policy. However, we do not “sell” or “share” Personal Information (as those terms are defined under California law) that we process on behalf of our Customers (as defined below). Further, we do not knowingly sell or share personal information about persons under the age of 16.

A. Category of Personal Information Collected

Do we sell or share the category of Personal Information?

Identifiers/biographical information, including name, postal and email address, phone number, online identifiers, Internet Protocol (“IP”) address, and other similar identifiers.


Commercial information, including your interest in services we offer.


Internet or other electronic network activity information


Professional or employment-related information, including the organization you represent.


Inferences, meaning inferences drawn from the above-listed categories of Personal Information to create a consumer profile reflecting consumer preferences or characteristics.


B. The Business and Commercial Purposes for Which We Collect and Use Your Personal Information:

  • To provide you with our Service
  • To process your payments and fulfill your orders
  • To enter into the Agreement with the organization you represent
  • To create, maintain, customize, and secure your account with us
  • To communicate with you, including to respond to your inquiries/requests and request feedback from you, and to send you important updates and messages about changes to our Service, this Policy, and/or other applicable terms and conditions
  • To review the usage and maintain the operation of our Service
  • To conduct analysis and develop and/or improve our products and Service
  • To monitor, protect, and maintain the security and integrity of our Service and our business, such as protecting against and preventing fraud, unauthorized transactions, claims and other liabilities
  • To comply with applicable laws and regulations and respond to lawful requests and communications from law enforcement and other government officials
  • To protect our rights, privacy, safety, property and/or those of others
  • To fulfill any other purpose for which you provide your Personal Information or as explained to you at the point of information collection
  • To provide you with customized content or targeted offers
  • To send you information, newsletters, and marketing/promotional material from us and, or on behalf of, our marketing partners and affiliates

C. Retention

We will retain your Personal Information for as long as reasonably necessary to provide you with our Service that you request, for marketing purposes unless you opt out as described in our Policy, or otherwise where permitted or required in accordance with applicable law. We will retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. What this means in practice will vary between different types of information, and when we consider our approach we take into account ongoing business or legal needs for the information, for example in relation to tax, health and safety, and potential or actual disputes or investigations.


We collect, use and disclose two types of information: Personal Information and Non-Personal Information.

“Personal Information” is information that is directly associated with a specific person or entity, including but not limited to, names, email addresses, usernames, passwords, and payment information. When we process your Personal Information, we do so in accordance with this Policy.

“Non-Personal Information” is information we collect or compile that by itself cannot be directly associated with a specific person or entity. We may compile “Non-Personal Information” into “Aggregate Data”. This Policy in no way restricts or limits our collection and use of Non-Personal Information and Aggregate Data, and we may share Non-Personal Information and Aggregate Data that we collect or compile with third parties for various purposes, including to help us better understand our customer needs and improve our Service, and for advertising and marketing purposes.


We collect and process your Personal Information when you are a visitor to our website (as well as any microsites and apps) (“Visitor”) or when you are a customer or user of our software (“Customer”).

Our Service is not targeted at children nor do we allow children to use our Service. We will not knowingly process the Personal Information of children.


Most of the Personal Information we process about you is information that you knowingly provide to us (i.e., Personal Information that you provide directly to us). However, in some instances, we process Personal Information that we are able to infer about you based on other information you provide to us (such as supporting documents) or on our interactions with you, or Personal Information about you that we receive from a third party, which may include the following third-party sources:

  • Our Business Partners, including companies that co-sponsor our promotions.
  • Our Marketing/advertising and analytics partners, including online advertising networks and analytics providers.
  • Social Media Platforms (note that the information we receive from such platforms is dependent upon their policies and your settings on the platforms).
  • Other Companies that provide Personal Information to supplement what we already know about you, including data aggregators.

We shall also automatically receive certain types of information when you interact with our Service through a variety of technologies, such as cookies, tags, SDKs or scripts.

We may combine Personal Information that we receive from various sources. For example, we may combine Personal Information that we collect from you offline with Personal Information we collect from you through our Service. Similarly, we may combine Personal Information that we receive from third parties with Personal Information we already have about you. We use, disclose, and protect combined Personal Information as described in this Policy.



When you visit our website, we may collect your computer’s IP address, access times, your browser type and language, and referring website addresses. We may also collect information about the type of operating system you use, your account activity, and files or pages accessed or used by you. We use cookies to process information, which may include your Personal Information. Please refer to the “COOKIE POLICY” section below for more information about what cookies we use and why.

We use session-replay services to analyze how you use our website. Session-replay services record a video replay of your interactions with our website, including clicks, mouse movements, scrolls, and typing. We use session-replay data to help us identify problems with our website and improve how it operates.

When you as a Visitor contact us or ask us to contact you, for example, by you filling in your details on our websites using the “Contact Sales” function, we collect your Personal Information and use it to respond to your questions and contact you.


When you are a customer or prospective customer, we collect certain Personal Information about you such as your name, contact details and further information about the organization you represent.


We may disclose each category of your Personal Information to the following categories of recipients:

  • Our Service Providers. We disclose your Personal Information to our service providers that provide business, professional, marketing, analytics, or technical support services to us, help us operate our business and the Service, or administer activities on our behalf. We require our service providers to only use your Personal Information in connection with providing services to Fleetio.
  • Our Business Partners.We disclose your Personal Information to other companies with whom we partner to provide services or other offerings to you and carry out other related activities.For example, we may disclose your Personal Information to a third party that co - sponsors a promotion.
  • Our Analytics Partners. We disclose your Personal Information to our partners that assist us in performing analytics and help us measure the effectiveness of our Service content and our marketing and advertising efforts.
  • Our Marketing and Advertising Partners.We disclose your Personal Information to third parties for marketing and advertising purposes, including social media platforms, third - party advertising networks, and other parties that assist us in serving and optimizing our advertisements.
  • Relevant Third Parties as Part of a Corporate Transaction. In the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock(including in connection with a bankruptcy or similar proceeding), we may disclose or transfer your Personal Information to certain third parties, such as the acquiring entity and its advisers.
  • Other Third Parties. We will disclose your Personal Information to other third parties at your direction or with your consent. Additionally, we will disclose your Personal Information as we believe necessary or appropriate to: (a) comply with applicable law; (b) enforce our terms and conditions; (c) protect our operations; (d) protect our rights, privacy, safety, or property, and/or those of you or others; and (e) allow us to pursue available remedies or limit damages that we may sustain.

We may disclose your Personal Information for other reasons that we will describe at the time of information collection or prior to disclosing your information.

We reserve the right to share Non-Personal Information and Aggregate Data as described in this Policy.

Certain disclosures may be considered “sales” or “shares” of Personal Information under applicable U.S. state privacy laws. Details on how to exercise your legal rights with respect to such “sales” or “shares” can be found in the “Your Privacy Choices and Rights” section below. However, as noted above in this Policy, we do not “sell” or share” Personal Information (as defined under applicable U.S. state privacy laws) that we process on behalf of our Customers.


Fleetio is headquartered and processes Personal Information in the United States of America (“US”). The US may have different data protection laws to the country where you reside. If you are required to execute a data processing agreement with us, please refer to our Data Processing Agreement (available here) which includes the European Union’s Standard Contractual Clauses.


If you are a registered user of our Service, you may review, update, correct or delete your Personal Information by logging into the Service and editing your profile.


We take technical, administrative, and physical steps to protect the information we collect from you to prevent loss, misuse and unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

Your account information and access to our Service is accessible only through the use of an individual username and password. You should keep your password confidential and do not disclose it to any other person. Please note that we will never ask you to disclose your password in an unsolicited phone call or email. You are responsible for all activities which are conducted using your account or password.


We may, from time to time, send you emails or communicate with you about updates to our Service, updated legal documents and for customer support purposes. Where such communication amounts to direct marketing, we shall only do so with your consent and in all other instances we communication with you because it is necessary for our legitimate business interests. Unless we are required by law to communicate with you (e.g., where we are required to notify you about data breaches), we will always give you the opportunity to unsubscribe from receiving our communication.

If you would like to opt-out of targeted advertising, you may find additional information at,, or (Europe only), otherwise no additional action is required.


a. Depending on your U.S. state of residence, you may have certain rights in relation to your Personal Information, including:

  • Right to Know: You may have the right to know what Personal Information we have collected about you, including the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about you. Please note that we may not be required to respond to your requests “to know” or access specific pieces of Personal Information more than twice in any 12-month period.
  • Right to Data Portability: You may have the right to access your Personal Information in a portable format.
  • Right to Delete: You may have the right to request that we delete Personal Information that we have collected from you, subject to certain exceptions.
  • Right to Correct: You may have the right to correct inaccurate Personal Information that we may maintain about you, subject to appropriate verification.
  • Right to Opt Out of Certain Types of Personal Information Uses and Disclosures: We use and disclose to third parties’ Personal Information for analytics and advertising purposes. Accordingly, you may have the right to opt out of the “sale” or "sharing” of your Personal Information, or the use and disclosure of your Personal Information for “targeted advertising” (as these terms are defined in applicable law).

Please note that, where permitted under applicable law, we may decline a request if we are unable to verify your identity (or an agent’s authority to make the request) and confirm the Personal Information we maintain relates to you.

If you are interested in exercising one or more of the rights outlined above, please click here contact us at You must put the statement “Your Privacy Rights” in the subject field of your email. We may take steps to verify your identity before responding to your request by asking you a series of questions about your previous interactions with us. Submitting a privacy rights request does not require you to create an account with us.

We will not discriminate against you if you decide to exercise your privacy rights.

b. Agent Requests

Only you, or someone legally authorized to act on your behalf, may submit a request related to your Personal Information. You may also submit a request on behalf of your minor child.

Depending on your U.S. state of residence, you may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf. Fleetio retains the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity.

d. [Reserved.]

e. Right to Appeal

Depending on your U.S. state of residence, you may have the right to appeal a decision we have made in connection with your privacy rights request. To appeal a decision, please contact us at

f. Additional Notice to EEA, Switzerland, and UK Residents

For residents of the European Economic Area, Switzerland, and United Kingdom, Fleetio is the controller responsible for processing your Personal Information (aside from Personal Information we process on behalf of our Customers).

Legal Basis for Processing: Applicable law in certain jurisdictions requires us to set out the “legal basis” that we rely on to collect and use your Personal Information. Where applicable, the legal bases upon which we rely on in order to collect and use your Personal Information are as follows:

  • Consent: We may collect, use, and disclose your Personal Information on the basis of the consent that you provide us at the point of information collection or disclosure. You have the right to revoke your consent at any time.
  • Contractual Necessity: We may collect and use certain Personal Information where it is either necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This may include Personal Information used to provide you with our products and related services and related transaction information.
  • Compliance with a Legal Obligation: We are subject to various legal requirements in the jurisdictions in which we operate, and we may use, disclose, and retain your Personal Information if necessary for us to comply with a legal obligation arising under an applicable law to which we are subject.
  • Legitimate Interests: We may collect and use your Personal Information to the extent necessary to carry out our legitimate interests (or those of a third party), provided that such interests do not outweigh your interests or fundamental rights and freedoms. For example, we may collect and use your Personal Information in reliance on a legitimate interest in managing our relationship with you; conducting and managing our business; providing you with customer support; conducting market research; developing and enhancing our services as well as our products; detecting and preventing fraud and other harmful activities; and monitoring and maintaining the security of our data, systems, and networks.

Privacy Rights and Requests: Under applicable law, you may have certain rights in relation to your Personal Information, including:

  • Right to Access: You have the right to request access to, or copies (and transmission) of, the Personal Information we hold about you and the purposes for which we are using it.
  • Right to Rectify: You have the right to correct inaccurate Personal Information that we have collected from and maintain about you, subject to appropriate verification.
  • Right to Erase: You have the right to erase Personal Information pertaining to you, under certain conditions.We will assess any deletion request after verifying your identity and work to respond within one calendar month, and let you know if we need additional time.
  • Right to Object: You have the right to object to processing the Personal Information we process, under certain conditions.
  • Right to Restrict: You have the right to restrict the processing of your Personal Information, under certain conditions.
  • Right to Data Portability: You have the right to receive the data we have collected from you. Under certain conditions, you may request that we transfer your Personal Information to another organization, or directly to you.
  • Right to Lodge a Complaint: You have the right to file a complaint with the supervisory authority in your jurisdiction.

At any time, you may request or assert any of the rights above by emailing us at If you believe there has been a violation of your privacy rights, please contact us or the supervisory authority.

You may also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

If you require measures beyond our Policy, please access our Data Processing Agreement (DPA) here.

EU-U.S. Data Privacy Framework

Fleetio complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Fleetio has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF Principles). If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the EU-U.S. DPF Principles shall govern. To learn more about the DPF Program, and to view our certification, please visit

In compliance with the EU-U.S. DPF Principles, Fleetio commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our EU-U.S. DPF policy should first contact us at

Fleetio has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved EU-U.S. DPF Principles complaints concerning data transferred from the EU.

As set forth in the EU-U.S. DPF Principles ( Fleetio is accountable for personal information that it receives and subsequently transfers to third parties acting as an agent on its behalf. If third parties that process personal information on our behalf do so in a manner that does not comply with the EU-U.S. DPF Principles, we are accountable, unless Fleetio proves that it is not responsible for the event giving rise to the damage.

Should anyone feel that Fleetio has failed to comply with the EU-U.S. DPF Principles concerning the handling of personal information, and if Fleetio has not been able to resolve that complaint itself, he/she may contact the applicable EU data protection authority (DPA).

As set forth in the EU-U.S. DPF Principles, binding arbitration will also be made available to a complainant to address any complaints that have not been resolved through other mechanisms. Fleetio is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.


Please see our Cookie Policy here.


If you have any questions or concerns about this Policy or the practices described herein, please contact us or by mail to: Fleetio, 1900 2nd Ave. N., Suite 300, Birmingham, AL 35203, Attn: Security Department.

Our representative under Article 27 of the GDPR can be contacted at