D
Dromium
i Legal / Privacy Policy

Privacy Policy

This Privacy Policy explains how Incogito LLC (“Incogito”, “we”, “us”) collects, uses and protects information when you use Dromium (the “Service”) and when you visit our marketing website.

This document is provided for information purposes only and does not constitute legal advice. If you have specific legal questions, please consult your own legal counsel.

Last updated: 2025-12-10

1. Who we are

Dromium is a software product operated by Incogito LLC, a limited liability company incorporated in Delaware, United States.

When we say “Dromium” in this policy, we mean the Dromium booking platform and related services provided to rental fleets, as well as our public marketing website.

For most data about organizations using Dromium (for example, account information, billing details and usage logs), InCogito LLC acts as an independent data controller. For data about your renters and drivers that you enter into Dromium (for example, booking details and contact information), InCogito LLC generally acts as a data processor on your instructions. Our separate Data Processing Addendum describes these roles in more detail.

If you have questions about this policy, you can contact us at: support@dromium.com.

2. What this policy covers

This Privacy Policy applies to:

  • Visitors to our marketing site (for example, when you browse pages or request a demo); and
  • Customers and users of the Dromium platform (for example, rental companies and their team members who log in to manage bookings, cars and clients).

In some cases, our customers (rental companies) upload or collect information about their own clients (renters) using Dromium. In those situations, the rental company is typically the data controller of that information. We act as a service provider / processor on their behalf.

3. Information we collect

3.1 Information you provide to us

We collect information that you choose to give us, for example when you:

  • Request a demo, contact us or subscribe to updates.
  • Create a Dromium account or are invited by your team.
  • Configure your organization, locations, prices, clients, cars and booking rules.
  • Enter notes or upload documents related to bookings.

This may include:

  • Contact details (name, email address, phone number).
  • Company and role information.
  • Content you enter into the app (bookings, client profiles, notes, documents, pricing details).

3.2 Information about your clients (renters)

When you use Dromium to manage bookings, you may store information about your renters. For example:

  • Client names and contact details.
  • Booking details (car, dates, locations, prices and services).
  • Notes related to the booking, handover and return.

In these cases, you (the rental company) are responsible for providing any required notices to your clients and for having a lawful basis to process their personal data. We process that information only in order to provide the Dromium service to you, in line with our agreement.

3.3 Payment information

Dromium uses third-party payment processors, such as Stripe, to handle payments and security deposits. When a client enters card details, those details are processed directly by the payment provider.

We do not store full credit card numbers or CVV codes on our own systems. We may receive limited information about transactions from our payment provider (for example, the last 4 digits of a card, card brand, transaction status, and amounts) so that we can show payment status inside Dromium.

3.4 Usage and device information

Like most online services, we collect certain technical information when you use our site or app, such as:

  • Log data (IP address, browser type, pages visited, date/time of requests).
  • Basic device information (operating system, screen size, language).
  • Interactions with the app (for example, which features are used most).

3.5 Cookies and similar technologies

Our marketing site and app may use cookies or similar technologies to keep you logged in, remember your preferences and improve the service. At the moment, we do not rely on heavy third-party tracking tools, but this may change as we add analytics or diagnostics.

We may use cookies and similar technologies (such as localStorage or sessionStorage) to keep you signed in, protect your account and remember basic settings. These are “strictly necessary” for the Service to function and are not used for advertising or to track you across unrelated websites.

If you use Dromium as an authenticated user, we may store a small amount of information in your browser (for example, a session token or JSON Web Token) so that the Service can recognize your device between page loads. You can clear this data using your browser settings, but doing so may log you out or limit functionality.

If we introduce additional analytics or advertising cookies, we will update this policy and, where required, ask for your consent.

4. How we use your information

We use the information we collect to:

  • Provide and maintain the Dromium service.
  • Set up and manage your account and organization.
  • Process payments and security deposits via our payment providers.
  • Respond to your questions and support requests.
  • Improve and troubleshoot the product.
  • Send important notices about changes to the service or this policy.
  • Comply with legal obligations and enforce our terms.

5. Legal bases (for EEA/UK users)

If you are in the European Economic Area or the United Kingdom, we process your personal data under one or more of the following legal bases:

  • Contract: When we provide Dromium to you or your organization, we process data as necessary to perform our contract with you.
  • Legitimate interests: For example, to improve the service, keep it secure and communicate with you about relevant updates, where these interests are not overridden by your rights.
  • Consent: In situations where we ask for your consent, such as certain marketing communications. You can withdraw your consent at any time.
  • Legal obligation: When we are required to retain or share information for legal or regulatory reasons.

6. How we share information

We do not sell personal data. We may share information in the following limited situations:

  • Service providers: We work with trusted third parties who help us run Dromium (for example, hosting providers, email and support tools, and payment processors such as Stripe). They are only allowed to process data on our instructions and under appropriate safeguards. When payments are processed through Dromium, card details and related payment information are handled directly by Stripe, Inc. or its affiliates (“Stripe”). Stripe is an independent controller of payment data and processes that data in accordance with its own privacy policy. Dromium does not store full card numbers or card security codes.
  • Within your organization: If you use Dromium as part of a rental company, some information (such as bookings, notes and client details) will be visible to other authorized users in your organization according to the roles and permissions you set.
  • Business transfers: If we are involved in a merger, acquisition or sale of assets, data may be transferred as part of that transaction. Where appropriate, we will notify you.
  • Legal and safety: We may disclose information if we believe it is reasonably necessary to comply with applicable law, respond to legal requests, protect our rights, or prevent fraud or abuse.

7. International data transfers

Incogito LLC is based in the United States, and many of our service providers are also located in the U.S. If you access Dromium from outside the U.S., your information may be transferred to, stored in and processed in the United States or other countries where our service providers operate.

Where applicable law requires additional safeguards for international transfers, we will take steps to implement appropriate measures, such as standard contractual clauses or equivalent mechanisms.

8. How long we keep information

We keep personal data for as long as necessary to provide the service, comply with our legal obligations, resolve disputes and enforce our agreements.

In practice, this means that as long as your organization has an active Dromium account, we will retain the data needed to run that account. When an account is closed, we may retain certain records for a limited period where required by law or for legitimate business purposes (for example, tax and audit requirements).

9. How we protect information

We use reasonable technical and organizational measures to protect personal data against loss, misuse and unauthorized access. This includes using reputable hosting providers, access controls and encryption in transit for our app and APIs.

However, no online service can guarantee absolute security. You are responsible for choosing strong passwords, keeping your login details confidential and notifying us promptly if you suspect unauthorized access to your account.

10. Your rights and choices

Depending on where you live, you may have certain rights regarding your personal data. These can include:

  • The right to access a copy of your personal data.
  • The right to correct inaccurate or incomplete data.
  • The right to request deletion of your data in certain circumstances.
  • The right to restrict or object to certain types of processing.
  • The right to receive your data in a portable format.

If Dromium processes your data because your rental company uses our service, we may ask you to contact them first, since they are usually the data controller. We will cooperate with our customers to help them respond to requests where required.

To exercise your rights or ask a question about your data, you can contact us at support@dromium.com.

If you are in the EEA or UK and are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

11. Children’s privacy

Dromium is not intended for use by children under 16, and we do not knowingly collect personal data from children under 16. If you believe that we have collected information about a child in a way that violates this policy, please contact us and we will take appropriate steps to delete that information.

12. Changes to this policy

We may update this Privacy Policy from time to time as our service, practices or legal requirements change. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you through the app or by email.

13. How to contact us

If you have questions about this Privacy Policy or how we handle personal data, you can contact us at:

  • Email: support@dromium.com
  • Company: Incogito LLC (Delaware, United States)