Privacy Policy

RaX is a Rental Management System (RMS) operated by Zentia Labs LLC, 30 N Gould St Ste N, Sheridan, WY 82801, USA. Zentia Labs is responsible for the processing of data collected on its websites, contact forms, demos, onboarding flows, support, billing, and account administration.

This policy governs Zentia Labs own processing as a B2B SaaS company. It does not replace the privacy policy that each car rental company must provide to its end customers and drivers when using RaX in its own operations.

• Sales and prospecting data: name, business email, phone number, company, fleet size, country, and operational needs.
• Account and administration data: users, roles (RBAC), credentials, preferences, office configuration, authentication events, and administrative activity inside the backoffice.
• Contract and billing data: legal entity details, address, tax identifiers, billing contacts, invoices, and payment references.
• Booking and rental contract data: reservations, rental agreements, dates, rates, extras, and operational status.
• Driver and rental customer data: name, ID document, driving licence, and contact details, entered manually by the operator in the backoffice.
• Vehicle data: registration plate, make, model, status, mileage, assignments, and maintenance history.
• Damage photographs: vehicle inspection images associated with rental contracts.
• Technical and usage data: IP address, browser, device, cookies, logs, security events, performance, and product analytics.

RaX allows users to sign in via email and password, magic link, or Google OAuth ("Sign in with Google").

When you choose to sign in with Google, we access your email address, name, and profile picture through the Google OAuth 2.0 openid, email, and profile scopes. This data is used solely to create or link your user account in RaX and to verify your identity on each sign-in.

We do not access your contacts, calendar, Drive files, or any other data from your Google account.

You can revoke RaX access to your Google account at any time from your Google account security settings at myaccount.google.com.

RaX's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Respond to commercial requests, demos, product evaluations, and onboarding.
• Create and manage customer accounts, authorized users, roles, and office configuration.
• Provide the contracted RMS service: booking management, rental contracts, vehicle inventory, visual planner, manual check-in, and invoicing.
• Manage integrations with OTAs (Booking.com, Rentalcars) and telematics providers enabled by the customer.
• Provide support, maintenance, monitoring, security, and fraud or abuse prevention.
• Manage the contractual relationship, billing, collections, and accounting or tax obligations.
• Send service communications and, where a valid basis exists, reasonable B2B product communications.

• Performance of pre-contractual steps or the contract for demos, onboarding, SaaS provision, support, and billing.
• Compliance with legal obligations relating to accounting, tax, security, and valid requests from authorities.
• Legitimate interests for security, abuse prevention, product improvement, B2B relationship management, and reasonable professional communications.
• Consent for non-essential cookies, certain optional marketing actions, and any other processing that requires it.
• RaX does not process special categories of data (Art. 9 GDPR). No biometric data is processed, and no automated identity verification or liveness detection is performed.
• For operational data entered by the customer in the RMS (bookings, contracts, driver data, damage photos), the customer acts as data controller and Zentia Labs processes that data under documented instructions and the applicable data processing agreement.

• Infrastructure, hosting, caching, transactional email, monitoring, and technology providers needed to deliver the service (Google Cloud Platform, Upstash, Resend).
• Payment processors (Stripe) to manage collections and billing.
• CRM and marketing email providers (Brevo) for B2B communications.
• OTAs and telematics providers integrated by the customer for booking synchronization and vehicle data.
• Professional advisers and public authorities where there is a legal obligation, defence need, or valid request.

Zentia Labs does not sell personal data. It also does not use customer operational data for its own purposes beyond service delivery.

Some providers or infrastructure may operate outside the European Economic Area. When this happens, we apply appropriate safeguards under applicable law, such as standard contractual clauses, adequacy decisions, or reasonable supplementary technical measures.

• Leads, forms, and B2B sales communications: up to 24 months from the last interaction, unless there is an objection or a contract is signed.
• Account, contract, and billing data: while the commercial relationship exists and afterwards for the periods required by law (6 years for tax and accounting records in most jurisdictions).
• Operational booking, contract, and driver data: according to customer configuration and instructions, technical backup windows, and the agreed deletion process.
• Damage photographs: according to customer instructions and applicable claim periods.
• Support tickets: usually up to 3 years after case closure.
• Security and access logs: usually up to 12 months, unless investigation or reinforced retention is required.

• We apply reasonable technical and organizational measures, including role-based access controls (RBAC), encryption in transit, event logging, and vendor review.
• Internal data access is limited to authorized personnel with a functional need and confidentiality obligations.
• Each customer company data is isolated at tenant level, ensuring no operator can access another operator data.
• The processor relationship for customer operational data is governed through contract and the applicable data processing agreement, including subprocessors and security commitments.

Where applicable, you may exercise rights of access, rectification, erasure, objection, restriction, and portability with respect to data that we process as our own controller.

If the request relates to driver or end-customer data entered by a car rental company in RaX, the primary route should be that company as controller. Zentia Labs will assist the customer in its processor role where applicable.

• Requests about leads, accounts, billing, support, or use of our websites: contact us at privacy@raxmobility.com.
• Requests about bookings, contracts, or driver data managed by a car rental company: contact that company first.

We may update this policy to reflect legal, technical, or product changes. The current version will be published on this page together with its last update date.