Privacy & Trust
Privacy Policy
Last updated June 22, 2026 — how we collect, use, protect, and share your personal information across every PickRV experience.
1. Information We Collect
Account Information: When you create a PickRV account, we collect your full name, email address, phone number, date of birth, and profile photo. Hosts additionally provide bank account information for payouts.
Identity Verification: To ensure trust and safety, we collect government-issued photo ID (driver's license or passport), selfie verification images, and vehicle registration documents for hosts. This data is processed by our identity verification partner and stored securely.
Payment Information: We collect billing addresses and transaction history. Card data is collected and tokenized directly by Stripe through Stripe Checkout (Stripe-hosted payment pages), so raw card numbers never reach PickRV servers, and is processed and stored by Stripe, which holds PCI DSS Level 1 attestation as a service provider. PickRV maintains PCI DSS SAQ-A compliance, validated annually, in our capacity as a merchant that does not handle raw card data. PickRV does not collect, store, or transmit full credit card numbers on our infrastructure.
Usage Data: We automatically collect IP addresses, browser type and version, operating system, device identifiers, pages visited, search queries, booking history, message content, and interaction timestamps.
Location Data: With your explicit consent, we collect precise location data for trip tracking, nearby RV search, and roadside assistance features. You can disable location sharing at any time through your device settings.
2. How We Use Your Information
Core Service Operations: We use your information to facilitate bookings, process payments, verify identities, match renters with hosts, provide customer support, send transactional emails (booking confirmations, receipts, trip reminders), and enable in-app messaging between users.
Platform Improvement: We analyze aggregate usage patterns to improve search algorithms, optimize pricing recommendations, identify bugs, measure feature adoption, and develop new features. This analysis uses anonymized and aggregated data whenever possible.
Trust & Safety: We use your data to detect and prevent fraud, enforce our Terms of Service, conduct identity verification, resolve disputes, and comply with legal obligations including law enforcement requests and regulatory requirements.
Marketing Communications: With your consent, we may send promotional emails about deals, new features, and travel inspiration. You can opt out at any time via the unsubscribe link in any marketing email or through your account notification settings. We never sell your email address to third-party marketers.
3. Information Sharing & Disclosure
With Other Users: When you book an RV, the host receives your first name, profile photo, and verified badge status. After booking confirmation, the host receives your phone number for trip coordination. Hosts never see your payment details, government ID, or full address.
Service Providers: We share data with trusted third-party service providers who assist with: payment processing and host payouts (Stripe, including Stripe Connect, and Stripe Identity for verification), email delivery (Resend, which sends on our behalf via Amazon SES), product analytics (Google Analytics), cloud database and application hosting (Supabase, which operates on Amazon Web Services), and insurance underwriting (our insurance partners). Each provider processes your data only as needed to deliver its service and under a data-processing agreement.
Legal Requirements: We may disclose your information when required by law, subpoena, court order, or government request. We may also disclose information when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of PickRV, our users, or the public.
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email and/or prominent notice on our platform of any change in ownership or uses of your personal information.
We never sell your personal information to data brokers, advertisers, or any third party for their independent use.
4. Data Security
Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption. Database backups are encrypted and stored in geographically distributed, access-controlled facilities.
Access Controls: Employee access to user data is restricted on a need-to-know basis, protected by multi-factor authentication, and logged for auditing. We conduct quarterly access reviews and immediate revocation upon role changes or termination.
Infrastructure Security: Our platform runs on Supabase, a SOC 2 Type II-certified backend and database platform built on Amazon Web Services. We rely on platform-level intrusion detection, DDoS protection, and automated vulnerability scanning, and we report confirmed personal-data breaches to affected users and regulators within the timelines required by applicable law (including the GDPR 72-hour standard where it applies).
Payment Security: Card data is collected directly by Stripe through Stripe Checkout (Stripe-hosted pages), so raw card numbers never reach PickRV servers. Stripe maintains PCI DSS Level 1 attestation as a service provider; PickRV maintains PCI DSS SAQ-A compliance as a merchant, validated annually. Tokenization and the SAQ-A scope mean PickRV is not subject to the PCI requirements that apply to merchants that touch primary account numbers (PANs). For specifics, see Stripe's Attestation of Compliance and our SAQ-A available on written request to security@pickrv.com.
6. Your Privacy Rights
All Users: Regardless of your location, you have the right to: access and download a copy of your personal data, correct inaccurate information, delete your account and associated data, opt out of marketing communications, and restrict certain processing activities.
California Residents (CCPA / CPRA): You have additional rights including: the right to know what personal information we collect, sell, or share; the right to delete your data; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising your rights. Use our Do Not Sell or Share My Personal Information page to opt out without creating an account. We honor the Global Privacy Control (GPC) browser signal automatically.
European Residents (GDPR / UK GDPR): You have rights including: access (Art 15), rectification (Art 16), erasure (Art 17), restriction of processing (Art 18), data portability in a machine-readable format (Art 20), objection to processing based on legitimate interests (Art 21), withdrawal of consent (Art 7(3)), and the right to lodge a complaint with your local data protection authority. PickRV is a United States-based service that does not target the EU/UK market; if you are an EU or UK resident with a data-protection question, contact us at privacy@pickrv.com and we will assist.
Biometric information (BIPA, Texas CUBI, Washington 19.375, Oregon 646A.604): identity-verification selfies and government ID photos may contain biometric identifiers when processed by our identity verification partner. We collect biometric data only with your explicit written consent, use it solely for identity verification, do not sell it, and destroy it within three years of your last interaction with PickRV or upon account deletion — whichever is sooner. Illinois, Texas, and Washington residents receive a separate biometric notice and consent screen before any selfie capture.
How to exercise your rights: use the dedicated request center at our Data Rights page, or email privacy@pickrv.com. We will respond within 45 calendar days (CCPA) or one month (GDPR), extendable as the statutes permit. Identity verification is required for any access, deletion, or portability request to prevent unauthorized disclosure (CCPA §1798.140(ah) verifiable consumer request). We will not discriminate against you for exercising any of these rights (CCPA §1798.125).
7. Data Retention
Active Accounts: We retain your personal data for as long as your account is active and you continue to use the Service. Profile information, booking history, and reviews are maintained to provide a continuous experience.
After Account Deletion: When you delete your account, we immediately remove your profile from public view. We retain certain data for up to 7 years as required for legal, tax, accounting, and audit purposes (e.g., transaction records, tax forms). Insurance-related records are retained for the applicable statute of limitations period.
Anonymized Data: Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for statistical analysis, platform improvement, and research purposes.
8. Children's Privacy
Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children under 18. If we learn that a child under 18 has provided us with personal information, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided personal information to PickRV, please contact us at privacy@pickrv.com and we will delete the information within 48 hours.
9. International Data Transfers
PickRV is based in the United States. If you access our Service from outside the US, your data will be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission where required by GDPR.
By using our Service, you acknowledge that your data may be processed in a country with different data protection laws than your country of residence. We take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email at least 30 days before they take effect, and we will post a prominent notice on our platform.
For non-material changes, we will update the 'Last updated' date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Our Privacy Team
For privacy-related questions, data access requests, or to exercise your rights, contact our privacy team:
PICKRV LLC — Privacy Team 1647 Van Buren St, Hollywood, FL 33020, USA Email: privacy@pickrv.com Support: support@pickrv.com
Questions About Your Privacy?
Our Data Protection Officer is here to help with any privacy concerns.
