// legal
Privacy Policy
Last updated: June 2026
1. Who We Are
Elite Performance Exclusive LLC ("we", "us", "our") operates the website at eliteperformanceexclusive.com. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our Site or use our services.
2. Data We Collect
2.1 Information You Provide
- Contact form: Name, email, phone (optional), inquiry type, plan or budget interest, message content.
- Quote requests: Name, email, phone (optional), company (optional, tech inquiries), preferred plan or vehicle, project requirements, urgency, free-text notes.
- Rental applications (when you formally apply): Date of birth, residential address, driver's license number / state / expiry (typed, not photographed), insurance carrier / policy number / expiry, employer name (where applicable), emergency contact, references. We do not store images of your driver's license or insurance card on our servers.
- Identity verification: Identity is verified by Persona, a third-party provider. The license photo and selfie are uploaded directly to Persona and never reach Elite Performance Exclusive LLC's servers. We receive only a verification result (pass/fail) and a reference id. See Persona's privacy policy.
- Insurance verification: We confirm coverage by phone with your carrier or via an insurance-verification API. We do not store insurance card images.
- Rental agreement: Electronic signature, IP address, user-agent and timestamp captured at signing.
- Tech project intake: Company details, project goals, target audience, design references, integrations and budget — collected through the secure client portal.
2.2 Information Collected Automatically
| Data | Purpose | Retention |
|---|---|---|
| IP address | Security, rate limiting, abuse prevention. For our visitor counter the IP is one-way hashed (SHA-256) — we store only the hash, never the raw address. | 24 hours, then discarded |
| Country / Region (geolocation) | Traffic analytics, localized experience | Session duration + 24hr aggregate |
| Browser type, OS | Compatibility, analytics | Session only |
| Pages visited, timestamps | Site analytics, improvement | Aggregated, no personal identification |
2.3 Geolocation Tracking
We detect your approximate location (country level only) entirely on our own servers, using a locally-hosted copy of the MaxMind GeoLite2 country database. Your IP address is looked up against this database on our server and is never sent to any third-party geolocation service. We do not use Google location services, GPS, or any client-side location API.
We resolve only your country and continent — never precise GPS coordinates, street address, or city. The result is used to show you which country you are visiting from and, in aggregate, where our traffic comes from (e.g., "Visitors from United States, Europe, Africa"). The aggregate counter de-duplicates visitors using a one-way hash of the IP address; the raw IP is never written to the analytics store.
You can opt out of geolocation tracking by declining non-essential cookies in our cookie consent banner. The site functions fully without geolocation.
3. Cookies
3.1 What Cookies We Use
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Session cookie | Essential | CSRF protection, session management | Session |
| XSRF-TOKEN | Essential | Cross-site request forgery protection | 2 hours |
| cookie_consent | Functional | Remembers your cookie preferences | 1 year |
| geo_country | Analytics | Stores detected country for traffic banner | Session |
| _GRECAPTCHA | Security (third-party, google.com) | Anti-spam scoring on form submissions. Only set on form pages after you accept cookies on the consent banner. | 6 months |
| _gcl_au, _gcl_*, conversion cookies | Marketing (third-party, Google Ads) | Google Ads conversion measurement and remarketing. Only set after you click Accept All on the consent banner. Not set on Essential Only. | Up to 90 days |
3.2 Third-Party Cookies
We use Google Ads marketing cookies only with your explicit consent (the Accept All option in our cookie banner). We do not sell your data to third parties. Third-party services we use:
- Google Fonts: Font delivery. Google may log requests. See Google Privacy Policy.
- Google reCAPTCHA v3: Anti-spam protection on contact, quote, rental application, and agreement-sign forms. Sets the
_GRECAPTCHAcookie on google.com once you accept the cookie banner. The script is NOT loaded until you click Accept or Essential Only. See Google Privacy Policy. - Google Ads (gtag.js): Conversion measurement and remarketing for our advertising. We run Google Consent Mode v2: the tag loads with ad and analytics storage denied by default, and only switches on if you choose Accept All. If you choose Essential Only, no Google Ads cookies are set and only anonymous, cookieless signals (if any) are sent. We do not collect special-category data through advertising, and the tag never runs in your authenticated customer portal or our admin area. See Google Privacy Policy and How Google uses advertising data.
- Persona (withpersona.com): Identity verification on the rental application. License image, selfie, and any biometric data are processed by Persona, not by us. See Persona Privacy Policy.
- Checkr, Inc. (consumer reporting agency): Background checks on rental applicants — Motor Vehicle Reports for all plans, criminal background checks for the Apex (rent-to-own) plan only. We pull these only after you authorize a consumer report under the federal Fair Credit Reporting Act (FCRA). You can request a copy of any report obtained at no cost, dispute the accuracy of any information, and receive a written summary of your FCRA rights. See Checkr Privacy Policy.
4. How We Use Your Data
- To respond to your inquiries and provide services
- To process rental applications and manage rental agreements
- To improve our website and services
- To detect and prevent abuse (rate limiting, directory enumeration protection)
- To display aggregate traffic origins on our site
5. Data Security
We protect your data with:
- HTTPS encryption on all pages
- CSRF protection on all forms
- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- Rate limiting on form submissions and 404 responses
- No sensitive data stored in cookies
6. Data Retention
Contact form submissions are retained for the duration needed to respond to your inquiry. Rental and project records are retained for the duration of the business relationship plus any legally required period. Geolocation data is aggregated daily and contains no personal identifiers after 24 hours.
7. Your Rights
You have the right to:
- Access: Request a copy of the data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data.
- Opt-out: Decline non-essential cookies via the cookie consent banner.
To exercise these rights, email support@eliteperformanceexclusive.com.
8. Children
Our services are not directed at children under 18. We do not knowingly collect data from minors.
9. Changes
We may update this Privacy Policy at any time. The "Last updated" date at the top reflects the most recent revision.
10. Contact
Questions about this policy? Email support@eliteperformanceexclusive.com.